Patents by Inventor Ernie Brickell
Ernie Brickell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10885202Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.Type: GrantFiled: September 6, 2018Date of Patent: January 5, 2021Assignee: Intel CorporationInventors: Francis X. McKeen, Carlos V. Rozas, Uday R. Savagaonkar, Simon P. Johnson, Vincent Scarlata, Michael A. Goldsmith, Ernie Brickell, Jiang Tao Li, Howard C. Herbert, Prashant Dewan, Stephen J. Tolopka, Gilbert Neiger, David Durham, Gary Graunke, Bernard Lint, Don A. Van Dyke, Joseph Cihula, Stalinselvaraj Jeyasingh, Stephen R. Van Doren, Dion Rodgers, John Garney, Asher Altman
-
Patent number: 10437985Abstract: A method, apparatus, and computer-readable medium are provided to determine whether to enroll a computing device as a provider of a secure application enclave for an application. The following information is obtained from a second computing device: a device identifier for a first computing device, application information, and data for a shared secret. The first computing device is configured to provide a secure application enclave to support execution of the application associated with the application information, and the shared secret is shared between the secure application enclave and a user of the first computing device. A determination is made whether to enroll the first computing device as a provider of the secure application enclave for the application using the device identifier, the application information, and the data for the shared secret. The secure application enclave may be notified whether the enrollment of the first computing device is successful.Type: GrantFiled: October 1, 2016Date of Patent: October 8, 2019Assignee: Intel CorporationInventors: Jonathan Trostle, Paritosh Saxena, Ernie Brickell, Thomas J. Barnes
-
Publication number: 20190273738Abstract: Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted.Type: ApplicationFiled: March 6, 2019Publication date: September 5, 2019Inventor: Ernie Brickell
-
Patent number: 10397005Abstract: A method, apparatus, and computer-readable medium providing instructions to cause a computing device to establish a portion of a memory of the computing device as a trusted execution environment and execute a trusted third party application within the trusted execution environment. The trusted third party application is to receive a signed public key and an identifier for a verifier from a user client attestation application executing on a client platform. The signed public key is signed with an identifiable platform attestation private key for the client platform. The trusted third party application is further to verify the signed public key, determine a policy of the verifier, encode the policy into a trusted third party anonymous certificate for the signed public key, issue the trusted third party anonymous certificate without including identification information of the client platform, and send the trusted third party anonymous certificate to the user client attestation application.Type: GrantFiled: March 31, 2017Date of Patent: August 27, 2019Assignee: Intel CorporationInventor: Ernie Brickell
-
Patent number: 10284368Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor. In one embodiments, a key provisioner/tester apparatus may include a memory device to receive a unique hardware key generated by a first logic of a processor. The key provisioner/tester apparatus may further include a cipher device to permanently store an encrypted first key in nonvolatile memory of the processor, detect whether the stored encrypted first key is valid, and to isolate at least one of the first logic and the nonvolatile memory of the processor from all sources that are exterior to the processor in response to detecting that the stored encrypted first key is valid.Type: GrantFiled: January 5, 2017Date of Patent: May 7, 2019Assignee: Intel CorporationInventors: Jiangtao Li, Anand Rajan, Roel Maes, Sanu K Mathew, Ram Krishnamurthy, Ernie Brickell
-
Publication number: 20190087586Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.Type: ApplicationFiled: September 6, 2018Publication date: March 21, 2019Inventors: Francis X. McKEEN, Carlos V. ROZAS, Uday R. SAVAGAONKAR, Simon P. JOHNSON, Vincent SCARLATA, Michael A. GOLDSMITH, Ernie BRICKELL, Jiang Tao LI, Howard C. HERBERT, Prashant DEWAN, Stephen J. TOLOPKA, Gilbert NEIGER, David DURHAM, Gary GRAUNKE, Bernard LINT, Don A. VAN DYKE, Joseph CIHULA, Stalinselvaraj JEYASINGH, Stephen R. VAN DOREN, Dion RODGERS, John GARNEY, Asher ALTMAN
