Patents by Inventor Michael H. M. Bursell
Michael H. M. Bursell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11593493Abstract: Providing smart contracts including secrets encrypted with oracle-provided encryption keys is disclosed. In one example, a contract creator encrypts sensitive data necessary for executing a smart contract into ciphertext using a symmetric cryptographic key K, and also encrypts the symmetric cryptographic key K into a wrapper using a public cryptographic key e of a contract executor. The contract creator then generates an envelope using a public cryptographic key o of a contract oracle, where the envelope includes the wrapper encrypted using the public cryptographic key o and a policy that includes condition(s) precedent and is digitally authenticated. The smart contract, including the envelope and the ciphertext, is deployed to the contract executor. The sensitive data thus may be provided within the smart contract itself, while being protected from unauthorized access in the event the smart contract is malicious or is compromised.Type: GrantFiled: January 18, 2019Date of Patent: February 28, 2023Assignee: Red Hat, Inc.Inventors: Michael H. M. Bursell, Axel Simon, Nathaniel McCallum
-
Patent number: 11507666Abstract: Trusted execution environment verification of a software package. An operating system (OS) initiates a software package verification process in a trusted execution environment, the OS being part of an OS environment comprising a file system. It is determined that a first software package in a software repository is to be installed into the OS environment. The first software package is downloaded to a storage device. The OS sends, to the software package verification process, first location information that identifies a location of the first software package. The OS receives, from the software package verification process, information that indicates that the first software package on the storage device is trusted.Type: GrantFiled: August 27, 2019Date of Patent: November 22, 2022Assignee: Red Hat, Inc.Inventor: Michael H. M. Bursell
-
Patent number: 11451380Abstract: Message decryption dependent on third-party confirmation of a condition precedent is disclosed. A message is encrypted with a message encryption key to form an encrypted message. A message decryption key that is configured to decrypt the encrypted message is encrypted with a key of a first entity to which the message is to be disclosed upon occurrence of a condition precedent to form an encrypted message decryption key. The encrypted message decryption key is encrypted with a key of a second entity configured to confirm the occurrence of the condition precedent to form a double encrypted message decryption key. A condition identifier that identifies the condition precedent is generated. The encrypted message, the double encrypted message decryption key, and the condition identifier are sent to the first entity.Type: GrantFiled: July 12, 2019Date of Patent: September 20, 2022Assignee: Red Hat, Inc.Inventors: Michael H. M. Bursell, Nathaniel P. McCallum
-
Publication number: 20220182409Abstract: Concealed monitor communications from a task in a trusted execution environment (TEE) are disclosed. A first task executing in a first trusted execution environment (TEE) implemented on a processor device determines that a monitor communication is to be sent to a monitor task, the first task being configured to generate response messages in response to requests from requestor tasks, the response messages having a predetermined characteristic. The first task generates the monitor communication, the monitor communication having the predetermined characteristic and an encoded monitor communication report. The first task sends the monitor communication toward the monitor task.Type: ApplicationFiled: February 28, 2022Publication date: June 9, 2022Inventor: Michael H. M. Bursell
-
Patent number: 11341247Abstract: Use of a trusted execution environment (TEE) as a safe build environment. A build task is initiated in a TEE of a compute instance. The build task generates a first software component.Type: GrantFiled: August 27, 2019Date of Patent: May 24, 2022Assignee: Red Hat, Inc.Inventor: Michael H. M. Bursell
-
Patent number: 11316660Abstract: Encrypted multi-stage smart contracts are disclosed. A smart contract that is to be performed by a contract executor in a plurality of successive stages is generated. For each respective stage of at least some stages, a package of data is encrypted with at least one key to generate an encrypted package that corresponds to the respective stage, and an envelope that corresponds to the respective stage is generated. The envelope includes a condition precedent confirmable by an oracle, and an encrypted package-decryption key that is encrypted with a key of the contract executor. The encrypted package-decryption key, when decrypted, is configured to facilitate the decryption of the encrypted package that corresponds to the respective stage. For at least some of the stages, the encrypted package comprises an envelope and an encrypted package that corresponds to a next successive stage.Type: GrantFiled: February 21, 2019Date of Patent: April 26, 2022Assignee: Red Hat, Inc.Inventors: Axel Simon, Michael H. M. Bursell
-
Patent number: 11295024Abstract: Providing smart contracts including secrets encrypted with oracle-provided encryption keys using thresholding cryptosystems is disclosed. In one example, a contract creator encrypts sensitive data necessary for executing a smart contract into ciphertext with multiple symmetric cryptographic keys using a threshold cryptosystem, such that a subset of at least size R of the symmetric cryptographic keys are required to decrypt the ciphertext. The symmetric cryptographic keys are encrypted into wrappers using a public cryptographic key of a contract executor. Envelopes are generated using public cryptographic keys of corresponding contract oracles, where the envelopes include the wrappers encrypted using the public cryptographic keys, and policies that specify condition(s) precedent and are authenticated using the public cryptographic keys. The smart contract, including the envelopes, the ciphertext, and R, is then deployed to the contract executor.Type: GrantFiled: January 18, 2019Date of Patent: April 5, 2022Assignee: Red Hat, Inc.Inventors: Michael H. M. Bursell, Axel Simon, Nathaniel McCallum
-
Patent number: 11297100Abstract: Concealed monitor communications from a task in a trusted execution environment (TEE) are disclosed. A first task executing in a first trusted execution environment (TEE) implemented on a processor device determines that a monitor communication is to be sent to a monitor task, the first task being configured to generate response messages in response to requests from requestor tasks, the response messages having a predetermined characteristic. The first task generates the monitor communication, the monitor communication having the predetermined characteristic and an encoded monitor communication report. The first task sends the monitor communication toward the monitor task.Type: GrantFiled: January 14, 2019Date of Patent: April 5, 2022Assignee: Red Hat, Inc.Inventor: Michael H. M. Bursell
-
Patent number: 11263318Abstract: Monitoring a process in a trusted execution environment (TEE) to identify a resource starvation attack. A first monitor executing outside of a first TEE determines that a first process is executing in the first TEE. The first monitor makes a determination that the first process is being denied resources necessary for execution of the first process. The first monitor sends an indication indicating that the first process is being denied resources necessary for execution of the first process.Type: GrantFiled: November 5, 2018Date of Patent: March 1, 2022Assignee: Red Hat, Inc.Inventor: Michael H. M. Bursell
-
Publication number: 20210064754Abstract: Trusted execution environment verification of a software package. An operating system (OS) initiates a software package verification process in a trusted execution environment, the OS being part of an OS environment comprising a file system. It is determined that a first software package in a software repository is to be installed into the OS environment. The first software package is downloaded to a storage device. The OS sends, to the software package verification process, first location information that identifies a location of the first software package. The OS receives, from the software package verification process, information that indicates that the first software package on the storage device is trusted.Type: ApplicationFiled: August 27, 2019Publication date: March 4, 2021Inventor: Michael H. M. Bursell
-
Publication number: 20210064755Abstract: Use of a trusted execution environment (TEE) as a safe build environment. A build task is initiated in a TEE of a compute instance. The build task generates a first software component.Type: ApplicationFiled: August 27, 2019Publication date: March 4, 2021Inventor: Michael H. M. Bursell
-
Publication number: 20210014044Abstract: Message decryption dependent on third-party confirmation of a condition precedent is disclosed. A message is encrypted with a message encryption key to form an encrypted message. A message decryption key that is configured to decrypt the encrypted message is encrypted with a key of a first entity to which the message is to be disclosed upon occurrence of a condition precedent to form an encrypted message decryption key. The encrypted message decryption key is encrypted with a key of a second entity configured to confirm the occurrence of the condition precedent to form a double encrypted message decryption key. A condition identifier that identifies the condition precedent is generated. The encrypted message, the double encrypted message decryption key, and the condition identifier are sent to the first entity.Type: ApplicationFiled: July 12, 2019Publication date: January 14, 2021Inventors: Michael H. M. Bursell, Nathaniel P. McCallum
