Patents by Inventor Olivier Jean Benoit

Olivier Jean Benoit has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9760737
    Abstract: Techniques for protecting data in a processor are provided. An example method according to these techniques includes performing one or more operations on encrypted data using one or more functional units of a data path of the processor to generate an encrypted result. Performing the one or more operations includes: receiving at least one encrypted parameter pair at a functional unit, each encrypted parameter pair comprising an encrypted parameter value and a challenge value associated with the encrypted parameter value, the encrypted parameter being encrypted using a homomorphic encryption technique, the challenge value being used to recover a key used to encrypt the encrypted parameter value, and performing a mathematical computation on the at least one encrypted parameter. The method also includes outputting the encrypted result.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: September 12, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Rosario Cammarota, Olivier Jean Benoit
  • Patent number: 9749134
    Abstract: A system comprises an access point and a client device. The access point receives, using near field communication (NFC) technology, a public key associated with the client device and sends, using NFC technology, a public key associated with the access point. The access point further encrypts configuration data associated with a network and sends the encrypted configuration data to the client device. The client device receives, using NFC technology, a command indicating that a public key associated with the client device is to be sent to the access point and sends, using NFC technology, the public key to the access point. The client device further receives, using NFC technology, a public key associated with the access point and configures the client device to wirelessly connect to a network associated with the access point.
    Type: Grant
    Filed: June 18, 2014
    Date of Patent: August 29, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Aram Perez, Olivier Jean Benoit
  • Patent number: 9735953
    Abstract: A distributed technique for implementing a cryptographic process performs operations in parallel on both valid and irrelevant data to prevent differentiation of the operations based on an encryption key content. A control entity switches or points valid data to appropriate CPU(s) that are responsible for operations such as squaring or multiplying. Irrelevant data is also switched or pointed to appropriate CPU(s) that execute operations in parallel with the CPU(s) operating on the valid data. The distributed technique contributes to obscuring side channel analysis phenomena from observation, such that cryptographic operations cannot easily be tied to the content of the encryption key.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: August 15, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, Rosario Cammarota
  • Patent number: 9706397
    Abstract: An apparatus and method for configuring a wireless station for use within a wireless local area network are disclosed. In at least one exemplary embodiment, a pairwise master key is generated by the wireless station and an access point within the wireless local area network. The pairwise master key may be based, at least in part, on a transient identity key pair of the wireless station. The transient identity key pair may be generated by the wireless station in response to receiving a message from the access point. In some embodiments, a public transient identity key of the transient identity key pair may be provided to additional access points to enable the wireless station to authenticate with the additional access points.
    Type: Grant
    Filed: March 9, 2016
    Date of Patent: July 11, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Patent number: 9654972
    Abstract: Techniques are described for securely provisioning a client device. A client device may output first client information over a secure interface to a trusted device to be transmitted to an authentication server. Second client information related to the first client information may be transmitted to the authentication server. The authentication server may link the second client information and the first client information. The client device may receive an encrypted authentication credential from the authentication server. The authentication credential may be encrypted based at least in part on the first client information or the second client information. The client device may decrypt the encrypted authentication credential using the first client information, the second client information, or a shared secret key.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: May 16, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Publication number: 20170134390
    Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.
    Type: Application
    Filed: January 13, 2017
    Publication date: May 11, 2017
    Inventors: Michael J.T. CHAN, Lu XIAO, Rosario CAMMAROTA, Olivier Jean BENOIT, Saurabh SABNIS, Yin Ling LIONG, Manish MOHAN
  • Patent number: 9621549
    Abstract: An integrated circuit may comprise a secure volatile memory configured to store first data-validity information associated with first data stored in an external nonvolatile memory; and a secure processor configured to: retrieve the first data-validity information from a secure remote server over a secure communication channel, wherein the secure processor uses mutual authentication with the secure remote server to secure the secure communication channel; store the first data-validity information in the secure volatile memory; retrieve the first data from the external nonvolatile memory; obtain second data-validity information associated with the first data; compare the first data-validity information stored in the secure volatile memory with the second data-validity information to generate a comparison value; and determine, based on the comparison value, whether the first data is valid.
