Patents by Inventor Keelan Smith
Keelan Smith has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11119905Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.Type: GrantFiled: July 10, 2019Date of Patent: September 14, 2021Assignee: BlackBerry LimitedInventors: Keelan Smith, Richard Gwynn Jones, Chinh Khac Nguyen, Thomas Rudolf Stiemerling
-
Publication number: 20190370159Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.Type: ApplicationFiled: July 10, 2019Publication date: December 5, 2019Inventors: Keelan SMITH, Richard Gwynn JONES, Chinh Khac NGUYEN, Thomas Rudolf STIEMERLING
-
Patent number: 10380007Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.Type: GrantFiled: June 9, 2015Date of Patent: August 13, 2019Assignee: Certicom Corp.Inventors: Keelan Smith, Richard Gwynn Jones, Chinh Khac Nguyen, Thomas Rudolf Stiemerling
-
Patent number: 9678896Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.Type: GrantFiled: October 26, 2015Date of Patent: June 13, 2017Assignee: Certicom Corp.Inventors: Daniel Francis O'Loughlin, Keelan Smith, Jay Scott Fuller, William Lundy Lattin, Marinus Struik, Yuri Poeluev, Matthew John Campagna, Thomas Rudolf Stiemerling, Wei Cheng Joseph Ku
-
Publication number: 20160048462Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.Type: ApplicationFiled: October 26, 2015Publication date: February 18, 2016Applicant: CERTICOM CORP.Inventors: Daniel Francis O'Loughlin, Keelan Smith, Jay Scott Fuller, William Lundy Lattin, Marinus Struik, Yuri Poeluev, Matthew John Campagna, Thomas Rudolf Stiemerling, Wei Cheng Joseph Ku
-
Patent number: 9183158Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.Type: GrantFiled: December 26, 2013Date of Patent: November 10, 2015Assignee: Certicom Corp.Inventors: Daniel Francis O'Loughlin, Keelan Smith, Jay Scott Fuller, William Lundy Lattin, Marinus Struik, Yuri Poeluev, Matthew John Campagna, Thomas Rudolf Stiemerling, Weicheng Joseph Ku
-
Publication number: 20150309921Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.Type: ApplicationFiled: June 9, 2015Publication date: October 29, 2015Inventors: Keelan SMITH, Richard Gwynn JONES, Chinh Khac NGUYEN, Thomas Rudolf STIEMERLING
-
Patent number: 9111098Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.Type: GrantFiled: July 12, 2010Date of Patent: August 18, 2015Assignee: Certicom Corp.Inventors: Keelan Smith, Richard Gwynn Jones, Thomas Rudolf Stiemerling, Chinh Khac Nguyen
-
Patent number: 9013266Abstract: An authenticated RFID system is provided that uses elliptic curve cryptography (ECC) to reduce the signature size and read/write times when compared to traditional public key implementations such as RSA. Either ECDSA or ECPVS can be used to reduce the signature size and ECPVS can be used to hide a portion of the RFID tag that contains sensitive product identifying information. As a result, smaller tags can be used or multiple signatures can be written at different stages in a manufacturing or supply chain. A key management system is used to distribute the verification keys and aggregate signature schemes are also provided for adding multiple signatures to the RFID tags, for example in a supply chain.Type: GrantFiled: September 10, 2007Date of Patent: April 21, 2015Assignee: Certicom Corp.Inventors: Michael Griffiths-Harvey, Brian Neill, Keelan Smith, Tony Rosati, Walt Davis
-
Publication number: 20140108825Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.Type: ApplicationFiled: December 26, 2013Publication date: April 17, 2014Inventors: Daniel Francis O'Loughlin, Keelan Smith, Jay Scott Fuller, William Lundy Lattin, Marinus Struik, Yuri Poeluev, Matthew John Campagna, Thomas Rudolf Stiemerling, Weicheng Joseph Ku
-
Patent number: 8631247Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.Type: GrantFiled: November 24, 2009Date of Patent: January 14, 2014Assignee: Certicom Corp.Inventors: Daniel O'Loughlin, Keelan Smith, Jay Scott Fuller, Joseph Ku, William Lattin, Marinus Struik, Yuri Poeluev, Matthew J. Campagna, Thomas Stiemerling
-
