Patents by Inventor Thomas R. Markham

Thomas R. Markham has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11057213
    Abstract: An authentication system having a communications bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. Decoding the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. Only if the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.
    Type: Grant
    Filed: October 13, 2017
    Date of Patent: July 6, 2021
    Assignee: GARRETT TRANSPORTATION I, INC.
    Inventors: Thomas R. Markham, Alexander Chernoguzov
  • Patent number: 10728249
    Abstract: The disclosure reveals a system having secured electronic access. The system may have one or more vehicle buses, one or more electronic control units on a vehicle connected to the one or more vehicle buses, a security module connected to the one or more vehicle buses, and a vehicle access port connected to the security module. An accessing entity may attempt connection to the vehicle access port. Messages injected or extracted by the accessing entity may be authorized or unauthorized at the security module based on a security policy.
    Type: Grant
    Filed: March 24, 2017
    Date of Patent: July 28, 2020
    Assignee: GARRETT TRANSPORATION I INC.
    Inventor: Thomas R. Markham
  • Publication number: 20190116045
    Abstract: An authentication system having a communications bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. Decoding the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. Only if the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.
    Type: Application
    Filed: October 13, 2017
    Publication date: April 18, 2019
    Inventors: Thomas R. Markham, Alexander Chernoguzov
  • Patent number: 10124750
    Abstract: A vehicle security system having controller area network buses, electronic control units connected to the controller area network buses, a vehicle security module connected to the controller area network buses, and an on board diagnostics connector connected to the vehicle security module. The vehicle security module may according to a policy discriminate between authorized and unauthorized signals that are input to the on board diagnostics connector. Authorized signals may be forwarded by the vehicle security module to the controller area network busses. Authorized signals may affect operation of one or more of the components of the vehicle via the electronic control units. Authorized signals may change the policy used by the vehicle security module. Unauthorized signals may be refused entry to the controller area network busses. The on board diagnostics connector may receive the signals from diagnostic instrumentation, control instrumentation, tracking instrumentation, a dongle, and so forth.
    Type: Grant
    Filed: April 26, 2016
    Date of Patent: November 13, 2018
    Assignee: Honeywell International Inc.
    Inventor: Thomas R. Markham
  • Publication number: 20170305368
    Abstract: A vehicle security system having controller area network buses, electronic control units connected to the controller area network buses, a vehicle security module connected to the controller area network buses, and an on board diagnostics connector connected to the vehicle security module. The vehicle security module may according to a policy discriminate between authorized and unauthorized signals that are input to the on board diagnostics connector. Authorized signals may be forwarded by the vehicle security module to the controller area network busses. Authorized signals may affect operation of one or more of the components of the vehicle via the electronic control units. Authorized signals may change the policy used by the vehicle security module. Unauthorized signals may be refused entry to the controller area network busses. The on board diagnostics connector may receive the signals from diagnostic instrumentation, control instrumentation, tracking instrumentation, a dongle, and so forth.
    Type: Application
    Filed: April 26, 2016
    Publication date: October 26, 2017
    Inventor: Thomas R. Markham
  • Publication number: 20170310674
    Abstract: The disclosure reveals a system having secured electronic access. The system may have one or more vehicle buses, one or more electronic control units on a vehicle connected to the one or more vehicle buses, a security module connected to the one or more vehicle buses, and a vehicle access port connected to the security module. An accessing entity may attempt connection to the vehicle access port. Messages injected or extracted by the accessing entity may be authorized or unauthorized at the security module based on a security policy.
    Type: Application
    Filed: March 24, 2017
    Publication date: October 26, 2017
    Inventor: Thomas R. Markham
  • Patent number: 9635029
    Abstract: Devices, systems, and methods for role-based access control permissions are disclosed. One method includes a policy decision point that receives up-to-date security context information from one or more outside sources to determine whether to grant access for a data client to a portion of the system and creates an access vector including the determination; receiving, via a policy agent, a request by the data client for access to the portion of the computing system by the data client, wherein the policy agent checks to ensure there is a session established with communications and user/application enforcement points; receiving, via communications policy enforcement point, the request from the policy agent, wherein the communications policy enforcement point determines whether the data client is an authorized node, based upon the access vector received from the policy decision point; and receiving, via the user/application policy enforcement point, the request from the communications policy enforcement point.
