Patents by Inventor Thomas R. Markham
Thomas R. Markham has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11057213Abstract: An authentication system having a communications bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. Decoding the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. Only if the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.Type: GrantFiled: October 13, 2017Date of Patent: July 6, 2021Assignee: GARRETT TRANSPORTATION I, INC.Inventors: Thomas R. Markham, Alexander Chernoguzov
-
Patent number: 10728249Abstract: The disclosure reveals a system having secured electronic access. The system may have one or more vehicle buses, one or more electronic control units on a vehicle connected to the one or more vehicle buses, a security module connected to the one or more vehicle buses, and a vehicle access port connected to the security module. An accessing entity may attempt connection to the vehicle access port. Messages injected or extracted by the accessing entity may be authorized or unauthorized at the security module based on a security policy.Type: GrantFiled: March 24, 2017Date of Patent: July 28, 2020Assignee: GARRETT TRANSPORATION I INC.Inventor: Thomas R. Markham
-
Publication number: 20190116045Abstract: An authentication system having a communications bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. Decoding the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. Only if the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.Type: ApplicationFiled: October 13, 2017Publication date: April 18, 2019Inventors: Thomas R. Markham, Alexander Chernoguzov
-
Patent number: 10124750Abstract: A vehicle security system having controller area network buses, electronic control units connected to the controller area network buses, a vehicle security module connected to the controller area network buses, and an on board diagnostics connector connected to the vehicle security module. The vehicle security module may according to a policy discriminate between authorized and unauthorized signals that are input to the on board diagnostics connector. Authorized signals may be forwarded by the vehicle security module to the controller area network busses. Authorized signals may affect operation of one or more of the components of the vehicle via the electronic control units. Authorized signals may change the policy used by the vehicle security module. Unauthorized signals may be refused entry to the controller area network busses. The on board diagnostics connector may receive the signals from diagnostic instrumentation, control instrumentation, tracking instrumentation, a dongle, and so forth.Type: GrantFiled: April 26, 2016Date of Patent: November 13, 2018Assignee: Honeywell International Inc.Inventor: Thomas R. Markham
-
Publication number: 20170305368Abstract: A vehicle security system having controller area network buses, electronic control units connected to the controller area network buses, a vehicle security module connected to the controller area network buses, and an on board diagnostics connector connected to the vehicle security module. The vehicle security module may according to a policy discriminate between authorized and unauthorized signals that are input to the on board diagnostics connector. Authorized signals may be forwarded by the vehicle security module to the controller area network busses. Authorized signals may affect operation of one or more of the components of the vehicle via the electronic control units. Authorized signals may change the policy used by the vehicle security module. Unauthorized signals may be refused entry to the controller area network busses. The on board diagnostics connector may receive the signals from diagnostic instrumentation, control instrumentation, tracking instrumentation, a dongle, and so forth.Type: ApplicationFiled: April 26, 2016Publication date: October 26, 2017Inventor: Thomas R. Markham
-
Publication number: 20170310674Abstract: The disclosure reveals a system having secured electronic access. The system may have one or more vehicle buses, one or more electronic control units on a vehicle connected to the one or more vehicle buses, a security module connected to the one or more vehicle buses, and a vehicle access port connected to the security module. An accessing entity may attempt connection to the vehicle access port. Messages injected or extracted by the accessing entity may be authorized or unauthorized at the security module based on a security policy.Type: ApplicationFiled: March 24, 2017Publication date: October 26, 2017Inventor: Thomas R. Markham
-
Patent number: 9635029Abstract: Devices, systems, and methods for role-based access control permissions are disclosed. One method includes a policy decision point that receives up-to-date security context information from one or more outside sources to determine whether to grant access for a data client to a portion of the system and creates an access vector including the determination; receiving, via a policy agent, a request by the data client for access to the portion of the computing system by the data client, wherein the policy agent checks to ensure there is a session established with communications and user/application enforcement points; receiving, via communications policy enforcement point, the request from the policy agent, wherein the communications policy enforcement point determines whether the data client is an authorized node, based upon the access vector received from the policy decision point; and receiving, via the user/application policy enforcement point, the request from the communications policy enforcement point.Type: GrantFiled: November 20, 2012Date of Patent: April 25, 2017Assignee: Honeywell International Inc.Inventors: Kevin P. Staggs, Thomas R. Markham, Julie J. Hull Roskos, Alexander Chernoguzov
