Patents by Inventor Robert K. Spiger
Robert K. Spiger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10063375Abstract: Techniques are provided to ensure isolation of trusted input/output devices using a Secure Crypto-Processor. Secure IO lines may be used to drive devices that have a higher integrity requirement and to do attestation of sensor readings. Enhanced authorization policies may be used to enforce policies on interaction with IO devices. A bus master controller may also be provided in a Secure Crypto-Processor. Individual devices on an isolated Secure Crypto-Processor bus may be mapped to Indices so that read and write operations can be associated with Secure-Crypto-Processor-enforced authorization policies. The Secure Crypto-Processor may further provide means of attestation for complex data read from an input/output device that may be signed with the device identity to show strong origination proof of that data.Type: GrantFiled: August 3, 2015Date of Patent: August 28, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Stefan Thom, Robert K. Spiger, David R. Wooten, Merzin Kapadia
-
Publication number: 20160308677Abstract: Techniques are provided to ensure isolation of trusted input/output devices using a Secure Crypto-Processor. Secure IO lines may be used to drive devices that have a higher integrity requirement and to do attestation of sensor readings. Enhanced authorization policies may be used to enforce policies on interaction with IO devices. A bus master controller may also be provided in a Secure Crypto-Processor. Individual devices on an isolated Secure Crypto-Processor bus may be mapped to Indices so that read and write operations can be associated with Secure-Crypto-Processor-enforced authorization policies. The Secure Crypto-Processor may further provide means of attestation for complex data read from an input/output device that may be signed with the device identity to show strong origination proof of that data.Type: ApplicationFiled: August 3, 2015Publication date: October 20, 2016Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Stefan Thom, Robert K. Spiger, David R. Wooten, Merzin Kapadia
-
Patent number: 9256750Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.Type: GrantFiled: March 28, 2015Date of Patent: February 9, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
-
Publication number: 20150213278Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.Type: ApplicationFiled: March 28, 2015Publication date: July 30, 2015Inventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
-
Patent number: 9015490Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.Type: GrantFiled: December 12, 2013Date of Patent: April 21, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
-
Publication number: 20140101454Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.Type: ApplicationFiled: December 12, 2013Publication date: April 10, 2014Applicant: Microsoft CorporationInventors: Stefan Thom, Robert K. Spiger, Magnus NystrÖm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
-
Patent number: 8612766Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.Type: GrantFiled: July 5, 2011Date of Patent: December 17, 2013Assignee: Microsoft CorporationInventors: Stefan Thom, Robert K. Spiger, Magnus Nyström, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop
-
Publication number: 20130013928Abstract: Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges.Type: ApplicationFiled: July 5, 2011Publication date: January 10, 2013Applicant: Microsoft CorporationInventors: Stefan Thom, Robert K. Spiger, Magnus Nystrôm, Himanshu Soni, Marc R. Barbour, Nick Voicu, Xintong Zhou, Kirk Shoop