Patents by Inventor Robert K. Spiger

Robert K. Spiger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10063375
    Abstract: Techniques are provided to ensure isolation of trusted input/output devices using a Secure Crypto-Processor. Secure IO lines may be used to drive devices that have a higher integrity requirement and to do attestation of sensor readings. Enhanced authorization policies may be used to enforce policies on interaction with IO devices. A bus master controller may also be provided in a Secure Crypto-Processor. Individual devices on an isolated Secure Crypto-Processor bus may be mapped to Indices so that read and write operations can be associated with Secure-Crypto-Processor-enforced authorization policies. The Secure Crypto-Processor may further provide means of attestation for complex data read from an input/output device that may be signed with the device identity to show strong origination proof of that data.
    Type: Grant
    Filed: August 3, 2015
    Date of Patent: August 28, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Stefan Thom, Robert K. Spiger, David R. Wooten, Merzin Kapadia
  • Publication number: 20160308677
    Abstract: Techniques are provided to ensure isolation of trusted input/output devices using a Secure Crypto-Processor. Secure IO lines may be used to drive devices that have a higher integrity requirement and to do attestation of sensor readings. Enhanced authorization policies may be used to enforce policies on interaction with IO devices. A bus master controller may also be provided in a Secure Crypto-Processor. Individual devices on an isolated Secure Crypto-Processor bus may be mapped to Indices so that read and write operations can be associated with Secure-Crypto-Processor-enforced authorization policies. The Secure Crypto-Processor may further provide means of attestation for complex data read from an input/output device that may be signed with the device identity to show strong origination proof of that data.
    Type: Application
    Filed: August 3, 2015
    Publication date: October 20, 2016
    Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC.
    Inventors: Stefan Thom, Robert K. Spiger, David R. Wooten, Merzin Kapadia
  • Patent number: 9256750
    Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.
    Type: Grant
    Filed: March 28, 2015
    Date of Patent: February 9, 2016
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
  • Publication number: 20150213278
    Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.
    Type: Application
    Filed: March 28, 2015
    Publication date: July 30, 2015
    Inventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
  • Patent number: 9015490
    Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.
    Type: Grant
    Filed: December 12, 2013
    Date of Patent: April 21, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
  • Publication number: 20140101454
    Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.
    Type: Application
    Filed: December 12, 2013
    Publication date: April 10, 2014
    Applicant: Microsoft Corporation
    Inventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
  • Patent number: 8612766
    Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.
    Type: Grant
    Filed: July 5, 2011
    Date of Patent: December 17, 2013
    Assignee: Microsoft Corporation
    Inventors: Stefan Thom, Robert K. Spiger, Magnus Nyström, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
  • Publication number: 20130013928
    Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.
    Type: Application
    Filed: July 5, 2011
    Publication date: January 10, 2013
    Applicant: Microsoft Corporation
    Inventors: Stefan Thom, Robert K. Spiger, Magnus Nystrôm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop