Patents by Inventor Piotr Zmijewski

Piotr Zmijewski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220108008
    Abstract: A method comprises issuing a challenge to a target computing device, receiving, from the target computing device, a response to the challenge, the response comprising a self-attestation proof, a root of trust (RoT) certificate, and a set of current attestation measurements, and generating a signal indicative of a security status of the target based upon a determination of whether the set of current attestation measurements match a set of expected attestation measurements for the target computing device.
    Type: Application
    Filed: December 15, 2021
    Publication date: April 7, 2022
    Applicant: Intel Corporation
    Inventors: Mateusz Bronk, Arkadiusz Berent, Piotr Zmijewski
  • Publication number: 20220108005
    Abstract: A method comprises generating, during a software build process conducted in a trusted build environment, a trusted log comprising a plurality of records of actions performed during the software build process and a plurality of identifiers of tools used to perform the actions, aggregating the plurality of records of actions and the plurality of identifiers into a build certificate file, generating a digital signature to be applied to the build certificate, and publishing the build certificate in association with one or more build artifacts generated by the software build process.
    Type: Application
    Filed: December 15, 2021
    Publication date: April 7, 2022
    Applicant: Intel Corporation
    Inventors: Piotr Zmijewski, Arkadiusz Berent, Mateusz Bronk
  • Publication number: 20220104025
    Abstract: A method comprises discovering, in a controller device, one or more target devices that are in a pairing mode, generating, in the controller device, a first signal comprising a pattern, transmitting, from the controller device to a first remote device, the first signal comprising the pattern, receiving, in the controller device, a second signal from a second remote device, the second signal comprising a authentication code, and authenticating the one or more target devices when the first authentication signal and the second authentication signal match.
    Type: Application
    Filed: December 9, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Arkadiusz Berent, Mateusz Bronk, Piotr Zmijewski, Krystian Matusiewicz
  • Publication number: 20220103365
    Abstract: A method comprises generating an original digital content, generating a first set of rules pertaining to permissible changes to the original digital content, generating a cryptographically signed certificate comprising the first set of rules and a hash of the original digital content, and publishing the original digital content and the associated cryptographically signed certificate.
    Type: Application
    Filed: December 12, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Arkadiusz Berent, Mateusz Bronk, Piotr Zmijewski
  • Publication number: 20210006416
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Application
    Filed: April 23, 2020
    Publication date: January 7, 2021
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Patent number: 10880097
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: December 29, 2020
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Patent number: 10708067
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Grant
    Filed: July 2, 2016
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Publication number: 20190052469
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Application
    Filed: October 17, 2018
    Publication date: February 14, 2019
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Patent number: 10135622
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: November 20, 2018
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Publication number: 20170366359
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Application
    Filed: July 2, 2016
    Publication date: December 21, 2017
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P, Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Publication number: 20170353319
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Application
    Filed: September 29, 2016
    Publication date: December 7, 2017
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre