Patents by Inventor James D. Beaney, JR.
James D. Beaney, JR. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11907362Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.Type: GrantFiled: May 1, 2020Date of Patent: February 20, 2024Assignee: MAfee, LLCInventors: Steve Grobman, Carl Woodward, James D. Beaney, Jr., Jimmy Scott Raynor
-
Patent number: 11489678Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.Type: GrantFiled: April 23, 2020Date of Patent: November 1, 2022Assignee: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
-
Publication number: 20210006416Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.Type: ApplicationFiled: April 23, 2020Publication date: January 7, 2021Applicant: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
-
Patent number: 10880097Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.Type: GrantFiled: October 17, 2018Date of Patent: December 29, 2020Assignee: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
-
Publication number: 20200257795Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.Type: ApplicationFiled: May 1, 2020Publication date: August 13, 2020Applicant: McAfee, LLCInventors: Steve Grobman, Carl Woodward, James D. Beaney, JR., Jimmy Scott Raynor
-
Patent number: 10708067Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.Type: GrantFiled: July 2, 2016Date of Patent: July 7, 2020Assignee: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
-
Patent number: 10678908Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.Type: GrantFiled: December 21, 2013Date of Patent: June 9, 2020Assignee: McAfee, LLCInventors: Steve Grobman, Carl Woodward, James D. Beaney, Jr., Jimmy Scott Raynor
-
Publication number: 20190052469Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.Type: ApplicationFiled: October 17, 2018Publication date: February 14, 2019Applicant: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
-
Patent number: 10135622Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.Type: GrantFiled: September 29, 2016Date of Patent: November 20, 2018Assignee: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
-
Patent number: 9864861Abstract: A system is disclosed and includes a processor to automatically execute enclave initialization code within a host application at run time of the host application. The enclave initialization code includes marshaling code to create a secure enclave separate from the host application. The marshaling code is generated at build time of the host application. The system also includes a dynamic random access memory (DRAM) including a dedicated DRAM portion to store the secure enclave. Other embodiments are described and claimed.Type: GrantFiled: March 27, 2014Date of Patent: January 9, 2018Assignee: Intel CorporationInventors: Bin Cedric Xing, Mark W. Shanahan, James D. Beaney, Jr.
-
Publication number: 20170366359Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.Type: ApplicationFiled: July 2, 2016Publication date: December 21, 2017Applicant: Intel CorporationInventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P, Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
-
Publication number: 20170353319Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.Type: ApplicationFiled: September 29, 2016Publication date: December 7, 2017Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
-
Publication number: 20170039368Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.Type: ApplicationFiled: December 21, 2013Publication date: February 9, 2017Applicant: McAfee, Inc.Inventors: Steve Grobman, Carl Woodward, James D. Beaney, Jr., Jimmy Scott Raynor
-
Patent number: 9536063Abstract: A processing device provides a method for protecting a program from unauthorized copying. The processing device may include an encrypted version of the program. According to one example method, the processing device creates a secure enclave, and in response to a request to execute the encrypted program, the processing device automatically generates a decrypted version of the program in the secure enclave by decrypting the encrypted program in the secure enclave. After automatically generating the decrypted version of the program in the secure enclave, the processing device may automatically execute the decrypted version of the program in the secure enclave. Other embodiments are described and claimed.Type: GrantFiled: October 24, 2013Date of Patent: January 3, 2017Assignee: Intel CorporationInventors: Bin Xing, Bo Zhang, Mark W. Shanahan, James D. Beaney, Jr.
-
Patent number: 9405551Abstract: In an embodiment, a processor includes a binary translation (BT) container having code to generate a binary translation of a first code segment and to store the binary translation in a translation cache, a host entity logic to manage the BT container and to identify the first code segment, and protection logic to isolate the BT container from a software stack. In this way, the BT container is configured to be transparent to the software stack. Other embodiments are described and claimed.Type: GrantFiled: March 12, 2013Date of Patent: August 2, 2016Assignee: Intel CorporationInventors: Koichi Yamada, Palanivel Rajan Shanmugavelayutham, Scott D. Rodgers, Barry E. Huntley, James D. Beaney, Jr., Boaz Tamir
-
Patent number: 9405937Abstract: A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.Type: GrantFiled: June 28, 2013Date of Patent: August 2, 2016Assignee: INTEL CORPORATIONInventors: Lior Malka, Koichi Yamada, Palanivelrajan Shanmugavelayutham, Barry E. Huntley, Scott D. Rodgers, James D. Beaney, Jr.
-
Publication number: 20150278528Abstract: A system is disclosed and includes a processor to automatically execute enclave initialization code within a host application at run time of the host application. The enclave initialization code includes marshaling code to create a secure enclave separate from the host application. The marshaling code is generated at build time of the host application. The system also includes a dynamic random access memory (DRAM) including a dedicated DRAM portion to store the secure enclave. Other embodiments are described and claimed.Type: ApplicationFiled: March 27, 2014Publication date: October 1, 2015Inventors: Bin Cedric Xing, Mark W. Shanahan, James D. Beaney, JR.
-
Publication number: 20150121536Abstract: A processing device provides a method for protecting a program from unauthorized copying. The processing device may include an encrypted version of the program. According to one example method, the processing device creates a secure enclave, and in response to a request to execute the encrypted program, the processing device automatically generates a decrypted version of the program in the secure enclave by decrypting the encrypted program in the secure enclave. After automatically generating the decrypted version of the program in the secure enclave, the processing device may automatically execute the decrypted version of the program in the secure enclave. Other embodiments are described and claimed.Type: ApplicationFiled: October 24, 2013Publication date: April 30, 2015Inventors: Bin Xing, Bo Zhang, Mark W. Shanahan, James D. Beaney, JR.
-
Publication number: 20150007304Abstract: A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.Type: ApplicationFiled: June 28, 2013Publication date: January 1, 2015Inventors: Lior Malka, Koichi Yamada, Palanivelrajan Shanmugavelayutham, Barry E. Huntley, Scott D. Rodgers, James D. Beaney, JR.
-
Publication number: 20140281376Abstract: In an embodiment, a processor includes a binary translation (BT) container having code to generate a binary translation of a first code segment and to store the binary translation in a translation cache, a host entity logic to manage the BT container and to identify the first code segment, and protection logic to isolate the BT container from a software stack. In this way, the BT container is configured to be transparent to the software stack. Other embodiments are described and claimed.Type: ApplicationFiled: March 12, 2013Publication date: September 18, 2014Inventors: Koichi Yamada, Palanivel Rajan Shanmugavelayutham, Scott D. Rodgers, Barry E. Huntley, James D. Beaney, JR., Boaz Tamir