    Type: Grant
    Filed: July 25, 2014
    Date of Patent: April 11, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, Laurence Geoffrey Lundblade, Asaf Ashkenazi
  • Publication number: 20170083254
    Abstract: Methods and apparatus for updating a non-volatile random access memory (NV-RAM) are provided. An exemplary method includes storing original data, such as secure transaction data, in a non-volatile memory (NVM) region of the NV-RAM and copying the original data to a random access memory (RAM) region of the NV-RAM. The method also includes computing updated data from the original data, storing the updated data in the RAM region, validating an updated flag in the RAM region, copying the updated data to the NVM region, and invalidating the updated flag in the RAM region. The method can also include determining, after an interruption, a status of the updated flag and, if the status of the updated flag is valid, then copying the updated data to the NVM region and invalidating the updated flag. The updated flag can indicate completion of a specific update stage in a plurality of update stages.
    Type: Application
    Filed: September 19, 2015
    Publication date: March 23, 2017
    Inventors: Olivier Jean BENOIT, Seung Hyuk KANG
  • Publication number: 20170083355
    Abstract: Aspects of the disclosure are related to a method, apparatus, and system for dynamic register virtualization, comprising: detecting a subroutine call; generating a register virtualization mapping for the subroutine call; applying the register virtualization mapping to instructions within the subroutine call; detecting a return of the subroutine call; and stopping the register virtualization mapping for the subroutine call at the return of the subroutine call.
    Type: Application
    Filed: September 22, 2015
    Publication date: March 23, 2017
    Inventors: Olivier Jean Benoit, Rosario Cammarota
  • Publication number: 20160364582
    Abstract: Techniques for protecting data in a processor are provided. An example method according to these techniques includes performing one or more operations on encrypted data using one or more functional units of a data path of the processor to generate an encrypted result. Performing the one or more operations includes: receiving at least one encrypted parameter pair at a functional unit, each encrypted parameter pair comprising an encrypted parameter value and a challenge value associated with the encrypted parameter value, the encrypted parameter being encrypted using a homomorphic encryption technique, the challenge value being used to recover a key used to encrypt the encrypted parameter value, and performing a mathematical computation on the at least one encrypted parameter. The method also includes outputting the encrypted result.
    Type: Application
    Filed: June 12, 2015
    Publication date: December 15, 2016
    Inventors: Rosario CAMMAROTA, Olivier Jean BENOIT
  • Publication number: 20160366124
    Abstract: An apparatus and method for registering and configuring a wireless device for use within a wireless local area network (WLAN) are disclosed. In at least one exemplary embodiment, a registration authority may obtain a public key and connection attributes of the wireless device. The registration authority may be distinct from the wireless device and an access point of the WLAN. The registration authority may provide the public key and the connection attributes to a certification authority. The certification authority, distinct from the registration authority, may certify the public key and generate a certificate for the wireless device. The certificate may authenticate the wireless device with access points or other wireless devices. In some embodiments, a certification revocation list may be generated to identify the certificates that may have expired or are otherwise invalid. The certification revocation list may permit or deny access of a wireless device to the WLAN.
    Type: Application
    Filed: March 3, 2016
    Publication date: December 15, 2016
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Publication number: 20160364573
    Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.
    Type: Application
    Filed: June 11, 2015
    Publication date: December 15, 2016
    Inventors: Michael J.T. CHAN, Lu XIAO, Rosario CAMMAROTA, Olivier Jean BENOIT, Saurabh SABNIS, Yin Ling LIONG, Manish MOHAN
  • Publication number: 20160364583
    Abstract: Techniques for encrypting the data in the memory of a computing device are provided. An example method for protecting data in a memory according to the disclosure includes encrypting data associated with a store request using a memory encryption device of the processor to produce encrypted data. Encrypting the data includes: obtaining a challenge value, providing the challenge value to a physically unclonable function module to obtain a response value, and encrypting the data associated with the store request using the response value as an encryption key to generate the encrypted data. The method also includes storing the encrypted data and the challenge value associated with the encrypted data in the memory.
    Type: Application
    Filed: June 12, 2015
    Publication date: December 15, 2016
    Inventors: Olivier Jean BENOIT, Rosario CAMMAROTA
  • Patent number: 9521642
    Abstract: A new enrollee device is configured for a communication network using an electronic device and a network registrar. The new enrollee device is a headless device that lacks a first user interface for configuring the new enrollee device for the communication network. The electronic device obtains, at a sensor, sensor information that is indicative of a device key associated with the new enrollee device. The electronic device determines the device key based on the sensor information. The device key is provided to the network registrar to cause the network registrar to configure the new enrollee device for the communication network.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: December 13, 2016
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap, Etan Gur Cohen, Anand Palanigounder
  • Publication number: 20160360404
    Abstract: An apparatus and method for configuring a wireless station for use within a wireless local area network are disclosed. In at least one exemplary embodiment, a pairwise master key is generated by the wireless station and an access point within the wireless local area network. The pairwise master key may be based, at least in part, on a transient identity key pair of the wireless station. The transient identity key pair may be generated by the wireless station in response to receiving a message from the access point. In some embodiments, a public transient identity key of the transient identity key pair may be provided to additional access points to enable the wireless station to authenticate with the additional access points.
    Type: Application
    Filed: March 9, 2016
    Publication date: December 8, 2016
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Publication number: 20160360407
    Abstract: A system and method for distributed storage and/or management of network credentials in a wireless network. A first device of the wireless network receives a set of network credentials from a first configurator. The network credentials may be used to authorize one or more devices to access the wireless network. The first device further receives a user authentication credential from a second device, and authenticates the second device as a second configurator for the wireless network based at least in part on the user authentication credential. Upon authenticating the second device as the second configurator, the first device may then transmit the set of network credentials to the second configurator.
    Type: Application
    Filed: April 12, 2016
    Publication date: December 8, 2016
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Publication number: 20160286390
    Abstract: An apparatus and method for configuring access points and wireless devices for use within a wireless local area network (WLAN) is disclosed. In at least one exemplary embodiment, a network manager may obtain the public keys of an access point and the wireless devices to be included in the WLAN. The network manager may generate and provide a public key list including the public keys of the wireless devices to the access point. The access point may establish communication links with the wireless devices corresponding to the public keys in the public key list. The network manager may generate a de-authorization list that includes the public keys of access points no longer authorized to operate within the WLAN. The de-authorization list may be distributed to wireless devices within the WLAN. The wireless devices may refuse connections to access points listed on the de-authorization list.
    Type: Application
    Filed: February 29, 2016
    Publication date: September 29, 2016
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Publication number: 20160269175
    Abstract: Various features pertain to cryptographic ciphers such as Advanced Encryption Standard (AES) block ciphers. In some examples described herein, a modified masked AES SubBytes procedure uses a static lookup table that is its own inverse in GF(22). The static lookup table facilitates computation of the multiplicative inverse during nonlinear substitution operations in GF(22) In an AES encryption example, the AES device combines plaintext with a round key to obtain combined data, then routes the combined data through an AES SubBytes substitution stage that employs the static lookup table and a dynamic table to perform a masked multiplicative inverse in GF(22) to obtain substituted data. The substituted data is then routed through additional cryptographic AES stages to generate ciphertext. The additional stages may include further SubBytes stages that also exploit the static and dynamic tables. Other examples employ either a static lookup table or a dynamic lookup table but not both.
    Type: Application
    Filed: March 9, 2015
    Publication date: September 15, 2016
    Inventors: Rosario Cammarota, Olivier Jean Benoit, Anand Palanigounder
  • Patent number: 9445443
    Abstract: Methods, systems, and devices are described for provisioning of devices, such as UEs, for service at a wireless network. One or more device parameters may be identified for use in provisioning the device on the wireless network, which may be provided to a network element. The network element may use the provided parameters to access a subscription server. The subscription server may provide verification and/or subscription parameters of the device that may then be used by the device to verify that the device is authorized to access the wireless network.
    Type: Grant
    Filed: September 17, 2014
    Date of Patent: September 13, 2016
    Assignee: QUALCOMM Incorporated
    Inventors: Gavin Bernard Horn, Anand Palanigounder, Olivier Jean Benoit
  • Publication number: 20160261403
    Abstract: A distributed technique for implementing a cryptographic process performs operations in parallel on both valid and irrelevant data to prevent differentiation of the operations based on an encryption key content. A control entity switches or points valid data to appropriate CPU(s) that are responsible for operations such as squaring or multiplying. Irrelevant data is also switched or pointed to appropriate CPU(s) that execute operations in parallel with the CPU(s) operating on the valid data. The distributed technique contributes to obscuring side channel analysis phenomena from observation, such that cryptographic operations cannot easily be tied to the content of the encryption key.
    Type: Application
    Filed: March 6, 2015
    Publication date: September 8, 2016
    Inventors: Olivier Jean BENOIT, Rosario CAMMAROTA