-
Publication number: 20200274692Abstract: Encrypted multi-stage smart contracts are disclosed. A smart contract that is to be performed by a contract executor in a plurality of successive stages is generated. For each respective stage of at least some stages, a package of data is encrypted with at least one key to generate an encrypted package that corresponds to the respective stage, and an envelope that corresponds to the respective stage is generated. The envelope includes a condition precedent confirmable by an oracle, and an encrypted package-decryption key that is encrypted with a key of the contract executor. The encrypted package-decryption key, when decrypted, is configured to facilitate the decryption of the encrypted package that corresponds to the respective stage. For at least some of the stages, the encrypted package comprises an envelope and an encrypted package that corresponds to a next successive stage.Type: ApplicationFiled: February 21, 2019Publication date: August 27, 2020Inventors: Axel Simon, Michael H. M. Bursell
-
Publication number: 20200233966Abstract: Providing smart contracts including secrets encrypted with oracle-provided encryption keys using thresholding cryptosystems is disclosed. In one example, a contract creator encrypts sensitive data necessary for executing a smart contract into ciphertext with multiple symmetric cryptographic keys using a threshold cryptosystem, such that a subset of at least size R of the symmetric cryptographic keys are required to decrypt the ciphertext. The symmetric cryptographic keys are encrypted into wrappers using a public cryptographic key of a contract executor. Envelopes are generated using public cryptographic keys of corresponding contract oracles, where the envelopes include the wrappers encrypted using the public cryptographic keys, and policies that specify condition(s) precedent and are authenticated using the public cryptographic keys. The smart contract, including the envelopes, the ciphertext, and R, is then deployed to the contract executor.Type: ApplicationFiled: January 18, 2019Publication date: July 23, 2020Inventors: Michael H. M. Bursell, Axel Simon, Nathaniel McCallum
-
Publication number: 20200234294Abstract: Providing smart contracts including secrets encrypted with oracle-provided encryption keys is disclosed. In one example, a contract creator encrypts sensitive data necessary for executing a smart contract into ciphertext using a symmetric cryptographic key K, and also encrypts the symmetric cryptographic key K into a wrapper using a public cryptographic key e of a contract executor. The contract creator then generates an envelope using a public cryptographic key o of a contract oracle, where the envelope includes the wrapper encrypted using the public cryptographic key o and a policy that includes condition(s) precedent and is digitally authenticated. The smart contract, including the envelope and the ciphertext, is deployed to the contract executor. The sensitive data thus may be provided within the smart contract itself, while being protected from unauthorized access in the event the smart contract is malicious or is compromised.Type: ApplicationFiled: January 18, 2019Publication date: July 23, 2020Inventors: Michael H. M. Bursell, Axel Simon, Nathaniel McCallum
-
Publication number: 20200228568Abstract: Concealed monitor communications from a task in a trusted execution environment (TEE) are disclosed. A first task executing in a first trusted execution environment (TEE) implemented on a processor device determines that a monitor communication is to be sent to a monitor task, the first task being configured to generate response messages in response to requests from requestor tasks, the response messages having a predetermined characteristic. The first task generates the monitor communication, the monitor communication having the predetermined characteristic and an encoded monitor communication report. The first task sends the monitor communication toward the monitor task.Type: ApplicationFiled: January 14, 2019Publication date: July 16, 2020Inventor: Michael H. M. Bursell
-
Publication number: 20200143044Abstract: Monitoring a process in a trusted execution environment (TEE) to identify a resource starvation attack. A first monitor executing outside of a first TEE determines that a first process is executing in the first TEE. The first monitor makes a determination that the first process is being denied resources necessary for execution of the first process. The first monitor sends an indication indicating that the first process is being denied resources necessary for execution of the first process.Type: ApplicationFiled: November 5, 2018Publication date: May 7, 2020Inventor: Michael H. M. Bursell