Patents by Inventor Ivan McLean
Ivan McLean has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210124818Abstract: In illustrative examples described herein, a hardware-based mechanism is provided to prevent brute force attacks on user credentials. In some examples, a throttling policy is added to a hardware key manager to provide timer-based throttling using a secure hardware timer. A register or slot in hardware is used to maintain throttling policy attributes or parameters for tracking a throttle count and a timeout value to be enforced. During a cryptographic wrap operation, a user key is associated with, or bound to, the slot or register. During a subsequent unwrap operation, the hardware key manager then enforces any needed timeouts by throttling user access in response to any incorrect entries based on the throttling policy attributes or parameters maintained in the slot or register. Examples exploiting an always-on battery-backed processing island are also provided. In some examples, throttling is implemented without the use of any secure storage.Type: ApplicationFiled: October 23, 2019Publication date: April 29, 2021Inventors: Baranidharan MUTHUKUMARAN, Satish ANAND, Mahadevamurty NEMANI, Ivan MCLEAN, Miguel BALLESTEROS
-
Patent number: 10678924Abstract: Various features relate to the providing Software-Resilient User Privacy within smartphones or other devices by storing and processing all pertinent values needed for user privacy—such as security keys and access attempt counters—in hardware, such as within a System-on-a-Chip (SoC) processor formed on an integrated circuit (IC). For example, an on-die ephemeral Volatile Memory (eVM) device may be employed for storing access attempt counters or other parameters used to control malicious attack countermeasures. In one example, the eVM employs static random-access memory (SRAM) formed on the die and exploits capacitive remanence to recover stored counter values even if power is disconnected, then reconnected. On-chip NVM may be used for permanent storage of other privacy values, such as a device-unique secret key that is generated locally on the device and not known to the chip vendor, the device Original Equipment Manufacturer (OEM)) or the owner/user of the device.Type: GrantFiled: August 10, 2016Date of Patent: June 9, 2020Assignee: Qualcomm IncorporatedInventors: Vincent Pierre Le Roy, Ivan McLean
-
Publication number: 20200082088Abstract: Various embodiments include methods and devices for implementing protection of data by preventing non-authorized firmware modification on a computing device. Embodiments may include measuring, by a software program, an image of a firmware update producing a measurement of the image of the firmware update, modifying a version identifier of a prior installed firmware producing a version identifier of the firmware update, applying a root key generation algorithm to the measurement of the image of the firmware update, the version identifier of the firmware update, and an enroll identity credential, generating an enroll encryption root key as an output of the root key generation algorithm, applying a seed key encryption algorithm to the enroll encryption root key and an enroll encryption seed key, and generating a sealed encryption seed key as an output of the seed key encryption algorithm.Type: ApplicationFiled: September 11, 2018Publication date: March 12, 2020Inventors: Baranidharan MUTHUKUMARAN, Ivan MCLEAN, Bollapragada V.J. MANOHAR, Vincent Pierre LE ROY, Ashish GROVER
-
Patent number: 10534882Abstract: A method for configuring the features of an integrated circuit. In the method, the integrated circuit receives a feature vector message from a first party. The feature vector message is included in a response to a feature set request from the first party to a second party. The integrated circuit configures at least one feature of the integrated circuit based on a feature vector in the feature vector message. The integrated circuit generates an attestation result based on the at least one configured feature of the integrated circuit and using a key securely stored in the integrated circuit and known to the second party and not known to the first party. The integrated circuit forwards the attestation result to the first party.Type: GrantFiled: August 11, 2016Date of Patent: January 14, 2020Assignee: Qualcomm IncorporatedInventors: Ivan McLean, Stuart Moskovics, Bryan Campbell, Mark Dragicevich
-
Patent number: 9916453Abstract: Methods, apparatus, and computer program products for generating a derivative key for an execution environment (EE) are described. An example of a method includes obtaining a device key by a key derivation circuit, obtaining a context string by the key derivation circuit from a one-time writable bit register (OWBR), generating the derivative key for a current EE by the key derivation circuit based on the device key and on the context string from the OWBR.Type: GrantFiled: December 22, 2015Date of Patent: March 13, 2018Assignee: QUALCOMM IncorporatedInventors: Ivan McLean, Ashish Grover
-
Publication number: 20180046805Abstract: Various features relate to the providing Software-Resilient User Privacy within smartphones or other devices by storing and processing all pertinent values needed for user privacy—such as security keys and access attempt counters—in hardware, such as within a System-on-a-Chip (SoC) processor formed on an integrated circuit (IC). For example, an on-die ephemeral Volatile Memory (eVM) device may be employed for storing access attempt counters or other parameters used to control malicious attack countermeasures. In one example, the eVM employs static random-access memory (SRAM) formed on the die and exploits capacitive remanence to recover stored counter values even if power is disconnected, then reconnected. On-chip NVM may be used for permanent storage of other privacy values, such as a device-unique secret key that is generated locally on the device and not known to the chip vendor, the device Original Equipment Manufacturer (OEM)) or the owner/user of the device.Type: ApplicationFiled: August 10, 2016Publication date: February 15, 2018Inventors: Vincent Pierre Le Roy, Ivan McLean
