Patents by Inventor Lance W. Dover
Lance W. Dover has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20260161574Abstract: A security server to provide security services over a computer network based on security features of memory devices connected to host systems. For example, the security features of a memory device can include a unique device secret, a cryptographic engine, and an access controller to implement access privileges represented by cryptographic keys. After receiving identity data that is generated by the memory device and represented by a cryptographic key, the security server can determine authenticity of the memory device based on its copy of the unique device secret of the memory device. The security server can generate a verification code for a command and cause the command and the verification code to be communicated to the memory device, where the access controller of the memory device validates the verification code in determining whether to block execution of the command in the memory device.Type: ApplicationFiled: April 16, 2025Publication date: June 11, 2026Inventors: Jeffrey Charles Shiner, Lance W. Dover, Olivier Duval
-
Patent number: 12650930Abstract: A security server to implement security operations during validation of the identity of an endpoint based on activity data of the endpoint. For example, a server system stores data representative of preferences for the endpoint. After receiving, a validation request containing identity data generated by a memory device configured in the endpoint, the server system can validate the identity data based at least in part on a secret of the memory device. If the identity data is valid, the server system can further determine whether an activity, as identified by the identity data and/or the validation request, satisfies a condition specified for the endpoint. If so, the server system can perform a security operation associated with the condition in providing a validation response in responding to the validation request.Type: GrantFiled: September 24, 2021Date of Patent: June 9, 2026Assignee: Micron Technology, Inc.Inventors: Jeffrey Charles Shiner, Lance W. Dover, Olivier Duval
-
Publication number: 20260119724Abstract: Methods, systems, and devices for partitioned cryptographic protection for a memory system are described. The method may include a host system generating a command to update a protection attribute of a first set of memory cells of the memory system, where the memory system includes multiple sets of memory cells, each set associated with a respective set of one or more first keys. The method may further include encrypting the command based on a second key corresponding to a first key within the respective set of one or more first keys, and transmitting, after encrypting the command, the command to the memory system to update the protection attribute of the first set of memory cells.Type: ApplicationFiled: October 29, 2025Publication date: April 30, 2026Inventor: Lance W. Dover
-
Publication number: 20260088996Abstract: Methods, systems, and devices for memory system security and authentication using asymmetric keys are described. In some examples, host systems and memory systems may be configured to implement techniques for the generation and distribution of asymmetric keys, which may support evaluating the authenticity of interfacing systems (e.g., system identities) in connection with exchanged signaling, such as access commands, requests, data, or other signaling. Such techniques may include implementing asymmetric cryptographic security directly in a memory system. For example, a memory system may be configured to be cryptographically identified by a public asymmetric key, and authenticity of the memory system may be proven by signing a challenge using an asymmetric private key of the memory system. Further, a host system may be identified by signing signaling with its asymmetric private key, and the signature may be verified by a memory system using an asymmetric public key of the host system.Type: ApplicationFiled: December 1, 2025Publication date: March 26, 2026Inventor: Lance W. Dover
-
Publication number: 20260064604Abstract: Methods, systems, and devices for authenticated reading of memory system data are described. In some examples, a host system and a memory system may exchange keys used to grant the host system access to one or more protected regions of the memory system. The keys may be symmetric or asymmetric. In some cases, the host system may transmit a read command to access data stored at a protected region of the memory system, along with a signature generated using the key associated with the protected region. The memory system may verify the signature to determine whether the host is authorized to access the protected region, and may transmit the requested data to the host system. In some examples, the memory system may sign the returned data, so that the host system may verify the source of the data.Type: ApplicationFiled: September 3, 2025Publication date: March 5, 2026Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
-
Publication number: 20260019238Abstract: Methods, systems, and devices for techniques for generating a shared secret for an electronic system are described. A memory system may identify an initial key pair and exchange a public key of the key pair with a public key associated with a server. The memory system and the server may each generate a shared secret. In some cases, the memory system and the server may use the shared secret to generate a device identifier for the memory system, for example by incorporating the device identifier into a cryptographic representation of a software layer of the memory system. The memory system and the server may use the device identifier to generate one or more asymmetric key pairs, which may be used by the server to authenticate the memory system.Type: ApplicationFiled: July 18, 2025Publication date: January 15, 2026Inventor: Lance W. Dover
-
