Patents by Inventor Michal HOJSIK
Michal HOJSIK has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11792034Abstract: Systems for communicating over a network and between two or more network connected devices. In particular, the disclosure reveals systems which may utilize multicast communication protocols to facilitate secure communication among one or more network connected devices. A system for secured messaging may include a network system including a first server, a second server and a first node. Further, the first server is configured to authenticate the first node for secure multicast messaging, and the second server is configured to authenticate the first node for secure multicast messaging.Type: GrantFiled: May 18, 2022Date of Patent: October 17, 2023Assignee: HONEYWELL INTERNATIONAL INC.Inventors: Michal Hojsik, Lukas Pohanka, Harshal Haridas
-
Patent number: 11750580Abstract: A system, computer-readable storage medium, and method for secure network communication. A first device employs a first secret to establish a stream between the first and a second device. A third key, first ciphertext based on a first key, and hash of the first key are received from the second device by the first. A second key is applied to recover a second secret from the first ciphertext. The third key is encrypted to generate a second ciphertext including a third secret. Fourth and fifth keys are derived based on the first, second, and third secrets. A message authentication code is generated based on the fourth and third keys, first ciphertext, hash of the first key, and second ciphertext. The second ciphertext and message authentication code are transmitted by the first to the second device, and the fifth key is employed by the first device to modify the stream.Type: GrantFiled: February 3, 2022Date of Patent: September 5, 2023Assignee: Avast Software s.r.o.Inventors: Christopher Joseph O'Connell, Barna Csukas, Gabor Miklos, Vitalii Sydorovych, Rui Santos, Michal Hojsík
-
Publication number: 20230247010Abstract: A system, computer-readable storage medium, and method for secure network communication. A first device employs a first secret to establish a stream between the first and a second device. A third key, first ciphertext based on a first key, and hash of the first key are received from the second device by the first. A second key is applied to recover a second secret from the first ciphertext. The third key is encrypted to generate a second ciphertext including a third secret. Fourth and fifth keys are derived based on the first, second, and third secrets. A message authentication code is generated based on the fourth and third keys, first ciphertext, hash of the first key, and second ciphertext. The second ciphertext and message authentication code are transmitted by the first to the second device, and the fifth key is employed by the first device to modify the stream.Type: ApplicationFiled: February 3, 2022Publication date: August 3, 2023Applicant: Avast Software s.r.o.Inventors: Christopher Joseph O’Connell, Barna Csukas, Gabor Miklos, Vitalii Sydorovych, Rui Santos, Michal Hojsík
-
Publication number: 20220278862Abstract: Systems for communicating over a network and between two or more network connected devices. In particular, the disclosure reveals systems which may utilize multicast communication protocols to facilitate secure communication among one or more network connected devices. A system for secured messaging may include a network system including a first server, a second server and a first node. Further, the first server is configured to authenticate the first node for secure multicast messaging, and the second server is configured to authenticate the first node for secure multicast messaging.Type: ApplicationFiled: May 18, 2022Publication date: September 1, 2022Inventors: Michal Hojsik, Lukas Pohanka, Harshal Haridas
-
Patent number: 11385691Abstract: Systems for communicating over a network and between two or more network connected devices. In particular, the disclosure reveals systems which include a first node having a first node message sequence counter, a second node having a second node message sequence counter, and wherein the second node is configured to synchronize the first node message sequence counter based on the second node message sequence counter.Type: GrantFiled: January 30, 2020Date of Patent: July 12, 2022Assignee: HONEYWELL INTERNATIONAL INC.Inventors: Harshal Haridas, Lukas Pohanka, Michal Hojsik
-
Patent number: 11368325Abstract: Systems for communicating over a network and between two or more network connected devices. In particular, the disclosure reveals systems which may utilize multicast communication protocols to facilitate secure communication among one or more network connected devices. A system for secured messaging may include a network system including a first server, a second server and a first node. Further, the first server is configured to authenticate the first node for secure multicast messaging, and the second server is configured to authenticate the first node for secure multicast messaging.Type: GrantFiled: February 11, 2020Date of Patent: June 21, 2022Assignee: HONEYWELL INTERNATIONAL INC.Inventors: Michal Hojsik, Lukas Pohanka, Harshal Haridas