-
Publication number: 20170325088Abstract: Techniques for securing transactions on a mobile device are provided. An example method according to these techniques includes receiving an input of a code to authorize a transaction in a security sensitive application, authenticating the transaction responsive to the input of the code, monitoring sensor information indicative of a context change, and authorizing subsequent transactions responsive to the sensor information indicating that the context change has not occurred since receiving the input of the code.Type: ApplicationFiled: June 6, 2016Publication date: November 9, 2017Inventors: Adam Edward NEWHAM, Osman KOYUNCU, Chandrasekhar GHANTA, Ivan McLean, Stuart MOSKOVICS, Rashid Ahmed Akbar Attar, Justin McGloin
-
Publication number: 20170286580Abstract: A method for configuring the features of an integrated circuit. In the method, the integrated circuit receives a feature vector message from a first party. The feature vector message is included in a response to a feature set request from the first party to a second party. The integrated circuit configures at least one feature of the integrated circuit based on a feature vector in the feature vector message. The integrated circuit generates an attestation result based on the at least one configured feature of the integrated circuit and using a key securely stored in the integrated circuit and known to the second party and not known to the first party. The integrated circuit forwards the attestation result to the first party.Type: ApplicationFiled: August 11, 2016Publication date: October 5, 2017Inventors: Ivan McLean, Stuart Moskovics, Bryan Campbell, Mark Dragicevich
-
Publication number: 20170177872Abstract: Methods, apparatus, and computer program products for generating a derivative key for an execution environment (EE) are described. An example of a method includes obtaining a device key by a key derivation circuit, obtaining a context string by the key derivation circuit from a one-time writable bit register (OWBR), generating the derivative key for a current EE by the key derivation circuit based on the device key and on the context string from the OWBR.Type: ApplicationFiled: December 22, 2015Publication date: June 22, 2017Inventors: Ivan McLean, Ashish Grover
-
Publication number: 20170163417Abstract: Aspects may relate to a device that comprises: a non-volatile storage medium (NVM) to store a signature and a device key, the device key based on a symmetric master key and an identifier; an interface; and a processor coupled to the interface and the NVM. The processor may be configured to: apply a key derivation function (KDF) to the device key to generate a derivative key; apply a key generation function to the derivative key to generate at least one public key; and command transmission of the signature and the at least one public key through the interface to a service provider.Type: ApplicationFiled: February 10, 2016Publication date: June 8, 2017Inventors: Ivan McLean, David Tamagno, Stuart Moskovics, Manfred Von Willich
-
Patent number: 9607177Abstract: A method operational within a memory controller is provided for securing content stored in memory. The memory controller may allocate logical memory regions within a memory device to different domains. A different domain-specific key is obtained for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information. During write operations, content/data is encrypted, at the memory controller, as it is written into each logical memory region using a domain-specific key corresponding to a domain providing the content and to which the logical memory region is allocated. Similarly, during read operations, content/data is decrypted, at the memory controller, as it is read from each memory region using a domain-specific key corresponding to a domain requesting the content and to which the logical memory region, where the content is stored, is allocated.Type: GrantFiled: September 30, 2013Date of Patent: March 28, 2017Assignee: QUALCOMM IncorporatedInventors: Ravindra R. Jejurikar, Ivan McLean
-
Patent number: 9141809Abstract: Disclosed is a method for deterring a timing-based glitch attack during a secure boot process of a device having a device-specific number. In the method, the device generates a pseudorandom number specific to a particular execution of a secure boot process. The device combines the device-specific number and the pseudorandom number to generate a diversity value. The device may change a timing of at least one process step of the secure boot process based on the diversity value. Also, the device may change an order of process steps of the secure boot process based on the diversity value.Type: GrantFiled: July 23, 2012Date of Patent: September 22, 2015Assignee: QUALCOMM IncorporatedInventor: Ivan McLean
-
Publication number: 20150095662Abstract: A method operational within a memory controller is provided for securing content stored in memory. The memory controller may allocate logical memory regions within a memory device to different domains. A different domain-specific key is obtained for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information. During write operations, content/data is encrypted, at the memory controller, as it is written into each logical memory region using a domain-specific key corresponding to a domain providing the content and to which the logical memory region is allocated. Similarly, during read operations, content/data is decrypted, at the memory controller, as it is read from each memory region using a domain-specific key corresponding to a domain requesting the content and to which the logical memory region, where the content is stored, is allocated.Type: ApplicationFiled: September 30, 2013Publication date: April 2, 2015Applicant: QUALCOMM IncorporatedInventors: Ravindra R. Jejurikar, Ivan McLean