Publication number: 20260016971Abstract: Methods, systems, and devices for authenticated modification of memory system data are described. A host system may transmit a command to program data to a protection region of a memory system, and the host system may sign the command using a key associated with the protection region. In some examples, the host system may transmit the data associated with the command, or the command may include instructions to move the data from another region of the memory system. Upon receiving the command, the memory system may verify the signature to determine whether the host is authorized to modify the protection region, and may program the data as requested by the host system. In some cases, the protection regions of the memory system may be updated, for example by adjusting the size or address range of the protection regions, in response to a command from the host system.Type: ApplicationFiled: July 18, 2025Publication date: January 15, 2026Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
-
Patent number: 12517788Abstract: Methods, systems, and devices for memory recovery partitions are described. A memory system may include a memory array configured with one or more logical partitions. In some examples, a primary boot image may be stored to a first logical partition and a recovery boot image may be stored to a second logical partition. During a boot operation, the memory system may determine whether the primary boot image includes one or more errors. If the primary boot image includes relatively few (or no) errors, the memory system may boot using the primary boot image. If the primary boot image includes a relatively high quantity of errors (e.g., higher than a threshold quantity of errors), the memory system may autonomously load a recovery boot image stored to the second logical partition.Type: GrantFiled: July 13, 2023Date of Patent: January 6, 2026Assignee: Micron Technology, Inc.Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
-
Patent number: 12506607Abstract: Methods, systems, and devices for memory system security and authentication using asymmetric keys are described. In some examples, host systems and memory systems may be configured to implement techniques for the generation and distribution of asymmetric keys, which may support evaluating the authenticity of interfacing systems (e.g., system identities) in connection with exchanged signaling, such as access commands, requests, data, or other signaling. Such techniques may include implementing asymmetric cryptographic security directly in a memory system. For example, a memory system may be configured to be cryptographically identified by a public asymmetric key, and authenticity of the memory system may be proven by signing a challenge using an asymmetric private key of the memory system. Further, a host system may be identified by signing signaling with its asymmetric private key, and the signature may be verified by a memory system using an asymmetric public key of the host system.Type: GrantFiled: May 12, 2022Date of Patent: December 23, 2025Assignee: Micron Technology, Inc.Inventor: Lance W. Dover
-
Publication number: 20250385789Abstract: A memory module includes one or more memory devices and a module logic chip. The module is coupled to a host which operates the memory devices. Certain features of the module may only be accessible once the module has authenticated with the host. For example, the module logic chip may perform asymmetric authentication with the host and the feature may be enabled only after successful authentication. In some embodiments, the module logic may additionally authenticate the memory devices. For example, the module logic chip may perform symmetric authentication on the memory devices after authentication with the host.Type: ApplicationFiled: December 5, 2024Publication date: December 18, 2025Applicant: Micron Technology, Inc.Inventors: Lance W. Dover, Matthew A. Prather, Sujeet Ayyapureddi
-
Patent number: 12499010Abstract: A storage device includes a memory storage region and a controller having a processor. The processor retrieves user data from the memory storage region using a physical block address corresponding to a logical block address (LBA), in response to a read command. The retrieved user data includes a first hash received through a host interface in a prior host data transmission. The processor further performs error correction on the user data to generate error-corrected user data. The processor further causes a cryptographic engine to produce a second hash of the error-corrected user data. The first hash is compared to the second hash associated with the error-corrected user data to determine a match result. A notification is generated in response to the match result.Type: GrantFiled: June 6, 2023Date of Patent: December 16, 2025Assignee: Micron Technology, Inc.Inventors: David Aaron Palmer, Nadav Grosz, Lance W. Dover, Yoav Weinberg
-
Publication number: 20250365137Abstract: An exemplary system includes a computing device configured to host a hypervisor. The hypervisor is configured to create a first container configured to host a first application and is allocated a first location of the plurality of locations of the memory and a second container configured to host a second application and is allocated a second location of the plurality of locations of the memory. During boot of the first container, the first container is configured to generate a cryptographic key that is based on a measurement or characteristic of process code of the first container, a configuration parameter of the first container, or any combination thereof. During boot of the second container, the second container is configured to generate a cryptographic key that is based on a measurement or characteristic of process code of the second container, a configuration parameter of the second container, or any combination thereof.Type: ApplicationFiled: May 8, 2025Publication date: November 27, 2025Applicant: Micron Technology, Inc.Inventors: Paul Lambert, Olivier Duval, Lance W. Dover
-
Publication number: 20250365157Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising receiving a request for an activation code database from a remote computing device, the request including at least one parameter, retrieving at least one pair based on the at least one parameter, the pair including a unique ID (UID) and secret key; generating an activation code for the UID; and returning the activation code to the remote computing device.Type: ApplicationFiled: August 1, 2025Publication date: November 27, 2025Inventor: Lance W. Dover
