PETER J REED
Social Work in Beverly Farms, MA

6397331, May 28, 2002

Sep 16, 1998

09/154323

Timothy Ober - Atkinson NH
Peter Reed - Beverly MA

SafeNet, Inc. - Baltimore MD

H04L 900

713164, 713165, 713167, 717 10

A method of expanding a secure kernel memory area to accommodate additional software code includes the step of digitally signing the additional code by a trusted authority. The code has a digital signature to authenticate the source of the code and to control what code can be added to the secure kernel. The new code is copied into an unprotected memory where the digital signature is verified. The digital signature includes a unique integrated circuit (IC) identification number, which provides the IC manufacturer with the ability to control the secure kernel memory expansion of all or each of the ICs. If the code is authenticated via the digital signature, then those memory blocks are locked-in as protected memory and thus given “secure kernel” privileges.

6631472, Oct 7, 2003

Jul 2, 2001

09/897670

Michael M. Kaplan - Rockport MA
Timothy Ober - Atkinson NH
Peter Reed - Beverly MA

SafeNet, Inc. - Baltimore MD

G06F 1300

713201

A kernel mode protection circuit includes a processor, a program counter, a kernel program fetch supervisor circuit, a kernel data fetch supervisor circuit, a program memory, a data memory, a flip-flop circuit and two AND circuits. The data memory includes two user memories, protected registers and random access memory (RAM). The program memory includes two user memories and a kernel read only memory (ROM). The circuit may operate in either a user mode (kernel ROM is not accessible) or a kernel mode (kernel ROM is accessible). When in the kernel mode the kernel RAM and certain protected registers are accessible only by a secure kernel. The kernel mode control circuit will reset the processor should a security violation occur, such as attempting to access the kernel RAM while in the user mode. The kernel program fetch supervisor circuit monitors and compares an address within the program counter to a predetermined address, stored within the kernel program fetch supervisor circuit, to determine if a security violation has occurred. The kernel data fetch supervisor circuit monitors and compares the data address to addresses defining a protected memory area.

6654465, Nov 25, 2003

Jul 2, 2001

09/897251

Timothy Ober - Atkinson NH
Peter Reed - Beverly MA

SafeNet, Inc. - Baltimore MD

H04L 932

380264, 380286, 380 44, 713176

A method of generating a recovery key encryption key (RKEK) in a secure manner by an integrated circuit (IC) and a key recovery escrow agent includes the steps of generating by the IC a first number having a private component and a public component, and generating by the escrow agent a second number having a private component and a public component. The public component of the first number is provided to the escrow agent, and the public component of the second number is provided to the integrated circuit. A Diffie-Hellman modulo-exponentiation mathematical operation is performed by the integrated circuit using the private component of the first number, the public component of the first number and the public component of the second number to create the RKEK. A similar operation is performed by the escrow agent using the private component of the second number, the public number of the second number and the public component of the first number to create the RKEK at its end.

6708273, Mar 16, 2004

Feb 25, 1999

09/258110

Timothy Ober - Atkinson NH
Peter Reed - Beverly MA
Robert W. Doud - Bedford MA

SafeNet, Inc. - Baltimore MD

G06F 1130

713189, 713192

A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP), along with a number of high performance cryptographic function elements, as well as a PCI and PCMCIA interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator.

6704871, Mar 9, 2004

Sep 16, 1998

09/154443

Michael M. Kaplan - Rockport MA
Timothy Ober - Atkinson NH
Peter Reed - Beverly MA
Robert W. Doud - Bedford MA

SafeNet, Inc. - Baltimore MD

G06F 1130

713192

A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP), along with a number of high performance cryptographic function elements, as well as a PCI and PCMCIA interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator.

6278782, Aug 21, 2001

Sep 16, 1998

9/154120

Timothy Ober - Atkinson NH
Peter Reed - Beverly MA

SafeNet, Inc. - Baltimore MD

H04L 932

380264

A method of generating a recovery key encryption key (RKEK) in a secure manner by an integrated circuit (IC) and a key recovery escrow agent includes the steps of generating by the IC a first number having a private component and a public component, and generating by the escrow agent a second number having a private component and a public component. The public component of the first number is provided to the escrow agent, and the public component of the second number is provided to the integrated circuit. A Diffie-Hellman modulo-exponentiation mathematical operation is performed by the integrated circuit using the private component of the first number, the public component of the first number and the public component of the second number to create the RKEK. A similar operation is performed by the escrow agent using the private component of the second number, the public number of the second number and the public component of the first number to create the RKEK at its end.

6282657, Aug 28, 2001

Sep 16, 1998

9/154357

Michael M. Kaplan - Rockport MA
Timothy Ober - Atkinson NH
Peter Reed - Beverly MA

SafeNet, Inc. - Baltimore MD

G06F 1300

713201

A protection circuit operates in a user or kernel mode. In the kernel mode, a kernel memory is accessible only by a secure kernel. A processor is reset if a security violation occurs, such as by attempting to access kernel memory in user mode. A program fetch supervisor circuit compares addresses to a predetermined address to determine if a security violation has occurred. A data fetch supervisor circuit compares data addresses to a protected memory address range. A security violation occurs if the data address is in protected memory, which resets the processor. A method of kernel mode protection includes fetching a program opcode or data operand. If the program opcode or data operand is from kernel memory and the processor is in user mode, the processor is reset. If an opcode is fetched from user memory while in kernel mode, the processor reverts to user mode.

6959086, Oct 25, 2005

Jul 2, 2001

09/897666

Timothy Ober - Atkinson NH, US
Peter Reed - Beverly MA, US

Safenet, Inc. - Baltimore MD

H04L009/00

380 30, 713171, 380259, 380260, 380 44

A key management scheme for managing encryption keys in a cryptographic co-processor includes the first step of selecting a key from one of a symmetrical key type and an asymmetrical key type. Then, the key bit length is selected. The key is then generated and, lastly, the key is represented in either an external form or an internal form.

6307936, Oct 23, 2001

Sep 16, 1998

9/154133

Timothy Ober - Atkinson NH
Peter Reed - Beverly MA

SafeNet, Inc. - Baltimore MD

H04L 900

380 30

A key management scheme for managing encryption keys in a cryptographic co-processor includes the first step of selecting a key from one of a symmetrical key type and an asymmetrical key type. Then, the key bit length is selected. The key is then generated and, lastly, the key is represented in either an external form or an internal form.

2001005, Dec 27, 2001

Sep 16, 1998

09/154300

TIMOTHY OBER - ATKINSON NH, US
PETER REED - BEVERLY MA, US

G06F012/14

713/193000

A hardware secure memory area includes one or more secondary communication buses connected to a main communication bus. The secondary communication buses are coupled to the main communication bus by separate bus transceivers. The bus transceivers provide isolation between the communication buses and between unaccessed secondary buses and the main communication buses. Various external devices, such as memories, may be coupled to the communication buses. Only one bus transceiver may be activated at a time, thus making it impossible for two secondary communication buses to be linked.