Patents by Inventor Rosario Cammarota

Rosario Cammarota has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10142303
    Abstract: In an aspect, a method for protecting software includes obtaining a payload including at least one of instructions or data, establishing a realm in a memory device, encrypting the payload based on an ephemeral encryption key (EEK) associated with the realm, and storing the encrypted payload in the realm of the memory device. In another aspect, a method for protecting software includes receiving a memory transaction associated with the memory device, the memory transaction including at least a realm identifier (RID) and a realm indicator bit, obtaining the EEK associated with the RID when the RID indicates the realm and when the realm indicator bit is enabled, decrypting an instruction and/or data retrieved from the realm based on the EEK when the memory transaction is a read transaction, and encrypting second data for storage in the realm based on the EEK when the memory transaction is a write transaction.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: November 27, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Roberto Avanzi, David Hartley, Rosario Cammarota
  • Patent number: 10102375
    Abstract: Techniques for preventing side-channel attacks on a cache are provided. A method according to these techniques includes executing a software instruction indicating that a portion of software requiring data protection is about to be executed, setting the cache to operate in a randomized mode to de-correlate cache timing and cache miss behavior from data being processed by the portion of software requiring data protection responsive to the instruction indicating that the portion of software requiring data protection is about to be executed, executing the portion of software requiring data protection, storing the data being processed by the portion of software requiring data protection, and setting the cache to operate in a standard operating mode responsive to an instruction indicating that execution of the portion of software requiring data protection has completed.
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: October 16, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Rosario Cammarota, Roberto Avanzi, Ramesh Chandra Chauhan, Harold Wade Cain, III, Darren Lasko
  • Publication number: 20180278625
    Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. The apparatus may establish a communication link based on the 1905.1 protocol with at least one second AP. The apparatus may receive an authentication request from the at least one second AP via the communication link based on the 1905.1 protocol. In certain aspects, the authentication request may include at least a first signed certificate and a first generated value. The apparatus may transmit an authentication response to the at least one second AP using the communication link based on the 1905.1 protocol. In certain aspects, the authentication response may include at least a second signed certificate and a second generated value. The apparatus may determine shared information with the at least one second AP based at least in part on the first generated value and the second generated value.
    Type: Application
    Filed: March 22, 2018
    Publication date: September 27, 2018
    Inventors: Rosario CAMMAROTA, Sai Yiu Duncan HO, Brian Michael BUESKER, Alireza RAISSINIA, George CHERIAN
  • Publication number: 20180270049
    Abstract: Aspects of the present disclosure implement techniques that allow an enrollee (e.g., DPP-AP or other DPP devices) to be informed of the bootstrapping method selected by a device (e.g., STA) when initiating onboarding. As such, in one example, authentication requests from the device may additionally carry information that inform the network of the bootstrapping method (e.g., QR-code, NFC, Wi-Fi Aware, Wi-Fi Direct) selected by the device. Each bootstrapping method may correspond to an authentication key. Accordingly, based on the exchange of bootstrapping information, the enrollee (e.g., network device) may verify the authenticity of the device by calculating an authentication key that unlocks additional sensitive information that may be included in the authentication request.
    Type: Application
    Filed: March 14, 2018
    Publication date: September 20, 2018
    Inventors: Rosario CAMMAROTA, Jouni MALINEN, Shivraj Singh SANDHU
  • Patent number: 10027640
    Abstract: A method includes: decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, where a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and where the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; decrypting, in the device, the second subset of encrypted data using the cryptographic device key to produce second plain text; encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: July 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Roberto Avanzi, Rosario Cammarota, Ron Keidar
  • Publication number: 20180198603
    Abstract: Techniques for mitigating side-channel attacks on cryptographic algorithms are provided. An example method according to these techniques includes applying a block cipher algorithm to an input data to generate a cryptographic output, such that applying the block cipher to input data comprises modifying an output of a stage of the block cipher algorithm such that each output of the stage of the block cipher algorithm has a constant Hamming weight, and outputting the cryptographic output.
    Type: Application
    Filed: January 11, 2017
    Publication date: July 12, 2018
    Inventors: Rosario CAMMAROTA, Indranil BANERJEE, Matthew McGregor
  • Publication number: 20180167366
    Abstract: A cryptographic device includes: a data input; a data output; a cipher circuit configured to perform a cipher algorithm on cipher-algorithm input data to produce cipher-algorithm output data; and a network coupled to the data input, the data output, and the cipher circuit, the network comprising a plurality of switches and a plurality of logical signal combiners that are configured to provide the cipher-algorithm input data to the cipher circuit and to provide device output data to the data output using the cipher-algorithm output data and that, in combination with the cipher circuit, are configured to implement a plurality of different cryptographic algorithms that each include the cipher algorithm that the cipher circuit is configured to perform.
    Type: Application
    Filed: December 12, 2016
    Publication date: June 14, 2018
    Inventors: Rosario CAMMAROTA, Matthew McGregor
  • Publication number: 20180109418
    Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for enhancing a device provisioning protocol (DPP) with assisted bootstrapping. In one aspect, a configurator device can provision an enrollee device for a network with the assistance of an intermediary device. The intermediary device may obtain enrollee bootstrapping data associated with the enrollee device and send the enrollee bootstrapping data to the configurator device. The configurator device may use the enrollee bootstrapping data in an authentication process between the configurator device and the enrollee device. Following the authentication, the enrollee device may be configured by the configurator device such that the enrollee device may access a network.
    Type: Application
    Filed: September 22, 2017
    Publication date: April 19, 2018
    Inventors: Rosario Cammarota, Peerapol Tinnakornsrisuphap, Jouni Kalevi Malinen
  • Publication number: 20180109381
    Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer storage media, for enhancing a device provisioning protocol (DPP) to support multiple configurators. In one aspect, a first configurator device can export a configurator key package. In one aspect, the configurator key package may be used for backup and restore of the configurator keys. The configurator key package may include a configurator private signing key and, optionally, a configurator public verification key. A second configurator device may obtain the configurator key package and also may obtain decryption information which can be used to decrypt the configurator key package. Thus, in another aspect, both the first configurator device and the second configurator device can use the same configurator keys with the device provisioning protocol to configure enrollees to a network.
    Type: Application
    Filed: July 12, 2017
    Publication date: April 19, 2018
    Inventors: Rosario Cammarota, Jouni Kalevi Malinen, Peerapol Tinnakornsrisuphap
  • Publication number: 20180091526
    Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media for mitigating an Internet of things (IoT) worm. In one aspect, a processor of a router device may randomly select a plurality of Internet Protocol (IP) addresses. The processor may expose one or more emulated services at the plurality of randomly selected IP addresses. The processor may determine whether IoT worm communication activity is detected at one of the randomly selected IP addresses. The processor may grant to, or otherwise enable, an IoT worm access to one of the emulated services in response to detecting IoT worm communication activity at one of the selected IP addresses.
    Type: Application
    Filed: September 23, 2016
    Publication date: March 29, 2018
    Inventors: Rosario Cammarota, Peerapol Tinnakornsrisuphap
  • Publication number: 20180091551
    Abstract: Techniques for establishing one or more end-to-end secure channels in a data center are provided. A method according to these techniques includes obtaining, at a secure module (SM) associated with a virtual machine (VM) operating on a node of the data center, a VM-specific signature key for the VM from a Hardware Security Module (HSM), and performing a cryptographic signing operation at the SM associated with establishing an end-to-end secure channel between the VM and another networked entity using the VM-specific signature key responsive to a request from the VM.
    Type: Application
    Filed: September 27, 2016
    Publication date: March 29, 2018
    Inventors: Anand PALANIGOUNDER, Rosario CAMMAROTA, Darren LASKO
  • Publication number: 20180048632
    Abstract: Methods, systems, and devices for wireless communication are described for precursory client configuration for network access. A configurator station (STA) may receive, from a key management device, an identity key of a client STA and may receive, from the client STA, a network configuration probe that includes a first cryptographic value based at least in part on the identity key and a request for network access. The configurator STA may apply a cryptographic function to the identity key to generate a second cryptographic value. The configurator STA may configure the client STA to access a network based at least in part on a match between the first cryptographic value and the second cryptographic value.
    Type: Application
    Filed: August 12, 2016
    Publication date: February 15, 2018
    Inventors: Rosario Cammarota, Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Publication number: 20180046808
    Abstract: Techniques for preventing side-channel attacks on a cache are provided. A method according to these techniques includes executing a software instruction indicating that a portion of software requiring data protection is about to be executed, setting the cache to operate in a randomized mode to de-correlate cache timing and cache miss behavior from data being processed by the portion of software requiring data protection responsive to the instruction indicating that the portion of software requiring data protection is about to be executed, executing the portion of software requiring data protection, storing the data being processed by the portion of software requiring data protection, and setting the cache to operate in a standard operating mode responsive to an instruction indicating that execution of the portion of software requiring data protection has completed.
    Type: Application
    Filed: August 11, 2016
    Publication date: February 15, 2018
    Inventors: Rosario CAMMAROTA, Roberto AVANZI, Ramesh Chandra CHAUHAN, Harold Wade CAIN, III, Darren LASKO
  • Patent number: 9892269
    Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.
    Type: Grant
    Filed: June 11, 2015
    Date of Patent: February 13, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Michael J. T. Chan, Lu Xiao, Rosario Cammarota, Olivier Jean Benoit, Saurabh Sabnis, Yin Ling Liong, Manish Mohan
  • Patent number: 9875378
    Abstract: Techniques for encrypting the data in the memory of a computing device are provided. An example method for protecting data in a memory according to the disclosure includes encrypting data associated with a store request using a memory encryption device of the processor to produce encrypted data. Encrypting the data includes: obtaining a challenge value, providing the challenge value to a physically unclonable function module to obtain a response value, and encrypting the data associated with the store request using the response value as an encryption key to generate the encrypted data. The method also includes storing the encrypted data and the challenge value associated with the encrypted data in the memory.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: January 23, 2018
    Assignee: QUALCOMOM Incorporated
    Inventors: Olivier Jean Benoit, Rosario Cammarota
  • Patent number: 9760737
    Abstract: Techniques for protecting data in a processor are provided. An example method according to these techniques includes performing one or more operations on encrypted data using one or more functional units of a data path of the processor to generate an encrypted result. Performing the one or more operations includes: receiving at least one encrypted parameter pair at a functional unit, each encrypted parameter pair comprising an encrypted parameter value and a challenge value associated with the encrypted parameter value, the encrypted parameter being encrypted using a homomorphic encryption technique, the challenge value being used to recover a key used to encrypt the encrypted parameter value, and performing a mathematical computation on the at least one encrypted parameter. The method also includes outputting the encrypted result.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: September 12, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Rosario Cammarota, Olivier Jean Benoit
  • Patent number: 9735953
    Abstract: A distributed technique for implementing a cryptographic process performs operations in parallel on both valid and irrelevant data to prevent differentiation of the operations based on an encryption key content. A control entity switches or points valid data to appropriate CPU(s) that are responsible for operations such as squaring or multiplying. Irrelevant data is also switched or pointed to appropriate CPU(s) that execute operations in parallel with the CPU(s) operating on the valid data. The distributed technique contributes to obscuring side channel analysis phenomena from observation, such that cryptographic operations cannot easily be tied to the content of the encryption key.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: August 15, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, Rosario Cammarota
  • Publication number: 20170208079
    Abstract: Methods and system for detecting anomalous behavior in a home network is performed by an access point. The access point passively monitors, within the home network, network traffic corresponding to each of a number of devices associated with it, without an approval from any of the number of devices. In another aspect, the access point passively monitors, within the home network, individual traffic flows between the access point and the number of devices associated with it. The access point then compares, for each of the devices, one or more characteristics of the corresponding network traffic or the individual traffic flows with a baseline model of network behavior and identifies which of the number of devices is associated with anomalous behavior based on the comparison.
    Type: Application
    Filed: June 15, 2016
    Publication date: July 20, 2017
    Inventors: Rosario Cammarota, Peerapol Tinnakornsrisuphap
  • Publication number: 20170134390
    Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.
    Type: Application
    Filed: January 13, 2017
    Publication date: May 11, 2017
    Inventors: Michael J.T. CHAN, Lu XIAO, Rosario CAMMAROTA, Olivier Jean BENOIT, Saurabh SABNIS, Yin Ling LIONG, Manish MOHAN
  • Patent number: 9626155
    Abstract: In one example, a device for recommending an optimization strategy for software includes a memory storing data for a sparse matrix including empty cells and non-empty cells, wherein non-empty cells of the sparse matrix represent ratings for optimization strategies previously applied to programs, and one or more hardware-based processors configured to predict values for empty cells of a sparse matrix, fill the empty cells with the predicted values to produce a complete matrix, determine, for a current program that was not included in the programs of the sparse matrix, a recommended optimization strategy that yields a highest rating from the complete matrix, and provide an indication of the recommended optimization strategy.
    Type: Grant
    Filed: April 28, 2015
    Date of Patent: April 18, 2017
    Assignee: QUALCOMM Incorporated
    Inventor: Rosario Cammarota