-
Patent number: 10102380Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.Type: GrantFiled: March 13, 2013Date of Patent: October 16, 2018Assignee: Intel CorporationInventors: Francis X. McKeen, Carlos V. Rozas, Uday R. Savagaonkar, Simon P. Johnson, Vincent Scarlata, Michael A. Goldsmith, Ernie Brickell, Jiang Tao Li, Howard C. Herbert, Prashant Dewan, Stephen J. Tolopka, Gilbert Neiger, David Durham, Gary Graunke, Bernard Lint, Don A. Van Dyke, Joseph Cihula, Stalinselvaraj Jeyasingh, Stephen R. Van Doren, Dion Rodgers, John Garney, Asher Altman
-
Publication number: 20180287802Abstract: A method, apparatus, and computer-readable medium providing instructions to cause a computing device to establish a portion of a memory of the computing device as a trusted execution environment and execute a trusted third party application within the trusted execution environment. The trusted third party application is to receive a signed public key and an identifier for a verifier from a user client attestation application executing on a client platform. The signed public key is signed with an identifiable platform attestation private key for the client platform. The trusted third party application is further to verify the signed public key, determine a policy of the verifier, encode the policy into a trusted third party anonymous certificate for the signed public key, issue the trusted third party anonymous certificate without including identification information of the client platform, and send the trusted third party anonymous certificate to the user client attestation application.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventor: Ernie Brickell
-
Publication number: 20180096137Abstract: A method, apparatus, and computer-readable medium are provided to determine whether to enroll a computing device as a provider of a secure application enclave for a secure an application. The following information is obtained from a second computing device: a device identifier for a first computing device, application information, and data for a shared secret. The first computing device is configured to provide a secure application enclave to support execution of a secure the application associated with the application information, and the shared secret is shared between the secure application enclave and a user of the first computing device. A determination is made whether to enroll the first computing device as a provider of the secure application enclave for the secure application using the device identifier, the application information, and the data for the shared secret. The secure application enclave may be notified whether the enrollment of the first computing device is successful.Type: ApplicationFiled: October 1, 2016Publication date: April 5, 2018Inventors: Jonathan Trostle, Paritosh Saxena, Ernie Brickell, Thomas J. Barnes
-
Patent number: 9935773Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.Type: GrantFiled: February 13, 2017Date of Patent: April 3, 2018Assignee: INTEL CORPORATIONInventors: Nitin V. Sarangdhar, Daniel Nemiroff, Ned M. Smith, Ernie Brickell, Jiangtao Li
-
Publication number: 20180006822Abstract: Systems and methods for using an arbitrary base value for EPID calculations are provided herein. A system to use arbitrary base values in enhanced privacy ID (EPID) calculation, where the system includes a microcontroller; and a memory coupled to the microcontroller; wherein the microcontroller is to: obtain an arbitrary value at a member device, the member device being a member of a group of member devices, each member device in the group of member devices having a unique private EPID key assigned from a pool of private keys, where any of the pool of private keys is able to sign content that is verifiable by a single group public key, and the arbitrary value being one of a time-based value or a usage-based value; construct an EPID base using the arbitrary value; and transmit content signed with the private key using the EPID base to a verifier.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Inventor: Ernie Brickell
-