-
Publication number: 20210250193Abstract: Systems for communicating over a network and between two or more network connected devices. In particular, the disclosure reveals systems which may utilize multicast communication protocols to facilitate secure communication among one or more network connected devices. A system for secured messaging may include a network system including a first server, a second server and a first node. Further, the first server is configured to authenticate the first node for secure multicast messaging, and the second server is configured to authenticate the first node for secure multicast messaging.Type: ApplicationFiled: February 11, 2020Publication date: August 12, 2021Inventors: Michal Hojsik, Lukas Pohanka, Harshal Haridas
-
Publication number: 20210243166Abstract: Systems for communicating over a network and between two or more network connected devices. In particular, the disclosure reveals systems which include a first node having a first node message sequence counter, a second node having a second node message sequence counter, and wherein the second node is configured to synchronize the first node message sequence counter based on the second node message sequence counter.Type: ApplicationFiled: January 30, 2020Publication date: August 5, 2021Applicant: Honeywell International Inc.Inventors: Harshal Haridas, Lukas Pohanka, Michal Hojsik
-
Secure in-band upgrade using key revocation lists and certificate-less asymmetric tertiary key pairs
Patent number: 10855462Abstract: A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications. In addition, the method includes using an in-band channel to update or replace the first cryptographic key.Type: GrantFiled: June 5, 2017Date of Patent: December 1, 2020Assignee: Honeywell International Inc.Inventors: Harshal S. Haridas, Michal Hojsik, Jiri Findejs, Lukas Pohanka -
Patent number: 10749692Abstract: A method includes receiving, from a device, (i) a certificate request for a certification authority and (ii) a first digital certificate. The certificate request is digitally signed by the first device, and the first digital certificate is stored in the device. The method also includes verifying, at the certification authority, the first digital certificate using a second digital certificate of another certification authority. The method further includes verifying a digital signature of the certificate request using the first digital certificate. In addition, the method includes, after verifying the first digital certificate and the digital signature, transmitting a second digital certificate to the device.Type: GrantFiled: February 7, 2018Date of Patent: August 18, 2020Assignee: Honeywell International Inc.Inventors: Michal Hojsik, Lukas Pohanka, Harshal S. Haridas
-
Patent number: 10587421Abstract: A method includes verifying that firmware of a device is trusted and contains a root of trust. The method also includes verifying that a protected storage of the device contains a private or secret key associated with a device certificate that is stored in a persistent storage of the device. The method further includes verifying the device certificate of the device using the root of trust. In addition, the method includes, in response to verifying that the protected storage contains the private or secret key associated with the device certificate and verifying the device certificate, determining that the device is a genuine device. The root of trust could include a trusted certificate or a trusted public key.Type: GrantFiled: October 30, 2017Date of Patent: March 10, 2020Assignee: Honeywell International Inc.Inventors: Michal Hojsik, Harshal S. Haridas, Lukas Pohanka
-
Publication number: 20190052610Abstract: A method includes generating a first encryption key based on a first cryptographic operation performed by cryptographic circuitry and involving a cryptographic key securely stored in a memory of the cryptographic circuitry. The method also includes encrypting data to be protected using the first encryption key and storing the encrypted data on a persistent storage device external to the cryptographic circuitry. The method could also include retrieving the encrypted data from the persistent storage device. The method could further include generating a second encryption key based on a second cryptographic operation performed by the cryptographic circuitry and involving the cryptographic key, where the second encryption key matches the first encryption key. In addition, the method could include decrypting the encrypted data using the second encryption key.Type: ApplicationFiled: August 11, 2017Publication date: February 14, 2019Inventors: Lukas Pohanka, Michal Hojsik, Jiri Bazant
-
