Patents by Inventor Michael A. Hamburg
Michael A. Hamburg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11895109Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: GrantFiled: April 15, 2022Date of Patent: February 6, 2024Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Publication number: 20230353343Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: ApplicationFiled: May 26, 2023Publication date: November 2, 2023Inventors: Michael A. Hamburg, Megan Anneke Wachs
-
Patent number: 11777926Abstract: The embodiments described herein describe technologies to address initial establishment of device credentials in an Internet of Things (IoT) infrastructure. The embodiments are directed to unifying secure credential establishment regardless of the endpoint type, thus addressing the challenge of a great diversity among IoT devices. This approach is designed to address a challenge of initial trusted enrollment of the IoT endpoints into a secure infrastructure, which allows secure communications between the devices in the IoT environment.Type: GrantFiled: June 14, 2018Date of Patent: October 3, 2023Assignee: Cryptography Research, Inc.Inventors: Denis Alexandrovich Pochuev, Michael A. Hamburg, Pankaj Rohatgi, Amit Kapoor, Joel Patrick Wittenauer
-
Patent number: 11664970Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: GrantFiled: May 3, 2021Date of Patent: May 30, 2023Assignee: Cryptography Research, Inc.Inventors: Michael A. Hamburg, Megan Anneke Wachs
-
Publication number: 20220405404Abstract: Systems and methods for protecting cryptographic keys stored in a non-volatile memory. An example method may comprise: storing a device root key in a non-volatile memory; storing a volatile key in a volatile memory; storing a masked cryptographic key in the non-volatile memory, wherein the masked cryptographic key is produced by combining a cryptographic key and the device root key; storing a masked device root key in the non-volatile memory, wherein the masked root key is produced by combining the device root key and the volatile key; and erasing the device root key from the non-volatile memory.Type: ApplicationFiled: June 30, 2022Publication date: December 22, 2022Inventors: Mark Evan MARSON, Michael A. HAMBURG
-
Publication number: 20220329587Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: ApplicationFiled: April 15, 2022Publication date: October 13, 2022Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 11416625Abstract: Systems and methods for protecting cryptographic keys stored in a non-volatile memory. An example method may comprise: storing a device root key in a non-volatile memory; storing a volatile key in a volatile memory; storing a masked cryptographic key in the non-volatile memory, wherein the masked cryptographic key is produced by combining a cryptographic key and the device root key; storing a masked device root key in the non-volatile memory, wherein the masked root key is produced by combining the device root key and the volatile key; and erasing the device root key from the non-volatile memory.Type: GrantFiled: January 30, 2019Date of Patent: August 16, 2022Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventors: Mark Evan Marson, Michael A. Hamburg
-
Patent number: 11310227Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: GrantFiled: February 28, 2020Date of Patent: April 19, 2022Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Publication number: 20210359833Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: ApplicationFiled: May 3, 2021Publication date: November 18, 2021Inventors: Michael A. Hamburg, Megan Anneke Wachs
-
Patent number: 10999057Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: GrantFiled: December 20, 2019Date of Patent: May 4, 2021Assignee: Cryptography Research, Inc.Inventors: Michael A. Hamburg, Megan Anneke Wachs
-
Publication number: 20210081547Abstract: Systems and methods for protecting cryptographic keys stored in a non-volatile memory. An example method may comprise: storing a device root key in a non-volatile memory; storing a volatile key in a volatile memory; storing a masked cryptographic key in the non-volatile memory, wherein the masked cryptographic key is produced by combining a cryptographic key and the device root key; storing a masked device root key in the non-volatile memory, wherein the masked root key is produced by combining the device root key and the volatile key; and erasing the device root key from the non-volatile memory.Type: ApplicationFiled: January 30, 2019Publication date: March 18, 2021Inventors: Mark Evan MARSON, Michael A. HAMBURG
-
Publication number: 20200267142Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: ApplicationFiled: February 28, 2020Publication date: August 20, 2020Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Publication number: 20200220709Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: ApplicationFiled: December 20, 2019Publication date: July 9, 2020Inventors: Michael A. Hamburg, Megan Anneke Wachs
-
Publication number: 20200145409Abstract: The embodiments described herein describe technologies to address initial establishment of device credentials in an Internet of Things (IoT) infrastructure. The embodiments are directed to unifying secure credential establishment regardless of the endpoint type, thus addressing the challenge of a great diversity among IoT devices. This approach is designed to address a challenge of initial trusted enrollment of the IoT endpoints into a secure infrastructure, which allows secure communications between the devices in the IoT environment.Type: ApplicationFiled: June 14, 2018Publication date: May 7, 2020Inventors: Denis Alexandrovich POCHUEV, Michael A. HAMBURG, Pankaj ROHATGI, Amit KAPOOR, Joel Patrick WITTENAUER
-
Patent number: 10581838Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: GrantFiled: June 11, 2018Date of Patent: March 3, 2020Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 10523418Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: GrantFiled: May 23, 2017Date of Patent: December 31, 2019Assignee: Cryptography Research, Inc.Inventors: Michael A. Hamburg, Megan Anneke Wachs
-
Publication number: 20180295127Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: ApplicationFiled: June 11, 2018Publication date: October 11, 2018Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 10015164Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.Type: GrantFiled: November 6, 2014Date of Patent: July 3, 2018Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 9923890Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.Type: GrantFiled: November 6, 2014Date of Patent: March 20, 2018Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Publication number: 20170353318Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: ApplicationFiled: May 23, 2017Publication date: December 7, 2017Inventors: Michael A. Hamburg, Megan Anneke Wachs