Patents by Inventor James D. Beaney, JR.

James D. Beaney, JR. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11907362
    Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.
    Type: Grant
    Filed: May 1, 2020
    Date of Patent: February 20, 2024
    Assignee: MAfee, LLC
    Inventors: Steve Grobman, Carl Woodward, James D. Beaney, Jr., Jimmy Scott Raynor
  • Patent number: 11489678
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: November 1, 2022
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Publication number: 20210006416
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Application
    Filed: April 23, 2020
    Publication date: January 7, 2021
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Patent number: 10880097
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: December 29, 2020
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Publication number: 20200257795
    Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.
    Type: Application
    Filed: May 1, 2020
    Publication date: August 13, 2020
    Applicant: McAfee, LLC
    Inventors: Steve Grobman, Carl Woodward, James D. Beaney, JR., Jimmy Scott Raynor
  • Patent number: 10708067
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Grant
    Filed: July 2, 2016
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Patent number: 10678908
    Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.
    Type: Grant
    Filed: December 21, 2013
    Date of Patent: June 9, 2020
    Assignee: McAfee, LLC
    Inventors: Steve Grobman, Carl Woodward, James D. Beaney, Jr., Jimmy Scott Raynor
  • Publication number: 20190052469
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Application
    Filed: October 17, 2018
    Publication date: February 14, 2019
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Patent number: 10135622
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: November 20, 2018
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Patent number: 9864861
    Abstract: A system is disclosed and includes a processor to automatically execute enclave initialization code within a host application at run time of the host application. The enclave initialization code includes marshaling code to create a secure enclave separate from the host application. The marshaling code is generated at build time of the host application. The system also includes a dynamic random access memory (DRAM) including a dedicated DRAM portion to store the secure enclave. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 27, 2014
    Date of Patent: January 9, 2018
    Assignee: Intel Corporation
    Inventors: Bin Cedric Xing, Mark W. Shanahan, James D. Beaney, Jr.
  • Publication number: 20170366359
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Application
    Filed: July 2, 2016
    Publication date: December 21, 2017
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P, Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Publication number: 20170353319
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Application
    Filed: September 29, 2016
    Publication date: December 7, 2017
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Publication number: 20170039368
    Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.
    Type: Application
    Filed: December 21, 2013
    Publication date: February 9, 2017
    Applicant: McAfee, Inc.
    Inventors: Steve Grobman, Carl Woodward, James D. Beaney, Jr., Jimmy Scott Raynor
  • Patent number: 9536063
    Abstract: A processing device provides a method for protecting a program from unauthorized copying. The processing device may include an encrypted version of the program. According to one example method, the processing device creates a secure enclave, and in response to a request to execute the encrypted program, the processing device automatically generates a decrypted version of the program in the secure enclave by decrypting the encrypted program in the secure enclave. After automatically generating the decrypted version of the program in the secure enclave, the processing device may automatically execute the decrypted version of the program in the secure enclave. Other embodiments are described and claimed.
    Type: Grant
    Filed: October 24, 2013
    Date of Patent: January 3, 2017
    Assignee: Intel Corporation
    Inventors: Bin Xing, Bo Zhang, Mark W. Shanahan, James D. Beaney, Jr.
  • Patent number: 9405551
    Abstract: In an embodiment, a processor includes a binary translation (BT) container having code to generate a binary translation of a first code segment and to store the binary translation in a translation cache, a host entity logic to manage the BT container and to identify the first code segment, and protection logic to isolate the BT container from a software stack. In this way, the BT container is configured to be transparent to the software stack. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 12, 2013
    Date of Patent: August 2, 2016
    Assignee: Intel Corporation
    Inventors: Koichi Yamada, Palanivel Rajan Shanmugavelayutham, Scott D. Rodgers, Barry E. Huntley, James D. Beaney, Jr., Boaz Tamir
  • Patent number: 9405937
    Abstract: A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: August 2, 2016
    Assignee: INTEL CORPORATION
    Inventors: Lior Malka, Koichi Yamada, Palanivelrajan Shanmugavelayutham, Barry E. Huntley, Scott D. Rodgers, James D. Beaney, Jr.
  • Publication number: 20150278528
    Abstract: A system is disclosed and includes a processor to automatically execute enclave initialization code within a host application at run time of the host application. The enclave initialization code includes marshaling code to create a secure enclave separate from the host application. The marshaling code is generated at build time of the host application. The system also includes a dynamic random access memory (DRAM) including a dedicated DRAM portion to store the secure enclave. Other embodiments are described and claimed.
    Type: Application
    Filed: March 27, 2014
    Publication date: October 1, 2015
    Inventors: Bin Cedric Xing, Mark W. Shanahan, James D. Beaney, JR.
  • Publication number: 20150121536
    Abstract: A processing device provides a method for protecting a program from unauthorized copying. The processing device may include an encrypted version of the program. According to one example method, the processing device creates a secure enclave, and in response to a request to execute the encrypted program, the processing device automatically generates a decrypted version of the program in the secure enclave by decrypting the encrypted program in the secure enclave. After automatically generating the decrypted version of the program in the secure enclave, the processing device may automatically execute the decrypted version of the program in the secure enclave. Other embodiments are described and claimed.
    Type: Application
    Filed: October 24, 2013
    Publication date: April 30, 2015
    Inventors: Bin Xing, Bo Zhang, Mark W. Shanahan, James D. Beaney, JR.
  • Publication number: 20150007304
    Abstract: A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.
    Type: Application
    Filed: June 28, 2013
    Publication date: January 1, 2015
    Inventors: Lior Malka, Koichi Yamada, Palanivelrajan Shanmugavelayutham, Barry E. Huntley, Scott D. Rodgers, James D. Beaney, JR.
  • Publication number: 20140281376
    Abstract: In an embodiment, a processor includes a binary translation (BT) container having code to generate a binary translation of a first code segment and to store the binary translation in a translation cache, a host entity logic to manage the BT container and to identify the first code segment, and protection logic to isolate the BT container from a software stack. In this way, the BT container is configured to be transparent to the software stack. Other embodiments are described and claimed.
    Type: Application
    Filed: March 12, 2013
    Publication date: September 18, 2014
    Inventors: Koichi Yamada, Palanivel Rajan Shanmugavelayutham, Scott D. Rodgers, Barry E. Huntley, James D. Beaney, JR., Boaz Tamir