-
Patent number: 9503478Abstract: A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.Type: GrantFiled: June 19, 2014Date of Patent: November 22, 2016Assignee: Honeywell International Inc.Inventors: Alexander Chernoguzov, Thomas R. Markham, Harshal S. Haridas
-
Publication number: 20150215339Abstract: A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.Type: ApplicationFiled: June 19, 2014Publication date: July 30, 2015Inventors: Alexander Chernoguzov, Thomas R. Markham, Harshal S. Haridas
-
Patent number: 8892854Abstract: Devices that receive data while not directly powered and methods of operating devices that receive data while not directly powered are described herein. One or more device embodiments include an interface configured to receive data from an additional device while the device is not directly powered, a memory coupled to the interface and configured to receive the data from the interface while the device is not directly powered and store the data while the device is not directly powered, and a user interface configured to permit a user to interact with the computing device. The computing device is configured to operate in at least two different power modes, wherein the computing device is powered only via the interface while operating in a first power mode and the computing device is powered by a non-radio frequency (non-RF) power source while operating in a second power mode.Type: GrantFiled: April 1, 2011Date of Patent: November 18, 2014Assignee: Honeywell International Inc.Inventors: Thomas R. Markham, Bruce W. Anderson
-
Patent number: 8819833Abstract: Devices, methods, and systems for assured pipeline threat detection are described herein. One method for assured pipeline threat detection includes receiving a first set of data at a firewall from an unsecured network, moving the first set of data from the firewall to a number of virtual machines, performing a number of threat detection analyses on the first set of data in the number of virtual machines that are organized in a first assured pipeline, and sending the first set of data to a secured target network if no threat was detected.Type: GrantFiled: March 1, 2012Date of Patent: August 26, 2014Assignee: Honeywell International Inc.Inventors: Thomas R. Markham, Kevin P. Staggs
-
Patent number: 8803666Abstract: Systems, methods, and computer-readable and executable instructions are provided for providing a universal access device. Providing a universal access device can include storing access data for each of a number RFID readers, wherein each of the RFID readers accepts a particular RFID protocol. Providing a universal access device can also include selecting a particular RFID protocol for one of the number of RFID readers while the universal access device is within an activation zone of the RFID reader. Furthermore, providing a universal access device can include providing the access data for the particular RFID reader via the particular RFID protocol.Type: GrantFiled: July 10, 2012Date of Patent: August 12, 2014Assignee: Honeywell International Inc.Inventors: Edward L. Cochran, Bruce W. Anderson, David T. Spoor, Thomas R. Markham, Robert C. Becker
-
Publication number: 20140015638Abstract: Systems, methods, and computer-readable and executable instructions are provided for providing a universal access device. Providing a universal access device can include storing access data for each of a number RFID readers, wherein each of the RFID readers accepts a particular RFID protocol. Providing a universal access device can also include selecting a particular RFID protocol for one of the number of RFID readers while the universal access device is within an activation zone of the RFID reader. Furthermore, providing a universal access device can include providing the access data for the particular RFID reader via the particular RFID protocol.Type: ApplicationFiled: July 10, 2012Publication date: January 16, 2014Applicant: HONEYWELL INTERNATIONAL INC.Inventors: Edward Cochran, Bruce W. Anderson, David T. Spoor, Thomas R. Markham, Robert C. Becker
-
Patent number: 8620487Abstract: A vehicle screening method and system. A vehicle occupant can be identified utilizing one or more biometric identifiers input by or obtained from the vehicle occupant via a biometric input device. A barcode can also be provided by the vehicle occupant from a scanned card or other structure upon which the barcode is maintained. Additionally, a unique identification number can be provided by the user in order to match the unique identification number against a database of identification numbers, thereby permitting the vehicle occupant to be remotely screened and verified for entry into a secure facility based on the biometric identifier(s), the barcode and the unique identification number.Type: GrantFiled: December 15, 2006Date of Patent: December 31, 2013Assignee: Honeywell International Inc.Inventors: Edward L. Cochran, Bruce W. Anderson, Thomas R. Markham