Publication number: 20170288869Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor/apparatus. In one embodiment, the apparatus includes a physically unclonable functions (PUF) circuit to generate a hardware key based on at least one manufacturing variation of the apparatus and a nonvolatile memory coupled to the PUF circuit, the nonvolatile memory to store an encrypted key, the encrypted key comprising a first key encrypted using the hardware key. The apparatus further includes a hardware cipher component coupled to the nonvolatile memory and the PUF circuit, the hardware cipher component to decrypt the encrypted key stored in the nonvolatile memory with at least the hardware key to generate a decrypted copy of the first key and fixed logic circuitry coupled to the PUF circuit and the hardware cipher component, the fixed logic circuitry to verify that the decrypted copy of the first key is valid.Type: ApplicationFiled: June 20, 2017Publication date: October 5, 2017Inventors: Jiangtao Li, Anand Rajan, Roel Maes, Sanu K. Mathew, Ram Krishnamurthy, Ernie Brickell
-
Publication number: 20170170966Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.Type: ApplicationFiled: February 13, 2017Publication date: June 15, 2017Applicant: Intel CorporationInventors: NITIN V. SARANGDHAR, DANIEL NEMIROFF, NED M. SMITH, ERNIE BRICKELL, JIANGTAO LI
-
Publication number: 20170126405Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor. In one embodiments, a key provisioner/tester apparatus may include a memory device to receive a unique hardware key generated by a first logic of a processor. The key provisioner/tester apparatus may further include a cipher device to permanently store an encrypted first key in nonvolatile memory of the processor, detect whether the stored encrypted first key is valid, and to isolate at least one of the first logic and the nonvolatile memory of the processor from all sources that are exterior to the processor in response to detecting that the stored encrypted first key is valid.Type: ApplicationFiled: January 5, 2017Publication date: May 4, 2017Inventors: Jiangtao Li, Anand Rajan, Roel Maes, Sanu K Mathew, Ram Krishnamurthy, Ernie Brickell
-
Patent number: 9608825Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.Type: GrantFiled: November 14, 2014Date of Patent: March 28, 2017Assignee: Intel CorporationInventors: Nitin V. Sarangdhar, Daniel Nemiroff, Ned M. Smith, Ernie Brickell, Jiangtao Li
-
Patent number: 9544141Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor.Type: GrantFiled: December 29, 2011Date of Patent: January 10, 2017Assignee: Intel CorporationInventors: Jiangtao Li, Anand Rajan, Roel Maes, Sanu K Mathew, Ram Krishnamurthy, Ernie Brickell
-
Publication number: 20160142212Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.Type: ApplicationFiled: November 14, 2014Publication date: May 19, 2016Applicant: Intel CorporationInventors: NITIN V. SARANGDHAR, DANIEL NEMIROFF, NED M. SMITH, ERNIE BRICKELL, JIANGTAO LI
-
Patent number: 9219602Abstract: A method and system computes a basepoint for use in a signing operation of a direct anonymous attestation scheme. The method and system includes computing a basepoint at a host computing device and verifying the base point at a trusted platform module (TPM) device.Type: GrantFiled: December 27, 2011Date of Patent: December 22, 2015Assignee: Intel CorporationInventors: Jiangtao Li, Ernie Brickell, Willard Monten Wiseman
-
Patent number: 9087200Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.Type: GrantFiled: June 19, 2012Date of Patent: July 21, 2015Assignee: Intel CorporationInventors: Francis X. McKeen, Carlos V. Rozas, Uday R. Savagaonkar, Simon P. Johnson, Vincent Scarlata, Michael A. Goldsmith, Ernie Brickell, Jiang Tao Li, Howard C. Herbert, Prashant Dewan, Stephen J. Tolopka, Gilbert Neiger, David Durham, Gary Graunke, Bernard Lint, Don A. Van Dyke, Joseph Cihula, Stalinselvaraj Jeyasingh, Stephen R. Van Doren, Dion Rodgers, John Garney, Asher Altman
-
Publication number: 20150188710Abstract: Embodiments of an invention for offloading functionality from a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes verifying that a signature structure key matches a hardware key that permits functionality to be offloaded.Type: ApplicationFiled: December 28, 2013Publication date: July 2, 2015Inventors: Simon Johnson, Francis McKeen, Vincent Scarlata, Carlos Rozas, Uday Savagaonkar, Michael Goldsmith, Ernie Brickell