-
公开(公告)号:US11062032B2
公开(公告)日:2021-07-13
申请号:US16182093
申请日:2018-11-06
Applicant: GOOGLE LLC
Inventor: Gaurav Shah , William A. Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.
-
公开(公告)号:US20220116776A1
公开(公告)日:2022-04-14
申请号:US17268668
申请日:2020-06-30
Applicant: Google LLC
Inventor: Randall Spangler , Kiavash Faraji
IPC: H04W12/069 , H04W12/0431 , H04W12/50 , H04L9/30 , H04L9/32 , H04L9/08 , H02J7/00 , H02J50/80 , H02J50/10
Abstract: Methods, systems, apparatus, and computer-readable storage devices for anonymous device authentication. A method includes: accessing, by the electronic device, data stored by the electronic device that identifies authentication keys the electronic device accepts as valid; sending, by the electronic device to a second electronic device, an authentication request that identifies a set of authentication keys including at least some of authentication keys the electronic device accepts as valid; and receiving, by the electronic device, response data that the second electronic device provides in response to the authentication request. The response data (i) identifies a particular authentication key from the set of authentication keys identified by the authentication request, and (ii) includes a signature generated using the particular authentication key. The method includes authenticating, by the electronic device, the second electronic device by determining that the received signature was generated using the particular authentication key.
-
Patent Agency Ranking
公开(公告)号:US20240381088A1
公开(公告)日:2024-11-14
申请号:US18647844
申请日:2024-04-26
Applicant: Google LLC
Inventor: Randall Spangler , Kiavash Faraji
IPC: H04W12/069 , H02J7/00 , H02J50/10 , H02J50/40 , H02J50/80 , H04L9/08 , H04L9/30 , H04L9/32 , H04L9/40 , H04W12/0431 , H04W12/50
Abstract: Methods, systems, apparatus, and computer-readable storage devices for anonymous device authentication. A method includes: accessing, by the electronic device, data stored by the electronic device that identifies authentication keys the electronic device accepts as valid; sending, by the electronic device to a second electronic device, an authentication request that identifies a set of authentication keys including at least some of authentication keys the electronic device accepts as valid; and receiving, by the electronic device, response data that the second electronic device provides in response to the authentication request. The response data (i) identifies a particular authentication key from the set of authentication keys identified by the authentication request, and (ii) includes a signature generated using the particular authentication key. The method includes authenticating, by the electronic device, the second electronic device by determining that the received signature was generated using the particular authentication key.
-
公开(公告)号:US20220179960A1
公开(公告)日:2022-06-09
申请号:US17439362
申请日:2019-06-10
Applicant: Google LLC
Inventor: Randall Spangler
Abstract: A computing system is described for securely verifying system firmware and recovery firmware to ensure system integrity without relying on a manufacturer's proprietary verification process, hardware-specific keys, or inherent write-protection features of system memory. In aspects, the computing system utilizes a security processor that maintains firmware management parameters that define a process for verifying firmware and recovery firmware independent of an integrated circuit manufacturer's Mask ROM (read-only-memory) verification process. The security processor ensures that the firmware or recovery firmware is signed appropriately and consistent with previously executed versions, or if different, produces verification results (e.g., generated hash values) that are consistent with expected results embedded in the firmware, at compile time. In this way, the computing system improves usability, customization, and user control over the firmware and recovery firmware that is executed within the computing system.
-
公开(公告)号:US20190087583A1
公开(公告)日:2019-03-21
申请号:US16182093
申请日:2018-11-06
Applicant: GOOGLE LLC
Inventor: Gaurav Shah , William A. Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.
-
公开(公告)号:US12250546B2
公开(公告)日:2025-03-11
申请号:US18647844
申请日:2024-04-26
Applicant: Google LLC
Inventor: Randall Spangler , Kiavash Faraji
IPC: H04W12/069 , H02J7/00 , H02J50/10 , H02J50/80 , H04L9/08 , H04L9/30 , H04L9/32 , H04L9/40 , H04W12/0431 , H04W12/50 , H02J50/40
Abstract: Methods, systems, apparatus, and computer-readable storage devices for anonymous device authentication. A method includes: accessing, by the electronic device, data stored by the electronic device that identifies authentication keys the electronic device accepts as valid; sending, by the electronic device to a second electronic device, an authentication request that identifies a set of authentication keys including at least some of authentication keys the electronic device accepts as valid; and receiving, by the electronic device, response data that the second electronic device provides in response to the authentication request. The response data (i) identifies a particular authentication key from the set of authentication keys identified by the authentication request, and (ii) includes a signature generated using the particular authentication key. The method includes authenticating, by the electronic device, the second electronic device by determining that the received signature was generated using the particular authentication key.
-
公开(公告)号:US12003964B2
公开(公告)日:2024-06-04
申请号:US17268668
申请日:2020-06-30
Applicant: Google LLC
Inventor: Randall Spangler , Kiavash Faraji
IPC: H04W12/069 , H02J7/00 , H02J50/10 , H02J50/80 , H04L9/08 , H04L9/30 , H04L9/32 , H04L9/40 , H04W12/0431 , H04W12/50 , H02J50/40
CPC classification number: H04W12/069 , H02J7/00045 , H02J50/10 , H02J50/80 , H04L9/0891 , H04L9/3073 , H04L9/3247 , H04L63/08 , H04W12/0431 , H04W12/50 , H02J50/40
Abstract: Methods, systems, apparatus, and computer-readable storage devices for anonymous device authentication. A method includes: accessing, by the electronic device, data stored by the electronic device that identifies authentication keys the electronic device accepts as valid; sending, by the electronic device to a second electronic device, an authentication request that identifies a set of authentication keys including at least some of authentication keys the electronic device accepts as valid; and receiving, by the electronic device, response data that the second electronic device provides in response to the authentication request. The response data (i) identifies a particular authentication key from the set of authentication keys identified by the authentication request, and (ii) includes a signature generated using the particular authentication key. The method includes authenticating, by the electronic device, the second electronic device by determining that the received signature was generated using the particular authentication key.
-
-
-
-
-
-
Search Results
7
records
(took 0.014 seconds)