-
Patent number: 8572404Abstract: A system includes a multi-core computer processor. One or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor, and one or more cores of the multi-core computer processor are configured as a safety manager co-processor for the system and for other cores of the multi-core processor. An operating system of the security co-processor and an operating system of the safety manager co-processor are independent of operating systems of the other cores of the multi-core processor. The security co-processor and the safety manager co-processor are configured to boot before the other cores and to enforce security policy and/or safety policy on the other cores.Type: GrantFiled: November 4, 2011Date of Patent: October 29, 2013Assignee: Honeywell International Inc.Inventors: Thomas R. Markham, Kevin Staggs
-
Publication number: 20130117803Abstract: A system includes a multi-core computer processor. One or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor, and one or more cores of the multi-core computer processor are configured as a safety manager co-processor for the system and for other cores of the multi-core processor. An operating system of the security co-processor and an operating system of the safety manager co-processor are independent of operating systems of the other cores of the multi-core processor. The security co-processor and the safety manager co-processor are configured to boot before the other cores and to enforce security policy and/or safety policy on the other cores.Type: ApplicationFiled: November 4, 2011Publication date: May 9, 2013Applicant: Honeywell International Inc.Inventors: Thomas R. Markham, Kevin Staggs
-
Publication number: 20130067558Abstract: Devices, methods, and systems for assured pipeline threat detection are described herein. One method for assured pipeline threat detection includes receiving a first set of data at a firewall from an unsecured network, moving the first set of data from the firewall to a number of virtual machines, performing a number of threat detection analyses on the first set of data in the number of virtual machines that are organized in a first assured pipeline, and sending the first set of data to a secured target network if no threat was detected.Type: ApplicationFiled: March 1, 2012Publication date: March 14, 2013Applicant: HONEYWELL INTERNATIONAL INC.Inventors: Thomas R. Markham, Kevin P. Staggs
-
Publication number: 20120254635Abstract: Devices that receive data while not directly powered and methods of operating devices that receive data while not directly powered are described herein. One or more device embodiments include an interface configured to receive data from an additional device while the device is not directly powered, a memory coupled to the interface and configured to receive the data from the interface while the device is not directly powered and store the data while the device is not directly powered, and a user interface configured to permit a user to interact with the computing device. The computing device is configured to operate in at least two different power modes, wherein the computing device is powered only via the interface while operating in a first power mode and the computing device is powered by a non-radio frequency (non-RF) power source while operating in a second power mode.Type: ApplicationFiled: April 1, 2011Publication date: October 4, 2012Applicant: HONEYWELL INTERNATIONAL INC.Inventors: Thomas R. Markham, Bruce W. Anderson
-
Patent number: 8272053Abstract: A physical security system having a plurality of sensors and a sensor report aggregator. The sensors may detect a large number of physical activities. The aggregator may cluster a large number of detected reports to a small number of sets of reports. The sets of reports may be reduced to hypotheses. From the hypotheses, the aggregator may develop hypotheses about the physical environment which the sensors are monitoring in view of a security reference model. The security reference model may include, but not be limited to, facility models, physical security models, and/or attack models. The hypotheses may have probabilities assigned to them according to their certitude of likelihood and severity of danger.Type: GrantFiled: October 13, 2005Date of Patent: September 18, 2012Assignee: Honeywell International Inc.Inventors: Thomas R. Markham, Walter Heimerdinger
-
Patent number: 8160371Abstract: A system includes a motion detection processor, a motion tracking processor, a people detection processor, a controller, a fusion processor, an appearance model generator processor, a database, a fast search processor, and a matching processor. The motion detection processor, the motion tracking processor, the controller, the people detection processor, the fusion processor, and the appearance model generator processor comprise an analytics pipeline, and the database and the fast search processor comprise a data index pipeline.Type: GrantFiled: December 3, 2007Date of Patent: April 17, 2012Assignee: Honeywell International Inc.Inventors: Yunqian Ma, Ben A. Miller, Andrew H. Johnson, Thomas R. Markham