    Type: Grant
    Filed: November 20, 2012
    Date of Patent: April 25, 2017
    Assignee: Honeywell International Inc.
    Inventors: Kevin P. Staggs, Thomas R. Markham, Julie J. Hull Roskos, Alexander Chernoguzov
  • Patent number: 9503478
    Abstract: A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.
    Type: Grant
    Filed: June 19, 2014
    Date of Patent: November 22, 2016
    Assignee: Honeywell International Inc.
    Inventors: Alexander Chernoguzov, Thomas R. Markham, Harshal S. Haridas
  • Publication number: 20150215339
    Abstract: A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.
    Type: Application
    Filed: June 19, 2014
    Publication date: July 30, 2015
    Inventors: Alexander Chernoguzov, Thomas R. Markham, Harshal S. Haridas
  • Patent number: 8892854
    Abstract: Devices that receive data while not directly powered and methods of operating devices that receive data while not directly powered are described herein. One or more device embodiments include an interface configured to receive data from an additional device while the device is not directly powered, a memory coupled to the interface and configured to receive the data from the interface while the device is not directly powered and store the data while the device is not directly powered, and a user interface configured to permit a user to interact with the computing device. The computing device is configured to operate in at least two different power modes, wherein the computing device is powered only via the interface while operating in a first power mode and the computing device is powered by a non-radio frequency (non-RF) power source while operating in a second power mode.
    Type: Grant
    Filed: April 1, 2011
    Date of Patent: November 18, 2014
    Assignee: Honeywell International Inc.
    Inventors: Thomas R. Markham, Bruce W. Anderson
  • Patent number: 8819833
    Abstract: Devices, methods, and systems for assured pipeline threat detection are described herein. One method for assured pipeline threat detection includes receiving a first set of data at a firewall from an unsecured network, moving the first set of data from the firewall to a number of virtual machines, performing a number of threat detection analyses on the first set of data in the number of virtual machines that are organized in a first assured pipeline, and sending the first set of data to a secured target network if no threat was detected.
    Type: Grant
    Filed: March 1, 2012
    Date of Patent: August 26, 2014
    Assignee: Honeywell International Inc.
    Inventors: Thomas R. Markham, Kevin P. Staggs
  • Patent number: 8803666
    Abstract: Systems, methods, and computer-readable and executable instructions are provided for providing a universal access device. Providing a universal access device can include storing access data for each of a number RFID readers, wherein each of the RFID readers accepts a particular RFID protocol. Providing a universal access device can also include selecting a particular RFID protocol for one of the number of RFID readers while the universal access device is within an activation zone of the RFID reader. Furthermore, providing a universal access device can include providing the access data for the particular RFID reader via the particular RFID protocol.
    Type: Grant
    Filed: July 10, 2012
    Date of Patent: August 12, 2014
    Assignee: Honeywell International Inc.
    Inventors: Edward L. Cochran, Bruce W. Anderson, David T. Spoor, Thomas R. Markham, Robert C. Becker
  • Publication number: 20140015638
    Abstract: Systems, methods, and computer-readable and executable instructions are provided for providing a universal access device. Providing a universal access device can include storing access data for each of a number RFID readers, wherein each of the RFID readers accepts a particular RFID protocol. Providing a universal access device can also include selecting a particular RFID protocol for one of the number of RFID readers while the universal access device is within an activation zone of the RFID reader. Furthermore, providing a universal access device can include providing the access data for the particular RFID reader via the particular RFID protocol.
    Type: Application
    Filed: July 10, 2012
    Publication date: January 16, 2014
    Applicant: HONEYWELL INTERNATIONAL INC.
    Inventors: Edward Cochran, Bruce W. Anderson, David T. Spoor, Thomas R. Markham, Robert C. Becker
  • Patent number: 8620487
    Abstract: A vehicle screening method and system. A vehicle occupant can be identified utilizing one or more biometric identifiers input by or obtained from the vehicle occupant via a biometric input device. A barcode can also be provided by the vehicle occupant from a scanned card or other structure upon which the barcode is maintained. Additionally, a unique identification number can be provided by the user in order to match the unique identification number against a database of identification numbers, thereby permitting the vehicle occupant to be remotely screened and verified for entry into a secure facility based on the biometric identifier(s), the barcode and the unique identification number.
    Type: Grant
    Filed: December 15, 2006
    Date of Patent: December 31, 2013
    Assignee: Honeywell International Inc.
    Inventors: Edward L. Cochran, Bruce W. Anderson, Thomas R. Markham
  • Patent number: 8572404
    Abstract: A system includes a multi-core computer processor. One or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor, and one or more cores of the multi-core computer processor are configured as a safety manager co-processor for the system and for other cores of the multi-core processor. An operating system of the security co-processor and an operating system of the safety manager co-processor are independent of operating systems of the other cores of the multi-core processor. The security co-processor and the safety manager co-processor are configured to boot before the other cores and to enforce security policy and/or safety policy on the other cores.
    Type: Grant
    Filed: November 4, 2011
    Date of Patent: October 29, 2013
    Assignee: Honeywell International Inc.
    Inventors: Thomas R. Markham, Kevin Staggs
  • Publication number: 20130117803
    Abstract: A system includes a multi-core computer processor. One or more cores of the multi-core computer processor are configured as a security co-processor for the system and for other cores of the multi-core processor, and one or more cores of the multi-core computer processor are configured as a safety manager co-processor for the system and for other cores of the multi-core processor. An operating system of the security co-processor and an operating system of the safety manager co-processor are independent of operating systems of the other cores of the multi-core processor. The security co-processor and the safety manager co-processor are configured to boot before the other cores and to enforce security policy and/or safety policy on the other cores.
    Type: Application
    Filed: November 4, 2011
    Publication date: May 9, 2013
    Applicant: Honeywell International Inc.
    Inventors: Thomas R. Markham, Kevin Staggs
  • Publication number: 20130067558
    Abstract: Devices, methods, and systems for assured pipeline threat detection are described herein. One method for assured pipeline threat detection includes receiving a first set of data at a firewall from an unsecured network, moving the first set of data from the firewall to a number of virtual machines, performing a number of threat detection analyses on the first set of data in the number of virtual machines that are organized in a first assured pipeline, and sending the first set of data to a secured target network if no threat was detected.
    Type: Application
    Filed: March 1, 2012
    Publication date: March 14, 2013
    Applicant: HONEYWELL INTERNATIONAL INC.
    Inventors: Thomas R. Markham, Kevin P. Staggs
  • Publication number: 20120254635
    Abstract: Devices that receive data while not directly powered and methods of operating devices that receive data while not directly powered are described herein. One or more device embodiments include an interface configured to receive data from an additional device while the device is not directly powered, a memory coupled to the interface and configured to receive the data from the interface while the device is not directly powered and store the data while the device is not directly powered, and a user interface configured to permit a user to interact with the computing device. The computing device is configured to operate in at least two different power modes, wherein the computing device is powered only via the interface while operating in a first power mode and the computing device is powered by a non-radio frequency (non-RF) power source while operating in a second power mode.
    Type: Application
    Filed: April 1, 2011
    Publication date: October 4, 2012
    Applicant: HONEYWELL INTERNATIONAL INC.
    Inventors: Thomas R. Markham, Bruce W. Anderson
  • Patent number: 8272053
    Abstract: A physical security system having a plurality of sensors and a sensor report aggregator. The sensors may detect a large number of physical activities. The aggregator may cluster a large number of detected reports to a small number of sets of reports. The sets of reports may be reduced to hypotheses. From the hypotheses, the aggregator may develop hypotheses about the physical environment which the sensors are monitoring in view of a security reference model. The security reference model may include, but not be limited to, facility models, physical security models, and/or attack models. The hypotheses may have probabilities assigned to them according to their certitude of likelihood and severity of danger.
    Type: Grant
    Filed: October 13, 2005
    Date of Patent: September 18, 2012
    Assignee: Honeywell International Inc.
    Inventors: Thomas R. Markham, Walter Heimerdinger
  • Patent number: 8160371
    Abstract: A system includes a motion detection processor, a motion tracking processor, a people detection processor, a controller, a fusion processor, an appearance model generator processor, a database, a fast search processor, and a matching processor. The motion detection processor, the motion tracking processor, the controller, the people detection processor, the fusion processor, and the appearance model generator processor comprise an analytics pipeline, and the database and the fast search processor comprise a data index pipeline.
    Type: Grant
    Filed: December 3, 2007
    Date of Patent: April 17, 2012
    Assignee: Honeywell International Inc.
    Inventors: Yunqian Ma, Ben A. Miller, Andrew H. Johnson, Thomas R. Markham