Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees

Brickell, OR

Ernest Brickell, Portland, OR US

Patent application number	Description	Published
20090249050	SYSTEM AND METHOD FOR ESTABLISHING A TRUST DOMAIN ON A COMPUTER PLATFORM - Embodiments of the invention provide systems and methods associated with a measurement engine in a server platform. In one such embodiment of the invention, the measurement engine hardware verifies/authenticates its own firmware and then system initialization firmware by measuring such firmware and storing measurement results in a register that is not spoofable by malicious code. In this instance, the measurement engine holds the host CPU complex in a reset state until the measurement engine has verified the system initialization firmware. In another such embodiment of the invention, the measurement engine hardware also measures firmware associated with one or more system service processors and stores such measurement results in a register. In this case, the measurement engine holds the system service processors and the host CPU complex in reset until the measurements are completed. Other embodiments are described.	10-01-2009

Ernest F. Brickell, Hillsboro, OR US

Patent application number	Description	Published
20100169650	STORAGE MINIMIZATION TECHNIQUE FOR DIRECT ANONYMOUS ATTESTATION KEYS - A storage minimization technique for direct anonymous attestation (DAA) keys is presented. In one embodiment, the method includes deriving a random portion of a (DAA) private key from a device's fuse key, computing a point on an elliptical curve from the derived random portion and a master private key, and storing only one coordinate of the point in fuses within the device. Other embodiments are described and claimed.	07-01-2010

Ernest F. Brickell, Portland, OR US

Patent application number	Description	Published
20080270786	APPARATUS AND METHOD FOR DIRECT ANONYMOUS ATTESTATION FROM BILINEAR MAPS - A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed.	10-30-2008
20080270790	APPARATUS AND METHOD FOR ENHANCED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for enhanced revocation of direct proof and direct anonymous attestation are described. In one embodiment a trusted hardware device verifies that membership of the device within a trusted membership group is not revoked according to a revocation list received with a challenge request from a verifier. Once such verification is performed, the device convinces the verifier of possessing cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. In one embodiment, the trusted hardware device computes a digital signature on a message received with the challenge request to the verifier if membership of the anonymous hardware device within a trusted membership group is verified. In one embodiment, the verifier authenticates the digital signature according to a public key of the trusted membership group to enable a trusted member device to remain anonymous to the verifier. Other embodiments are described and claimed.	10-30-2008
20080307223	APPARATUS AND METHOD FOR ISSUER BASED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for issuer based revocation of direct proof and direct anonymous attestation are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of revocation request to the trusted hardware device, including a base value B	12-11-2008
20090323941	SOFTWARE COPY PROTECTION VIA PROTECTED EXECUTION OF APPLICATIONS - Methods and apparatus to provide a tamper-resistant environment for software are described. In some embodiments, procedures for verifying whether a software container is utilizing protected memory and is associated with a specific platform are described. Other embodiments are also described.	12-31-2009

Patent applications by Ernest F. Brickell, Portland, OR US

Ernie Brickell, Hillsboro, OR US

Patent application number	Description	Published
20100082973	Direct anonymous attestation scheme with outsourcing capability - A Direct Anonymous Attestation (DAA) scheme using elliptic curve cryptography (ECC) and bilinear maps. A trusted platform module (TPM) may maintain privacy of a portion of a private membership key from an issuer while joining a group. Moreover, the TPM can outsource most of the computation involved in generating a signature to a host computer.	04-01-2010
20100332574	Digital random number generator - A hardware-based digital random number generator is provided. The digital random number generator is a randomly behaving random number generator based on a set of nondeterministic behaviors. The nondeterministic behaviors include temporal asynchrony between subunits, entropy source “extra” bits, entropy measurement, autonomous deterministic random bit generator reseeding and consumption from a shared resource.	12-30-2010
20110161672	Provisioning, upgrading, and/or changing of hardware - In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed.	06-30-2011

Ernie Brickell, Portland, OR US

Patent application number	Description	Published
20090172639	FIRMWARE INTEGRITY VERIFICATION - In some embodiments, the integrity of firmware stored in a non-volatile memory is verified prior to initiation of a firmware reset vector. Other embodiments are described and claimed.	07-02-2009
20100299479	OBSCURING MEMORY ACCESS PATTERNS - For each memory location in a set of memory locations associated with a thread, setting an indication associated with the memory location to request a signal if data from the memory location is evicted from a cache; and in response to the signal, reloading the set of memory locations into the cache.	11-25-2010

Patent applications by Ernie Brickell, Portland, OR US

Ernie F. Brickell, Hillsboro, OR US

Patent application number	Description	Published
20110161676	ENTERING A SECURED COMPUTING ENVIRONMENT USING MULTIPLE AUTHENTICATED CODE MODULES - Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.	06-30-2011

Ernie F. Brickell, Portland, OR US

Patent application number	Description	Published
20090041232	ESTABLISHING TRUST WITHOUT REVEALING IDENTITY - A method, system, and apparatus are provided for establishing trust without revealing identity. According to one embodiment, values in a first proof corresponding to a first statement are precomputed, a request for a second proof is received from a challenger, and the first and second proofs are completed.	02-12-2009
20090089564	Protecting a Branch Instruction from Side Channel Vulnerabilities - Embodiments of an invention to protection a branch instruction from side channel vulnerabilities are described. In one embodiment, a method includes receiving a request to modify the operation of a processor to protect against side channel attacks, and modifying branch prediction operation in response to the request.	04-02-2009
20090129600	APPARATUS AND METHOD FOR A DIRECT ANONYMOUS ATTESTATION SCHEME FROM SHORT-GROUP SIGNATURES - An apparatus and method is provided for a direct anonymous attestation scheme from short-group signatures. The method may include the creation of a group public/private key pair for a trusted membership group defined by an issuer; and assigning a cryptographic pair that is combined with a unique private member value to form a private membership key. A trusted member device generates the unique private member value during a join procedure of a trusted membership group. In one embodiment, the private member value of the private membership key is unknown to the issuer. A member may sign a message with the private membership key to form a short-group digital signature that is verified using a public key of the trusted membership group to maintain anonymity of trusted member devices. A size of the private membership key may be reduced to enable storage within a trusted platform module. Other embodiments are described and claimed.	05-21-2009
20100150351	Method of Delivering Direct Proof Private Keys to Devices Using an On-Line Service - Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.	06-17-2010
20100254532	METHOD OF OBSCURING CRYPTOGRAPHIC COMPUTATIONS - Obscuring cryptographic computations may be accomplished by performing modular exponentiation of an exponent in a cryptographic computation such that memory accesses are independent of the exponent bit pattern, thereby deterring timing attacks.	10-07-2010

Patent applications by Ernie F. Brickell, Portland, OR US