Patents by Inventor Ernest Brickell
Ernest Brickell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11405201Abstract: Methods and apparati for securely transferring application storage keys in an application in a trusted computing environment, when the trusted computing base is modified. In an apparatus embodiment of the present invention, a computing device comprises: a protected partition in which an application can execute without attack from outside a trusted computing base of the partition; and a storage key derivation module which provides a first storage key to said application, where the value of the first storage key is derived from a computation dependent upon a first version of the trusted computing base that is launched on the platform.Type: GrantFiled: December 7, 2021Date of Patent: August 2, 2022Assignee: Brickell Cryptology LLCInventor: Ernest Brickell
-
Patent number: 11398906Abstract: Methods and apparati for auditing uses of audited cryptographic keys.Type: GrantFiled: December 17, 2021Date of Patent: July 26, 2022Assignee: BRICKELL CRYPTOLOGY LLCInventor: Ernest Brickell
-
Publication number: 20220109567Abstract: Methods and apparati for auditing uses of audited cryptographic keys.Type: ApplicationFiled: December 17, 2021Publication date: April 7, 2022Applicant: Brickell Cryptology LLCInventor: Ernest Brickell
-
Publication number: 20220094538Abstract: Methods and apparati for securely transferring application storage keys in an application in a trusted computing environment, when the trusted computing base is modified. In an apparatus embodiment of the present invention, a computing device comprises: a protected partition in which an application can execute without attack from outside a trusted computing base of the partition; and a storage key derivation module which provides a first storage key to said application, where the value of the first storage key is derived from a computation dependent upon a first version of the trusted computing base that is launched on the platform.Type: ApplicationFiled: December 7, 2021Publication date: March 24, 2022Applicant: Brickell Cryptology LLCInventor: Ernest Brickell
-
Patent number: 11212095Abstract: Methods and apparatus for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.Type: GrantFiled: July 23, 2021Date of Patent: December 28, 2021Inventor: Ernest Brickell
-
Publication number: 20210351926Abstract: Methods and apparati for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.Type: ApplicationFiled: July 23, 2021Publication date: November 11, 2021Inventor: Ernest Brickell
-
Patent number: 11115208Abstract: Methods and apparati for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.Type: GrantFiled: November 18, 2020Date of Patent: September 7, 2021Inventor: Ernest Brickell
-
Publication number: 20210075608Abstract: Methods and apparati for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.Type: ApplicationFiled: November 18, 2020Publication date: March 11, 2021Inventor: Ernest Brickell
-
Patent number: 10904256Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: GrantFiled: July 30, 2020Date of Patent: January 26, 2021Inventor: Ernest Brickell
-
Patent number: 10855465Abstract: Methods and apparati for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.Type: GrantFiled: November 11, 2019Date of Patent: December 1, 2020Inventor: Ernest Brickell
-
Publication number: 20200358776Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: ApplicationFiled: July 30, 2020Publication date: November 12, 2020Inventor: Ernest Brickell
-
Patent number: 10771467Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: GrantFiled: April 30, 2020Date of Patent: September 8, 2020Inventor: Ernest Brickell
-
Publication number: 20200267156Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: ApplicationFiled: April 30, 2020Publication date: August 20, 2020Inventor: Ernest Brickell
-
Patent number: 10652245Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: GrantFiled: July 2, 2019Date of Patent: May 12, 2020Inventor: Ernest Brickell
-
Publication number: 20200084032Abstract: Methods and apparati for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.Type: ApplicationFiled: November 11, 2019Publication date: March 12, 2020Inventor: Ernest Brickell
-
Patent number: 10498712Abstract: Apparatus and methods for balancing public and personal security needs in a computing device (1). In an apparatus embodiment, the device (1) has two partitions: a first partition (310) in which only applications (312) authorized by a protected application approval entity can execute; and a second partition (205, 210) in which applications that execute are accessible by an authorized external access entity (500). Coupled to the partitions (310, 205, 210) are protection modules (215, 250, 290) configured to protect data used by applications (312) authorized to execute in the first partition (310), and to prevent even authorized external access entities (500) from accessing protected data used by applications (312) authorized to execute in the first partition (310).Type: GrantFiled: November 10, 2016Date of Patent: December 3, 2019Inventor: Ernest Brickell
-
Publication number: 20190327235Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: ApplicationFiled: July 2, 2019Publication date: October 24, 2019Inventor: Ernest Brickell
-
Patent number: 10348706Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: GrantFiled: May 4, 2017Date of Patent: July 9, 2019Inventor: Ernest Brickell
-
Publication number: 20180324158Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: ApplicationFiled: May 4, 2017Publication date: November 8, 2018Inventor: Ernest Brickell
-
Publication number: 20180131677Abstract: Apparatus and methods for balancing public and personal security needs in a computing device (1). In an apparatus embodiment, the device (1) comprises a first partition (310) in which only applications (312) authorized by a protected application approval entity can execute; a second partition (205) in which applications that execute can be accessed by an authorized external access entity; and, coupled to the partitions (310, 205), protection modules (215, 250, 290) configured to protect data used by applications (312) authorized to execute in the first partition (310) and to prevent even authorized external access entities from accessing protected data used by applications (312) authorized to execute in the first partition (310).Type: ApplicationFiled: November 10, 2016Publication date: May 10, 2018Inventor: Ernest Brickell