-
Publication number: 20140025960Abstract: Disclosed is a method for deterring a timing-based glitch attack during a secure boot process of a device having a device-specific number. In the method, the device generates a pseudorandom number specific to a particular execution of a secure boot process. The device combines the device-specific number and the pseudorandom number to generate a diversity value. The device may change a timing of at least one process step of the secure boot process based on the diversity value. Also, the device may change an order of process steps of the secure boot process based on the diversity value.Type: ApplicationFiled: July 23, 2012Publication date: January 23, 2014Applicant: Qualcomm IncorporatedInventor: Ivan McLEAN
-
Publication number: 20070207780Abstract: Apparatus and methods for providing an incentive-based system for the superdistribution of content, which include one or more communications devices transmitting one or more referral messages relating to the content. Further, the apparatus and methods include the communications devices ordering content from across the network based on the referral messages, where a reward is generated for one or more referring devices based on the one or more referral messages. Additionally, the application of privacy and authentication mechanisms protects the privacy and verifies the identities of the parties involved in the transaction.Type: ApplicationFiled: February 23, 2006Publication date: September 6, 2007Inventor: Ivan McLean
-
Publication number: 20060206918Abstract: A system and method for inputting a password. The system and method operates to associate unique non-descriptive graphical features with unique text-based characters. The system and method operates to receive in sequence, a plurality of text-based characters. The system and method operates to display in sequence, in accordance with a sequence scheme, the non-descriptive graphical features associated with the plurality of text-based characters. The system and method also operates to process the plurality of text-based characters as the password. In addition, the system and method operates wherein the password, including text-based characters, may be deciphered from both the display of the non-descriptive graphical features associated with the plurality of text-based characters and the sequence scheme.Type: ApplicationFiled: March 1, 2005Publication date: September 14, 2006Inventor: Ivan McLean
-
Publication number: 20060107323Abstract: A system and method for providing secure communications between client communication devices and servers. A server generates a random offset. The server alters a server communication device dynamic credential by applying the random offset to the server communication device dynamic credential. The server stores the server communication device dynamic credential. The server sends, via a network, a signal including the random offset. The server receives, via a network, a signal including a dynamic credential. The server determines a difference between the server communication device dynamic credential and the received dynamic credential. In addition, the server detects a presence of a cloned communications device based on the difference.Type: ApplicationFiled: November 16, 2004Publication date: May 18, 2006Inventor: Ivan McLean
-
Publication number: 20060095957Abstract: A system and method for providing secure communications between remote computing devices and servers. A network, device sends characteristics of a client computing device over the network. A network device receives characteristics of a client computing device over the network. A plurality of credentials are generated where at least one of the plurality of credentials based on both the received characteristics of the client computing device and a unique client key, and at least one of the plurality of credentials based on both the received characteristics of the client computing device and a generic key. A network device sends the plurality of credentials over the network. A network device receives the plurality of credentials via the network.Type: ApplicationFiled: October 29, 2004Publication date: May 4, 2006Inventors: Laurence Lundblade, Ivan McLean, Gerald Horel
-
Publication number: 20050059352Abstract: Methods and apparatus for determining the integrity of a device. A method is provided for use in a server to provide a dynamic integrity check of a client device. The method includes selecting a selected integrity application from one or more integrity applications, wherein the selected integrity application operates to generate a unique preselected integrity response. The method also includes downloading the selected integrity application for execution on the client device, and receiving a response from the selected integrity application. The method also includes determining whether or not the response is the preselected integrity response.Type: ApplicationFiled: September 10, 2003Publication date: March 17, 2005Inventor: Ivan McLean
-
Patent number: 6364052Abstract: Noise-reducing earplugs include a configuration and surface ornamentation to resemble a product other than earplugs, or a container for such a product. For example, such earplugs may have a generally cylindrical configuration and appropriate surface ornamentation to resemble can-type containers as are used for beverages (e.g., soft drinks or beer) and other liquid products (e.g., paints, oils, fuel additives, etc.).Type: GrantFiled: March 14, 2000Date of Patent: April 2, 2002Assignee: Ivan McLean, Inc.Inventor: Ivan McLean