Patents by Inventor Lance W. Dover

Lance W. Dover has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20260161574
    Abstract: A security server to provide security services over a computer network based on security features of memory devices connected to host systems. For example, the security features of a memory device can include a unique device secret, a cryptographic engine, and an access controller to implement access privileges represented by cryptographic keys. After receiving identity data that is generated by the memory device and represented by a cryptographic key, the security server can determine authenticity of the memory device based on its copy of the unique device secret of the memory device. The security server can generate a verification code for a command and cause the command and the verification code to be communicated to the memory device, where the access controller of the memory device validates the verification code in determining whether to block execution of the command in the memory device.
    Type: Application
    Filed: April 16, 2025
    Publication date: June 11, 2026
    Inventors: Jeffrey Charles Shiner, Lance W. Dover, Olivier Duval
  • Patent number: 12650930
    Abstract: A security server to implement security operations during validation of the identity of an endpoint based on activity data of the endpoint. For example, a server system stores data representative of preferences for the endpoint. After receiving, a validation request containing identity data generated by a memory device configured in the endpoint, the server system can validate the identity data based at least in part on a secret of the memory device. If the identity data is valid, the server system can further determine whether an activity, as identified by the identity data and/or the validation request, satisfies a condition specified for the endpoint. If so, the server system can perform a security operation associated with the condition in providing a validation response in responding to the validation request.
    Type: Grant
    Filed: September 24, 2021
    Date of Patent: June 9, 2026
    Assignee: Micron Technology, Inc.
    Inventors: Jeffrey Charles Shiner, Lance W. Dover, Olivier Duval
  • Publication number: 20260119724
    Abstract: Methods, systems, and devices for partitioned cryptographic protection for a memory system are described. The method may include a host system generating a command to update a protection attribute of a first set of memory cells of the memory system, where the memory system includes multiple sets of memory cells, each set associated with a respective set of one or more first keys. The method may further include encrypting the command based on a second key corresponding to a first key within the respective set of one or more first keys, and transmitting, after encrypting the command, the command to the memory system to update the protection attribute of the first set of memory cells.
    Type: Application
    Filed: October 29, 2025
    Publication date: April 30, 2026
    Inventor: Lance W. Dover
  • Publication number: 20260088996
    Abstract: Methods, systems, and devices for memory system security and authentication using asymmetric keys are described. In some examples, host systems and memory systems may be configured to implement techniques for the generation and distribution of asymmetric keys, which may support evaluating the authenticity of interfacing systems (e.g., system identities) in connection with exchanged signaling, such as access commands, requests, data, or other signaling. Such techniques may include implementing asymmetric cryptographic security directly in a memory system. For example, a memory system may be configured to be cryptographically identified by a public asymmetric key, and authenticity of the memory system may be proven by signing a challenge using an asymmetric private key of the memory system. Further, a host system may be identified by signing signaling with its asymmetric private key, and the signature may be verified by a memory system using an asymmetric public key of the host system.
    Type: Application
    Filed: December 1, 2025
    Publication date: March 26, 2026
    Inventor: Lance W. Dover
  • Publication number: 20260064604
    Abstract: Methods, systems, and devices for authenticated reading of memory system data are described. In some examples, a host system and a memory system may exchange keys used to grant the host system access to one or more protected regions of the memory system. The keys may be symmetric or asymmetric. In some cases, the host system may transmit a read command to access data stored at a protected region of the memory system, along with a signature generated using the key associated with the protected region. The memory system may verify the signature to determine whether the host is authorized to access the protected region, and may transmit the requested data to the host system. In some examples, the memory system may sign the returned data, so that the host system may verify the source of the data.
    Type: Application
    Filed: September 3, 2025
    Publication date: March 5, 2026
    Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
  • Publication number: 20260019238
    Abstract: Methods, systems, and devices for techniques for generating a shared secret for an electronic system are described. A memory system may identify an initial key pair and exchange a public key of the key pair with a public key associated with a server. The memory system and the server may each generate a shared secret. In some cases, the memory system and the server may use the shared secret to generate a device identifier for the memory system, for example by incorporating the device identifier into a cryptographic representation of a software layer of the memory system. The memory system and the server may use the device identifier to generate one or more asymmetric key pairs, which may be used by the server to authenticate the memory system.
    Type: Application
    Filed: July 18, 2025
    Publication date: January 15, 2026
    Inventor: Lance W. Dover
  • Publication number: 20260016971
    Abstract: Methods, systems, and devices for authenticated modification of memory system data are described. A host system may transmit a command to program data to a protection region of a memory system, and the host system may sign the command using a key associated with the protection region. In some examples, the host system may transmit the data associated with the command, or the command may include instructions to move the data from another region of the memory system. Upon receiving the command, the memory system may verify the signature to determine whether the host is authorized to modify the protection region, and may program the data as requested by the host system. In some cases, the protection regions of the memory system may be updated, for example by adjusting the size or address range of the protection regions, in response to a command from the host system.
