Patents by Inventor Matthew E. ORZEN

Matthew E. ORZEN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12665904
    Abstract: An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset. Responsive to authenticating the client, the application sends, to a second platform, a second request to determine whether the client has access to the secure data asset. Responsive to receiving an indication, from the second platform, that the client has access to the secure data asset, the application performs one or more operations to generate the secure data asset. The application sends, to the tester device, the generated secure data asset.
    Type: Grant
    Filed: October 18, 2022
    Date of Patent: June 23, 2026
    Assignee: Cryptography Research, Inc.
    Inventors: Sangeetha Chamaraj, Matthew E. Orzen, Denis Alexandrovich Pochuev
  • Publication number: 20260172268
    Abstract: Helper data and/or physically unclonable function (PUF) output data may be analyzed to determine which bits of the raw PUF output are stable. A first subset of the stable PUF output bits are selected (e.g., randomly) to generate a first stable PUF output value to be used as a first device unique value. To change the device unique value (a.k.a., digital fingerprint or fingerprint) of the integrated circuit generated by the PUF circuitry, new subsets (which may be generated off-chip) with different stable PUF output bits may be provided to the integrated circuit (i.e., provisioned) from time to time (e.g., with a new firmware/software update, after some arbitrary period of time—e.g., one year—etc.). Each new and different subset of stable bits used by the integrated circuit causes the integrated circuit to generate new, and different, device unique values.
    Type: Application
    Filed: December 8, 2025
    Publication date: June 18, 2026
    Inventors: Matthew E. ORZEN, Joel WITTENAUER
  • Publication number: 20260023863
    Abstract: A computing device receives a request to run an application. The application is associated with a security context. The computing device obtains one or more permissions associated with the security context and modifies the one or more permissions based on a state of the computing device. The application is run based on the modified one or more permissions.
    Type: Application
    Filed: April 19, 2024
    Publication date: January 22, 2026
    Inventors: Matthew E. Orzen, Joel Wittenauer
  • Publication number: 20250202721
    Abstract: A method for measuring discrete component properties to establish a printed circuit board (PCB) fingerprint includes determining a physical measurement of an electronic device of the PCB; comparing the determined physical measurement to a predefined range for the physical measurement of the electronic device; and responsive to the determined physical measurement being within the predefined range, generating a digital certificate. The digital certificate includes the determined physical measurement. The determined physical measurement is capable of being extracted from the digital certificate to verify whether the electronic device is authentic or is failing.
    Type: Application
    Filed: December 9, 2024
    Publication date: June 19, 2025
    Inventors: Joel Wittenauer, Matthew E. Orzen, Gilbert Goodwill
  • Patent number: 12323418
    Abstract: A first device transmits a first message to a second device as part of a challenge-response protocol in order to authenticate the second device. A power limited power supply coupled to the second device limits power consumption by the second device during the second device's challenge-response protocol calculations. The first device measures a response time of the second device during the challenge-response protocol. The authentication of the second device is based on the response time of the second device while it has limited power consumption.
    Type: Grant
    Filed: January 11, 2021
    Date of Patent: June 3, 2025
    Assignee: Cryptography Research, Inc.
    Inventors: Scott C. Best, Matthew E. Orzen
  • Publication number: 20250175344
    Abstract: A method for provisioning a device-bound, replay-protected software image may include obtaining, from a provisioning system, a software image and a digital signature associated with the software image. The method may include applying a hash function to the software image and a hash message authentication code (HMAC) to generate a hash of the software image. The HMAC may include an authentication code derived from first data provided by a root of trust (RoT). The first data may include a nonce generated by the RoT or system information associated with the RoT. The method may include verifying, using a public key of the provisioning system, the digital signature. The method may include, responsive to the verification of the digital signature, causing the software image to execute.
    Type: Application
    Filed: November 21, 2024
    Publication date: May 29, 2025
    Inventors: Joel Wittenauer, Matthew E. Orzen
  • Publication number: 20250023872
    Abstract: An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset. Responsive to authenticating the client, the application sends, to a second platform, a second request to determine whether the client has access to the secure data asset. Responsive to receiving an indication, from the second platform, that the client has access to the secure data asset, the application performs one or more operations to generate the secure data asset. The application sends, to the tester device, the generated secure data asset.
    Type: Application
    Filed: October 18, 2022
    Publication date: January 16, 2025
    Inventors: Sangeetha Chamaraj, Matthew E. Orzen, Denis Alexandrovich Pochuev
  • Publication number: 20240427921
    Abstract: A system receives, from a first provisioning entity, a request for first secure device data related to a semiconductor device. The first secure device data is associated with one or more provisioning operations performed, on the semiconductor device, by a second provisioning entity. Based on determining that the first provisioning entity has permission to access the first secure device data, the first secure device data is provided to the first provisioning entity. Second secure device data associated with one or more provisioning operations performed by the first provisioning entity on the semiconductor device is received from the first provisioning entity.
    Type: Application
    Filed: June 11, 2024
    Publication date: December 26, 2024
    Inventors: Matthew E. Orzen, Joel Wittenauer
  • Publication number: 20240364536
    Abstract: A first device receives, from a second device, a request to provision a security context for the second device. The first device transmits a nonce value to the second device and receives, from the second device, a data structure encoding the security context and a cryptographically signed digest of a combination of the data structure, the nonce value, and a public key. The first device determines a first digest using the nonce value and cryptographically signed digest, and a second digest using the data structure, the nonce value, and the public key. Responsive to determining that the first digest matches the second digest, the first device provisions the security context for the second device by storing the security context on the volatile memory.
    Type: Application
    Filed: April 22, 2024
    Publication date: October 31, 2024
    Inventors: Joel Wittenauer, Matthew E. Orzen
  • Publication number: 20240179006
    Abstract: A first platform receives a request to generate a verification package for restoring a backup image at a second platform. The first platform generates a first data asset. The first platform generates a second data asset based on the first data asset and an asset list associated with the backup image. The first platform generates a third data asset based on the asset list. The first platform sends a response that includes the verification package comprising the first data asset, the second data asset, and the third data asset.
    Type: Application
    Filed: November 27, 2023
    Publication date: May 30, 2024
    Inventor: Matthew E. Orzen
  • Publication number: 20230047564
    Abstract: A first device transmits a first message to a second device as part of a challenge-response protocol in order to authenticate the second device. A power limited power supply coupled to the second device limits power consumption by the second device during the second device's challenge-response protocol calculations. The first device measures a response time of the second device during the challenge-response protocol. The authentication of the second device is based on the response time of the second device while it has limited power consumption.
    Type: Application
    Filed: January 11, 2021
    Publication date: February 16, 2023
    Inventors: Scott C. BEST, Matthew E. ORZEN