Patent number: 8510570Abstract: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.Type: GrantFiled: January 24, 2012Date of Patent: August 13, 2013Assignee: Certicom Corp.Inventors: Keelan Smith, Scott A. Vanstone, Daniel R. Brown, Darryl L. Parisien, Ashok Vadekar, Brian Neill
-
Publication number: 20120131322Abstract: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.Type: ApplicationFiled: January 24, 2012Publication date: May 24, 2012Applicant: Certicom Corp.Inventors: Keelan Smith, Scott A. Vanstone, Daniel R. Brown, Darryl L. Parisien, Ashok Vadekar, Brian Neill
-
Publication number: 20120102334Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.Type: ApplicationFiled: November 24, 2009Publication date: April 26, 2012Applicant: CERTICOM CORP.Inventors: Daniel O'Loughlin, Keelan Smith, Jay Scott Fuller, Joseph Ku, William Lattin, Marinus Struik, Yuri Poeluev, Martthew J. Campagna, Thomas Stiemerling
-
Patent number: 8166308Abstract: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.Type: GrantFiled: July 18, 2007Date of Patent: April 24, 2012Assignee: Certicom Corp.Inventors: Keelan Smith, Scott A. Vanstone, Daniel R. Brown, Darryl L. Parisien, Ashok Vadekar, Brian Neill
-
Publication number: 20110010770Abstract: A key injection service module for an asset management system is provided for a secure means of injecting keys into products. To provide this service, a controller is used to define one or more key types defining the format of the keys in a file. The controller is then used to define a product model, and then to bind each key type to the product models.Type: ApplicationFiled: July 12, 2010Publication date: January 13, 2011Applicant: CERTICOM CORP.Inventors: Keelan Smith, Brian Paul Neill, Eugene Chin
-
Publication number: 20110010720Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.Type: ApplicationFiled: July 12, 2010Publication date: January 13, 2011Applicant: CERTICOM CORP.Inventors: Keelan Smith, Richard Gwynn Jones, Thomas Rudolf Stiemerling, Chinh Khac Nguyen
-
Publication number: 20100241848Abstract: An infrastructure for securely communicating with electronic meters is described, which enables secure communication between a utility and a meter located at a customer, over a communication link or connection such as via a network. This enables messages to be sent from the utility to the meter and vice versa in a secure manner. The network provides a communication medium for communicating via the C12.22 protocol for secure metering. A cryptographic backend is used to cryptographically process messages to be sent to the meter and to similarly cryptographically process messages sent from the meter. By providing appropriate cryptographic measures such as key management, confidentiality and authentication, the meter can only interpret and process messages from a legitimate utility and the utility can ensure that the messages it receives are from a legitimate meter and contain legitimate information.Type: ApplicationFiled: February 26, 2010Publication date: September 23, 2010Applicant: Certicom Corp.Inventors: Keelan Smith, Ian Robert Laidlaw, Jason Andrew Colburne
-
Publication number: 20080164976Abstract: An authenticated RFID system is provided that uses elliptic curve cryptography (ECC) to reduce the signature size and read/write times when compared to traditional public key implementations such as RSA. Either ECDSA or ECPVS can be used to reduce the signature size and ECPVS can be used to hide a portion of the RFID tag that contains sensitive product identifying information. As a result, smaller tags can be used or multiple signatures can be written at different stages in a manufacturing or supply chain. A key management system is used to distribute the verification keys and aggregate signature schemes are also provided for adding multiple signatures to the RFID tags, for example in a supply chain.Type: ApplicationFiled: September 10, 2007Publication date: July 10, 2008Inventors: Michael Griffiths-Harvey, Brian Neill, Keelan Smith, Tony Rosati, Walt Davis
-
Publication number: 20080028235Abstract: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.Type: ApplicationFiled: July 18, 2007Publication date: January 31, 2008Inventors: Keelan Smith, Scott Vanstone, Daniel Brown, Darryl Parisien, Ashok Vadekar, Brian Neill