Publication number: 20180323977Abstract: A method includes receiving, from a device, (i) a certificate request for a certification authority and (ii) a first digital certificate. The certificate request is digitally signed by the first device, and the first digital certificate is stored in the device. The method also includes verifying, at the certification authority, the first digital certificate using a second digital certificate of another certification authority. The method further includes verifying a digital signature of the certificate request using the first digital certificate. In addition, the method includes, after verifying the first digital certificate and the digital signature, transmitting a second digital certificate to the device.Type: ApplicationFiled: February 7, 2018Publication date: November 8, 2018Inventors: Michal Hojsik, Lukas Pohanka, Harshal S. Haridas
-
Patent number: 10038552Abstract: An apparatus includes a first distributed control system (DCS) node. The first DCS includes at least one interface configured to communicate, over a network, with a second DCS node. The first DCS node also includes at least one processing device. The processing device is configured to exchange a security association policy with the second DCS node. The processing device is also configured to exchange public keys with the second DCS node using the security association policy. The processing device is also configured to send a public key of the second DCS node to a field programmable gate array of the first DCS node. The processing device is also configured to receive a shared secret from the field programmable gate array. The processing device is also configured to generate a hash of a message using the shared secret.Type: GrantFiled: November 30, 2015Date of Patent: July 31, 2018Assignee: Honeywell International Inc.Inventors: Harshal S. Haridas, Alexander Chernoguzov, Michal Hojsik, Stanley Gorzelic, Mukunda Gudi
-
Publication number: 20180198628Abstract: A method includes verifying that firmware of a device is trusted and contains a root of trust. The method also includes verifying that a protected storage of the device contains a private or secret key associated with a device certificate that is stored in a persistent storage of the device. The method further includes verifying the device certificate of the device using the root of trust. In addition, the method includes, in response to verifying that the protected storage contains the private or secret key associated with the device certificate and verifying the device certificate, determining that the device is a genuine device. The root of trust could include a trusted certificate or a trusted public key.Type: ApplicationFiled: October 30, 2017Publication date: July 12, 2018Inventors: Michal Hojsik, Harshal S. Haridas, Lukas Pohanka
-
SECURE IN-BAND UPGRADE USING KEY REVOCATION LISTS AND CERTIFICATE-LESS ASYMMETRIC TERTIARY KEY PAIRS
Publication number: 20170359171Abstract: A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications. In addition, the method includes using an in-band channel to update or replace the first cryptographic key.Type: ApplicationFiled: June 5, 2017Publication date: December 14, 2017Inventors: Harshal S. Haridas, Michal Hojsik, Jiri Findejs, Lukas Pohanka -
Publication number: 20170155511Abstract: An apparatus includes a first distributed control system (DCS) node. The first DCS includes at least one interface configured to communicate, over a network, with a second DCS node. The first DCS node also includes at least one processing device. The processing device is configured to exchange a security association policy with the second DCS node. The processing device is also configured to exchange public keys with the second DCS node using the security association policy. The processing device is also configured to send a public key of the second DCS node to a field programmable gate array of the first DCS node. The processing device is also configured to receive a shared secret from the field programmable gate array. The processing device is also configured to generate a hash of a message using the shared secret.Type: ApplicationFiled: November 30, 2015Publication date: June 1, 2017Inventors: Harshal S. Haridas, Alexander Chernoguzov, Michal Hojsik, Stanley Gorzelic, Mukunda Gudi
-
Publication number: 20160337359Abstract: Devices, methods, and systems for securing a control system application layer protocol are described herein. One method includes receiving a request at a target device from a controlling device within a session between the controlling device and a target device, securing protocol-defined ALP functions by encapsulating one or more protocol-defined ALP functions within one or more user-defined ALP functions and adding at least authentication data, receiving a plurality of user-defined ALP functions on a target device on a computing device network, and determining whether a controlling device identity or a user of a controlling device is authorized to submit a particular ALP function with particular parameters on the target device.Type: ApplicationFiled: May 9, 2016Publication date: November 17, 2016Inventors: Michal HOJSIK, Radomir SVOBODA