Russell D Housley

US Patent:

6904523, Jun 7, 2005

Filed:

Jul 11, 2002

Appl. No.:

10/195059

Inventors:

William P. Bialick - Clarksville MD, US
Russell D. Housley - Herndon VA, US
Charles R. J. Moore - Brisbane, AU
Duane J. Linsenbardt - San Jose CA, US

Assignee:

Spyrus, Inc. - San Jose CA

International Classification:

H04L009/00

US Classification:

713156, 705 59

Abstract:

A licensing attribute certificate enables a trusted computing base to enforce access to a computing resource by a computer application. The licensing attribute certificate can contain enforcement data which limits the use of the computing resource. The licensing attribute certificate can also contain information allowing for the tracking of licensing data about the use of the computing resource. The use of a licensing attribute certificate to enforce access to a computing resource can allow products to be fielded which have their capability limited to a specific subset of functions. The enforcement data, the licensing data, and the data limiting the application to a specific subset of functions are cryptographically bound to the computing resource using a licensing attribute certificate according to the invention. Prior to allowing access to the computing resource by the computer application, a trusted computing base strongly authenticates that usage via the licensing attribute certificate.

US Patent:

6981149, Dec 27, 2005

Filed:

Feb 15, 2002

Appl. No.:

10/077841

Inventors:

Russell D. Housley - Herndon VA, US
Gregory W. Piper - San Jose CA, US
Randy V. Sabett - Washington DC, US

Assignee:

Spyrus, Inc. - San Jose CA

International Classification:

G06F012/14
H04L009/00

US Classification:

713189, 713166, 713172

Abstract:

The invention enables a cryptographic device to be easily, securely and/or irreversibly customized to provide specified cryptographic functionality. For example, the invention can enable easy and secure modification (expansion, reduction or changing) of application code (which interacts with code stored on a cryptographic device) via the exposure of, for example, the mathematical primitive operations available on the cryptographic device. In particular, the invention can enable modification of available cryptographic operations at a relatively high level of programming abstraction, thus enabling such modification to be accomplished relatively easily. Further, the invention can enable the modification to be accomplished in a manner that does not necessitate or allow access by the application developer to other operations of the cryptographic device, thus providing security for the proprietary code and/or cryptographic keys of other persons or entities that may be present on the cryptographic device. The invention can also enable specification of permissible cryptographic characteristics of a cryptographic device from a set of available cryptographic characteristics of the cryptographic device. In particular, such specification can be done (at device fulfillment, for example) in a manner that is irreversible, thus enabling the cryptographic device to satisfy export regulations for cryptographic devices and/or to meet customer requirements for device security.

US Patent:

7356692, Apr 8, 2008

Filed:

Mar 15, 2005

Appl. No.:

11/081792

Inventors:

William P. Bialick - Clarksville MD, US
Russell D. Housley - Herndon VA, US
Charles R. J. Moore - Brisbane, AU
Duane J. Linsenbardt - San Jose CA, US

Assignee:

Spyrus, Inc. - San Jose CA

International Classification:

H04L 9/00

US Classification:

713156, 705 59

Abstract:

A licensing attribute certificate enables a trusted computing base to enforce access to a computing resource by a computer application. The licensing attribute certificate can contain enforcement data which limits the use of the computing resource. The licensing attribute certificate can also contain information allowing for the tracking of licensing data about the use of the computing resource. The use of a licensing attribute certificate to enforce access to a computing resource can allow products to be fielded which have their capability limited to a specific subset of functions. The enforcement data, the licensing data, and the data limiting the application to a specific subset of functions are cryptographically bound to the computing resource using a licensing attribute certificate according to the invention. Prior to allowing access to the computing resource by the computer application, a trusted computing base strongly authenticates that usage via the licensing attribute certificate.

US Patent:

60031352, Dec 14, 1999

Filed:

Jun 4, 1997

Appl. No.:

8/869120

Inventors:

William P. Bialick - Clarksville MD
Mark J. Sutherland - Milpitas CA
Thomas K. Rowland - Los Gatos CA
Kirk W. Skeba - Fremont CA
Russell D. Housley - Herndon VA

Assignee:

Spyrus, Inc. - Santa Clara CA

International Classification:

G06F 1214

US Classification:

713201

Abstract:

The invention enables a modular, typically portable, device to communicate with a host computing device to enable one or more security operations to be performed by the modular device on data stored within the host computing device, data provided from the host computing device to the modular device (which can then be, for example, stored in the modular device or transmitted to yet another device), or data retrieved by the host computing device from the modular device (e. g. , data that has been stored in the modular device, transmitted to the modular device from another device or input to the modular device by a person). In particular, the modular device can include a security module that is adapted to enable performance of one or more security operations on data, and a target module that is adapted to enable a defined interaction with a host computing device. The target module can be embodied by any of a variety of modules having different types of functionality (e. g. , data storage, data communication, data input and output, user identification).

US Patent:

60888024, Jul 11, 2000

Filed:

Jun 4, 1997

Appl. No.:

8/869305

Inventors:

William P. Bialick - Clarksville MD
Mark J. Sutherland - Milpitas CA
Thomas K. Rowland - Los Gatos CA
Kirk W. Skeba - Fremont CA
Russell D. Housley - Herndon VA

Assignee:

Spyrus, Inc. - Santa Clara CA

International Classification:

G06K 1467

US Classification:

713200

Abstract:

The invention enables a peripheral device to communicate with a host computing device to enable one or more security operations to be performed by the peripheral device on data stored within the host computing device, data provided from the host computing device to the peripheral device (which can then be, for example, stored in the peripheral device or transmitted to yet another device), or data retrieved by the host computing device from the peripheral device (e. g. , data that has been stored in the peripheral device, transmitted to the peripheral device from another device or input to the peripheral device by a person). In particular, the peripheral device can be adapted to enable, in a single integral peripheral device, performance of one or more security operations on data, and a defined interaction with a host computing device that has not previously been integrated with security operations in a single integral device. The defined interactions can provide a variety of types of functionality (e. g. , data storage, data communication, data input and output, user identification).

US Patent:

20220353684, Nov 3, 2022

Filed:

Jul 7, 2022

Appl. No.:

17/859610

Inventors:

- Sterling VA, US
Carlos Solari - Sterling VA, US
Matthew Silveira - Placerville CA, US
Russell Housley - Herndon VA, US
William C. Epstein - Salt Lake City UT, US
Timothy Ray Newman - Edgewater MD, US
Charles Clancy - McLean VA, US
Sean Turner - Washington DC, US

International Classification:

H04W 12/069
H04L 9/40
H04L 45/00
H04L 49/20

Abstract:

Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

US Patent:

20210360401, Nov 18, 2021

Filed:

May 15, 2021

Appl. No.:

17/321405

Inventors:

- Sterling VA, US
Carlos Solari - Sterling VA, US
Matthew Silveira - Placerville CA, US
Russell Housley - Herndon VA, US
William C. Epstein - Salt Lake City UT, US
Timothy Ray Newman - Edgewater MD, US
Charles Clancy - McLean VA, US
Sean Turner - Washington DC, US

International Classification:

H04W 12/069
H04L 12/931
H04L 12/721
H04L 29/06

Abstract:

Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.