-
Patent number: 12481599Abstract: A security server to manage integrity of packages stored in an endpoint based on identity authentication implemented using security features of a memory device configured in the endpoint. For example, the security server validates identity data generated by the memory device based at least in part on a secret of the memory device. The server can extract, from the identity data, health information of a package stored in the endpoint and determined, based at least in part on the health information, whether or not to update or repair the package currently stored in the endpoint.Type: GrantFiled: September 24, 2021Date of Patent: November 25, 2025Assignee: Micron Technology, Inc.Inventors: Jeffrey Charles Shiner, Lance W. Dover, Olivier Duval
-
Patent number: 12468862Abstract: Methods, systems, and devices for partitioned cryptographic protection for a memory system are described. The method may include a host system generating a command to update a protection attribute of a first set of memory cells of the memory system, where the memory system includes multiple sets of memory cells, each set associated with a respective set of one or more first keys. The method may further include encrypting the command based on a second key corresponding to a first key within the respective set of one or more first keys, and transmitting, after encrypting the command, the command to the memory system to update the protection attribute of the first set of memory cells.Type: GrantFiled: July 13, 2023Date of Patent: November 11, 2025Assignee: Micron Technology, Inc.Inventor: Lance W. Dover
-
Publication number: 20250328280Abstract: Methods, systems, and devices for host verification for a memory device are described. A memory device may receive a first value from a host device that is associated with an identification of the host device after an event. The memory device may transmit a second value to the host device that is based on the first value and comprises a random set of bits. The memory device may receive from the host device data or a command that comprises an encrypted third value that is based at least in part on the second value and a secret shared between the host device and the memory device. The memory device may also enable a functionality of the memory device based on the encrypted third value.Type: ApplicationFiled: June 30, 2025Publication date: October 23, 2025Inventors: Aaron P. Boehm, Steffen Buch, Lance W. Dover
-
Patent number: 12432071Abstract: The application relates to a secure memory device. The secure memory device includes a controller configured to decode and execute commands issued by a host device; a cryptographic engine, the cryptographic engine configured to authenticate a subset of the commands, the subset of the commands each including a digital signature; and a first monotonic counter, the first monotonic counter being incremented after executing at least some of the subset of the commands, wherein a value of the first monotonic counter is used to generate the digital signature.Type: GrantFiled: July 6, 2021Date of Patent: September 30, 2025Assignee: Micron Technology, Inc.Inventor: Lance W. Dover
-
Publication number: 20250300823Abstract: Methods, systems, and devices for secure key generation using device identifiers are described. A memory system may use a hardware component, a software component, or both as an input to generate a device identifier. The memory system may apply one or more functions to the device identifier, such as a key derivation function, to generate a wrapping key. Additionally, the memory system may generate an asymmetric key pair using one or more second functions. In some cases, the memory system may use a randomly generated number as an input to the one or more second functions. The memory system may encrypt the asymmetric key pair using the wrapping key. In some examples, the memory system may generate a certificate using the encrypted asymmetric key pair, and may transmit the certificate to a host system to attest the identity of the memory system to the host system.Type: ApplicationFiled: March 20, 2025Publication date: September 25, 2025Inventors: Lance W. Dover, James Ruane
-
Patent number: 12417188Abstract: Methods, systems, and devices for authenticated reading of memory system data are described. In some examples, a host system and a memory system may exchange keys used to grant the host system access to one or more protected regions of the memory system. The keys may be symmetric or asymmetric. In some cases, the host system may transmit a read command to access data stored at a protected region of the memory system, along with a signature generated using the key associated with the protected region. The memory system may verify the signature to determine whether the host is authorized to access the protected region, and may transmit the requested data to the host system. In some examples, the memory system may sign the returned data, so that the host system may verify the source of the data.Type: GrantFiled: May 20, 2022Date of Patent: September 16, 2025Assignee: Micron Technology, Inc.Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
-
Patent number: 12393352Abstract: Methods, systems, and devices for authenticated modification of memory system data are described. A host system may transmit a command to program data to a protection region of a memory system, and the host system may sign the command using a key associated with the protection region. In some examples, the host system may transmit the data associated with the command, or the command may include instructions to move the data from another region of the memory system. Upon receiving the command, the memory system may verify the signature to determine whether the host is authorized to modify the protection region, and may program the data as requested by the host system. In some cases, the protection regions of the memory system may be updated, for example by adjusting the size or address range of the protection regions, in response to a command from the host system.Type: GrantFiled: May 20, 2022Date of Patent: August 19, 2025Assignee: Micron Technology, Inc.Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari