Patents by Inventor SRIKANTH VARADARAJAN
SRIKANTH VARADARAJAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11677730Abstract: A device includes a microcontroller, memory including secure memory to store a private key, a set of registers, and an authentication engine. The set of registers includes a write mailbox register and a read mailbox register, and message data is to be written to the write mailbox register by a host system. The message data includes at least a portion of a challenge request, and the challenge request includes a challenge by the host system to authenticity of the device. The authentication engine generates a response to the challenge, where the response includes data to identify attributes of the device and a signature generated using the private key. The authentication engine causes at least a portion of the response to be written to the read mailbox register to be read by the host system.Type: GrantFiled: June 29, 2018Date of Patent: June 13, 2023Assignee: Intel CorporationInventors: Yu-Yuan Chen, Wojciech S. Powiertowski, Srikanth Varadarajan, David J. Harriman
-
Patent number: 10462135Abstract: Various system configurations and methods for maintaining, accessing, and utilizing secure data of a web browser in a hardware-managed secure data store are disclosed herein. In an example, operations for management of sensitive data such as passwords may be provided with the use of secure enclaves operating in a trusted execution environment. For example, such secure enclaves may be used for sealing and persisting sensitive data associated with a remote service, and transmitting the sensitive data to the remote service, while an unsealed form of the sensitive data is not accessible outside of the trusted execution environment. In further examples, operations for generating a password, storing or updating existing passwords, and replacing web browser input fields with secure data are disclosed.Type: GrantFiled: December 23, 2015Date of Patent: October 29, 2019Assignee: Intel CorporationInventors: Srikanth Varadarajan, Reshma Lal, Josh Triplett
-
Patent number: 10372656Abstract: In one embodiment, an apparatus includes a wireless controller, which may include a byte stream parser to receive a stream of data from one or more wireless devices and parse the stream of data to identify a first data packet associated with a first channel identifier associated with a trusted application, and a cryptographic engine coupled to the byte stream parser to encrypt a payload portion of the first data packet in response to the identification of the first data packet associated with the first channel identifier. Other embodiments are described and claimed.Type: GrantFiled: November 21, 2016Date of Patent: August 6, 2019Assignee: Intel CorporationInventors: Srikanth Varadarajan, Reshma Lal, Steven B. McGowan, Hakan Magnus Eriksson, Travis W. Peters
-
Publication number: 20190052617Abstract: A device includes a microcontroller, memory including secure memory to store a private key, a set of registers, and an authentication engine. The set of registers includes a write mailbox register and a read mailbox register, and message data is to be written to the write mailbox register by a host system. The message data includes at least a portion of a challenge request, and the challenge request includes a challenge by the host system to authenticity of the device. The authentication engine generates a response to the challenge, where the response includes data to identify attributes of the device and a signature generated using the private key. The authentication engine causes at least a portion of the response to be written to the read mailbox register to be read by the host system.Type: ApplicationFiled: June 29, 2018Publication date: February 14, 2019Inventors: Yu-Yuan Chen, Wojciech S. Powiertowski, Srikanth Varadarajan, David J. Harriman
-
Patent number: 10198600Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.Type: GrantFiled: September 19, 2017Date of Patent: February 5, 2019Assignee: Intel CorporationInventors: Jeffrey C. Sedayao, Ivan Jibaja, Srikanth Varadarajan, Reshma Lal, Soham Jayesh Desai
-
Publication number: 20190036704Abstract: A system for verifying the secure erase of a storage device is provided. A storage device controller for the storage device logs the execution of a secure erase command. A storage device controller for the storage device receives an erase verify command from a host. The storage device controller retrieves one or more secure erase log entries from access-limited memory locations in non-volatile memory of the storage device. The storage device controller copies the one or more secure erase log entries to storage device buffer circuitry. The storage device controller secures the one or more secure erase log entries with one or more cryptographic keys to generate an encrypted and/or signed erase verification message. The storage device controller transmits the encrypted and/or signed erase verification message to the host, in response to receipt of the erase verify command.Type: ApplicationFiled: December 27, 2017Publication date: January 31, 2019Applicant: Intel CorporationInventors: DOUG DeVETTER, JAMES CHU, ADRIAN PEARSON, GAMIL CAIN, SRIKANTH VARADARAJAN
-
Publication number: 20180145951Abstract: In one embodiment, an apparatus includes a wireless controller, which may include a byte stream parser to receive a stream of data from one or more wireless devices and parse the stream of data to identify a first data packet associated with a first channel identifier associated with a trusted application, and a cryptographic engine coupled to the byte stream parser to encrypt a payload portion of the first data packet in response to the identification of the first data packet associated with the first channel identifier. Other embodiments are described and claimed.Type: ApplicationFiled: November 21, 2016Publication date: May 24, 2018Inventors: Srikanth Varadarajan, Reshma Lal, Steven B. McGowan, Hakan Magnus Eriksson, Travis W. Peters
-
Publication number: 20180004982Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.Type: ApplicationFiled: September 19, 2017Publication date: January 4, 2018Applicant: Intel CorporationInventors: JEFFREY C. SEDAYAO, IVAN JIBAJA, SRIKANTH VARADARAJAN, RESHMA LAL, SOHAM JAYESH DESAI
-
Patent number: 9767324Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.Type: GrantFiled: November 22, 2014Date of Patent: September 19, 2017Assignee: INTEL CORPORATIONInventors: Jeffrey C Sedayao, Ivan Jibaja, Srikanth Varadarajan, Reshma Lal, Soham Jayesh Desai
-
Publication number: 20170118215Abstract: Various system configurations and methods for maintaining, accessing, and utilizing secure data of a web browser in a hardware-managed secure data store are disclosed herein. In an example, operations for management of sensitive data such as passwords may be provided with the use of secure enclaves operating in a trusted execution environment. For example, such secure enclaves may be used for sealing and persisting sensitive data associated with a remote service, and transmitting the sensitive data to the remote service, while an unsealed form of the sensitive data is not accessible outside of the trusted execution environment. In further examples, operations for generating a password, storing or updating existing passwords, and replacing web browser input fields with secure data are disclosed.Type: ApplicationFiled: December 23, 2015Publication date: April 27, 2017Inventors: Srikanth Varadarajan, Reshma Lal, Josh Triplett
-
Patent number: 9444627Abstract: Method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) starts with main processor executing an application stored in memory device. Application includes client application (CA) and trusted application (TA). Executing the application includes running CA in client process and TA in TEE host process. Client process and TEE host process are separate. Using TEE host process, a request including identifier of the TA is received from client process to open session. Using GP Trusted Services enclave included in TEE host process, TA enclave associated with the identifier is determined and loaded in the TEE host process using the GP Trusted Services enclave to establish the session. Using TEE host process, commands to be invoked in TA enclave and set of parameters needed for commands are received from client process. Using GP Internal APIs, commands in TA enclave associated with identifier are executed. Other embodiments are also described.Type: GrantFiled: December 24, 2014Date of Patent: September 13, 2016Assignee: Intel CorporationInventors: Srikanth Varadarajan, Reshma Lal, Krystof C. Zmudzinski
-
Publication number: 20160191246Abstract: Method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) starts with main processor executing an application stored in memory device. Application includes client application (CA) and trusted application (TA). Executing the application includes running CA in client process and TA in TEE host process. Client process and TEE host process are separate. Using TEE host process, a request including identifier of the TA is received from client process to open session. Using GP Trusted Services enclave included in TEE host process, TA enclave associated with the identifier is determined and loaded in the TEE host process using the GP Trusted Services enclave to establish the session. Using TEE host process, commands to be invoked in TA enclave and set of parameters needed for commands are received from client process. Using GP Internal APIs, commands in TA enclave associated with identifier are executed. Other embodiments are also described.Type: ApplicationFiled: December 24, 2014Publication date: June 30, 2016Inventors: Srikanth Varadarajan, Reshma Lal, Krystof C. Zmudzinksi
-
Publication number: 20160147982Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.Type: ApplicationFiled: November 22, 2014Publication date: May 26, 2016Applicant: Intel CorporationInventors: JEFFREY C. SEDAYAO, IVAN JIBAJA, SRIKANTH VARADARAJAN, RESHMA LAL, SOHAM JAYESH DESAI