    Type: Application
    Filed: July 18, 2025
    Publication date: January 15, 2026
    Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
  • Patent number: 12517788
    Abstract: Methods, systems, and devices for memory recovery partitions are described. A memory system may include a memory array configured with one or more logical partitions. In some examples, a primary boot image may be stored to a first logical partition and a recovery boot image may be stored to a second logical partition. During a boot operation, the memory system may determine whether the primary boot image includes one or more errors. If the primary boot image includes relatively few (or no) errors, the memory system may boot using the primary boot image. If the primary boot image includes a relatively high quantity of errors (e.g., higher than a threshold quantity of errors), the memory system may autonomously load a recovery boot image stored to the second logical partition.
    Type: Grant
    Filed: July 13, 2023
    Date of Patent: January 6, 2026
    Assignee: Micron Technology, Inc.
    Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
  • Patent number: 12506607
    Abstract: Methods, systems, and devices for memory system security and authentication using asymmetric keys are described. In some examples, host systems and memory systems may be configured to implement techniques for the generation and distribution of asymmetric keys, which may support evaluating the authenticity of interfacing systems (e.g., system identities) in connection with exchanged signaling, such as access commands, requests, data, or other signaling. Such techniques may include implementing asymmetric cryptographic security directly in a memory system. For example, a memory system may be configured to be cryptographically identified by a public asymmetric key, and authenticity of the memory system may be proven by signing a challenge using an asymmetric private key of the memory system. Further, a host system may be identified by signing signaling with its asymmetric private key, and the signature may be verified by a memory system using an asymmetric public key of the host system.
    Type: Grant
    Filed: May 12, 2022
    Date of Patent: December 23, 2025
    Assignee: Micron Technology, Inc.
    Inventor: Lance W. Dover
  • Publication number: 20250385789
    Abstract: A memory module includes one or more memory devices and a module logic chip. The module is coupled to a host which operates the memory devices. Certain features of the module may only be accessible once the module has authenticated with the host. For example, the module logic chip may perform asymmetric authentication with the host and the feature may be enabled only after successful authentication. In some embodiments, the module logic may additionally authenticate the memory devices. For example, the module logic chip may perform symmetric authentication on the memory devices after authentication with the host.
    Type: Application
    Filed: December 5, 2024
    Publication date: December 18, 2025
    Applicant: Micron Technology, Inc.
    Inventors: Lance W. Dover, Matthew A. Prather, Sujeet Ayyapureddi
  • Patent number: 12499010
    Abstract: A storage device includes a memory storage region and a controller having a processor. The processor retrieves user data from the memory storage region using a physical block address corresponding to a logical block address (LBA), in response to a read command. The retrieved user data includes a first hash received through a host interface in a prior host data transmission. The processor further performs error correction on the user data to generate error-corrected user data. The processor further causes a cryptographic engine to produce a second hash of the error-corrected user data. The first hash is compared to the second hash associated with the error-corrected user data to determine a match result. A notification is generated in response to the match result.
    Type: Grant
    Filed: June 6, 2023
    Date of Patent: December 16, 2025
    Assignee: Micron Technology, Inc.
    Inventors: David Aaron Palmer, Nadav Grosz, Lance W. Dover, Yoav Weinberg
  • Publication number: 20250365137
    Abstract: An exemplary system includes a computing device configured to host a hypervisor. The hypervisor is configured to create a first container configured to host a first application and is allocated a first location of the plurality of locations of the memory and a second container configured to host a second application and is allocated a second location of the plurality of locations of the memory. During boot of the first container, the first container is configured to generate a cryptographic key that is based on a measurement or characteristic of process code of the first container, a configuration parameter of the first container, or any combination thereof. During boot of the second container, the second container is configured to generate a cryptographic key that is based on a measurement or characteristic of process code of the second container, a configuration parameter of the second container, or any combination thereof.
    Type: Application
    Filed: May 8, 2025
    Publication date: November 27, 2025
    Applicant: Micron Technology, Inc.
    Inventors: Paul Lambert, Olivier Duval, Lance W. Dover
  • Publication number: 20250365157
    Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising receiving a request for an activation code database from a remote computing device, the request including at least one parameter, retrieving at least one pair based on the at least one parameter, the pair including a unique ID (UID) and secret key; generating an activation code for the UID; and returning the activation code to the remote computing device.
    Type: Application
    Filed: August 1, 2025
    Publication date: November 27, 2025
    Inventor: Lance W. Dover
  • Patent number: 12481599
    Abstract: A security server to manage integrity of packages stored in an endpoint based on identity authentication implemented using security features of a memory device configured in the endpoint. For example, the security server validates identity data generated by the memory device based at least in part on a secret of the memory device. The server can extract, from the identity data, health information of a package stored in the endpoint and determined, based at least in part on the health information, whether or not to update or repair the package currently stored in the endpoint.
    Type: Grant
    Filed: September 24, 2021
    Date of Patent: November 25, 2025
    Assignee: Micron Technology, Inc.
    Inventors: Jeffrey Charles Shiner, Lance W. Dover, Olivier Duval
  • Patent number: 12468862
    Abstract: Methods, systems, and devices for partitioned cryptographic protection for a memory system are described. The method may include a host system generating a command to update a protection attribute of a first set of memory cells of the memory system, where the memory system includes multiple sets of memory cells, each set associated with a respective set of one or more first keys. The method may further include encrypting the command based on a second key corresponding to a first key within the respective set of one or more first keys, and transmitting, after encrypting the command, the command to the memory system to update the protection attribute of the first set of memory cells.
    Type: Grant
    Filed: July 13, 2023
    Date of Patent: November 11, 2025
    Assignee: Micron Technology, Inc.
    Inventor: Lance W. Dover
  • Publication number: 20250328280
    Abstract: Methods, systems, and devices for host verification for a memory device are described. A memory device may receive a first value from a host device that is associated with an identification of the host device after an event. The memory device may transmit a second value to the host device that is based on the first value and comprises a random set of bits. The memory device may receive from the host device data or a command that comprises an encrypted third value that is based at least in part on the second value and a secret shared between the host device and the memory device. The memory device may also enable a functionality of the memory device based on the encrypted third value.
    Type: Application
    Filed: June 30, 2025
    Publication date: October 23, 2025
    Inventors: Aaron P. Boehm, Steffen Buch, Lance W. Dover
  • Patent number: 12432071
    Abstract: The application relates to a secure memory device. The secure memory device includes a controller configured to decode and execute commands issued by a host device; a cryptographic engine, the cryptographic engine configured to authenticate a subset of the commands, the subset of the commands each including a digital signature; and a first monotonic counter, the first monotonic counter being incremented after executing at least some of the subset of the commands, wherein a value of the first monotonic counter is used to generate the digital signature.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: September 30, 2025
    Assignee: Micron Technology, Inc.
    Inventor: Lance W. Dover
  • Publication number: 20250300823
    Abstract: Methods, systems, and devices for secure key generation using device identifiers are described. A memory system may use a hardware component, a software component, or both as an input to generate a device identifier. The memory system may apply one or more functions to the device identifier, such as a key derivation function, to generate a wrapping key. Additionally, the memory system may generate an asymmetric key pair using one or more second functions. In some cases, the memory system may use a randomly generated number as an input to the one or more second functions. The memory system may encrypt the asymmetric key pair using the wrapping key. In some examples, the memory system may generate a certificate using the encrypted asymmetric key pair, and may transmit the certificate to a host system to attest the identity of the memory system to the host system.
    Type: Application
    Filed: March 20, 2025
    Publication date: September 25, 2025
    Inventors: Lance W. Dover, James Ruane
  • Patent number: 12417188
    Abstract: Methods, systems, and devices for authenticated reading of memory system data are described. In some examples, a host system and a memory system may exchange keys used to grant the host system access to one or more protected regions of the memory system. The keys may be symmetric or asymmetric. In some cases, the host system may transmit a read command to access data stored at a protected region of the memory system, along with a signature generated using the key associated with the protected region. The memory system may verify the signature to determine whether the host is authorized to access the protected region, and may transmit the requested data to the host system. In some examples, the memory system may sign the returned data, so that the host system may verify the source of the data.
    Type: Grant
    Filed: May 20, 2022
    Date of Patent: September 16, 2025
    Assignee: Micron Technology, Inc.
    Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari
  • Patent number: 12393352
    Abstract: Methods, systems, and devices for authenticated modification of memory system data are described. A host system may transmit a command to program data to a protection region of a memory system, and the host system may sign the command using a key associated with the protection region. In some examples, the host system may transmit the data associated with the command, or the command may include instructions to move the data from another region of the memory system. Upon receiving the command, the memory system may verify the signature to determine whether the host is authorized to modify the protection region, and may program the data as requested by the host system. In some cases, the protection regions of the memory system may be updated, for example by adjusting the size or address range of the protection regions, in response to a command from the host system.
    Type: Grant
    Filed: May 20, 2022
    Date of Patent: August 19, 2025
    Assignee: Micron Technology, Inc.
    Inventors: Lance W. Dover, Giuseppe Vito Portacci, Giuseppe Ferrari