Search

Stefan Thom

age ~55

from Snohomish, WA

Stefan Thom Phones & Addresses

  • 7108 130Th St SE, Snohomish, WA 98296 • 425 338-0995
  • Seattle, WA

Skills

Cloud Computing • Software Design • Windows • Programming • Computer Security • Cryptography • Threat Modeling • Computer Forensics • Os Security Design • Smart Cards • Designs • Embedded Software • Embedded Systems • System Architecture • Security • Architecture • Software Development • Firmware • Enterprise Software • Debugging • Device Drivers • Architectures • Mobile Devices • Distributed Systems • Testing • Perl • Unix • Integration • Linux • Trusted Computing • Tpm

Languages

English • German • French

Industries

Computer Software

Resumes

Stefan Thom Photo 1

Stefan Thom

view source
Location:
7108 130Th St, Snohomish, WA 98296
Industry:
Computer Software
Skills:
Cloud Computing
Software Design
Windows
Programming
Computer Security
Cryptography
Threat Modeling
Computer Forensics
Os Security Design
Smart Cards
Designs
Embedded Software
Embedded Systems
System Architecture
Security
Architecture
Software Development
Firmware
Enterprise Software
Debugging
Device Drivers
Architectures
Mobile Devices
Distributed Systems
Testing
Perl
Unix
Integration
Linux
Trusted Computing
Tpm
Languages:
English
German
French

Us Patents

  • Systems And Methods For Controlling Access To Data On A Computer With A Secure Boot Process

    view source
  • US Patent:
    7565553, Jul 21, 2009
  • Filed:
    Jan 14, 2005
  • Appl. No.:
    11/036415
  • Inventors:
    Jamie Hunter - Bothell WA, US
    Paul England - Bellevue WA, US
    Russell Humphries - Redmond WA, US
    Stefan Thom - Snohomish WA, US
    Kenneth D. Ray - Seattle WA, US
    Jonathan Schwartz - Kirkland WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 12/14
  • US Classification:
    713192, 726 34
  • Abstract:
    Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.
  • Systems And Methods For Securely Booting A Computer With A Trusted Processing Module

    view source
  • US Patent:
    7725703, May 25, 2010
  • Filed:
    Jan 7, 2005
  • Appl. No.:
    11/031161
  • Inventors:
    Jamie Hunter - Bothell WA, US
    Paul England - Bellevue WA, US
    Russell Humphries - Redmond WA, US
    Stefan Thom - Snohomish WA, US
    Kenneth D Ray - Seattle WA, US
    Jonathan Schwartz - Kirkland WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 21/02
    G06F 21/22
  • US Classification:
    713 2, 713100, 713170, 713181, 713193, 726 29, 726 34, 380259
  • Abstract:
    In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.
  • Generic Extensible Pre-Operating System Cryptographic Infrastructure

    view source
  • US Patent:
    7836309, Nov 16, 2010
  • Filed:
    Jul 20, 2007
  • Appl. No.:
    11/780781
  • Inventors:
    Erik Holt - Redmond WA, US
    Stefan Thom - Snohomish WA, US
    Shivaram H. Mysore - Kirkland WA, US
    Valerie Kathleen Bays - Redmond WA, US
    Carl Ellison - Seattle WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 21/00
  • US Classification:
    713182, 380287
  • Abstract:
    A cryptographic device protocol provides a generic interface allowing pre-OS applications to employ any of a variety of cryptographic devices within the pre-OS environment. The generic interface can be used independent of the specific cryptographic devices and is independent of the cryptographic or hashing algorithms used by each device. Cryptographic functions may be performed in the pre-OS environment by pre-OS applications communicating with cryptographic device drivers using the cryptographic device protocol that is independent of the cryptographic devices. Each cryptographic device may be identified by a unique device identifier and may have a number of keys available to it, with each key being identified by a unique key identifier.
  • Integrity Protected Smart Card Transaction

    view source
  • US Patent:
    7934096, Apr 26, 2011
  • Filed:
    Jul 27, 2007
  • Appl. No.:
    11/829737
  • Inventors:
    Stefan Thom - Snohomish WA, US
    Erik Lee Holt - Redmond WA, US
    Shivaram H. Mysore - Kirkland WA, US
    Valerie Kathleen Bays - Redmond WA, US
    Carl M. Ellison - Seattle WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    H04L 9/32
    H04L 29/06
    G06F 21/00
    G06F 7/04
  • US Classification:
    713172, 713185, 713193, 726 9, 726 20, 726 27, 725 30, 725 6, 902 1, 902 2, 902 3, 902 4, 902 5
  • Abstract:
    Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
  • Systems And Methods For Updating A Secure Boot Process On A Computer With A Hardware Security Module

    view source
  • US Patent:
    8028172, Sep 27, 2011
  • Filed:
    Jan 14, 2005
  • Appl. No.:
    11/036018
  • Inventors:
    Jamie Hunter - Bothell WA, US
    Paul England - Bellevue WA, US
    Russell Humphries - Redmond WA, US
    Stefan Thom - Snohomish WA, US
    Kenneth D. Ray - Seattle WA, US
    Jonathan Schwartz - Kirkland WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    H04L 9/32
  • US Classification:
    713193
  • Abstract:
    Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.
  • Transparent Trust Validation Of An Unknown Platform

    view source
  • US Patent:
    8127146, Feb 28, 2012
  • Filed:
    Sep 30, 2008
  • Appl. No.:
    12/241496
  • Inventors:
    Stefan Thom - Snohomish WA, US
    Shon Eizenhoefer - Bothell WA, US
    Erik Holt - Redmond WA, US
    Yash Ashok Kumar Gandhi - Ramdaspeth Nagpur, IN
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    H04L 9/00
  • US Classification:
    713189, 713 2
  • Abstract:
    A transparent trust validation of an unknown platform can be performed by communicationally coupling it to a trusted device, such as a portable peripheral device carried by a user, or one or more remote computing devices. Information from the unknown platform can be obtained by boot code copied to it from the trusted device and such information can be validated by the trusted device. The trusted device can then provide an encrypted version of decryption key to the boot code which can request the Trusted Platform Module (TPM) of the unknown platform to decrypt and return the decryption key. If the information originally obtained from the unknown platform and validated by the trusted device was authentic, the TPM will be able to provide the decryption key to the boot code, enabling it to decrypt an encrypted volume comprising applications, operating systems or other components.
  • Platform Authentication Via A Transparent Second Factor

    view source
  • US Patent:
    8200952, Jun 12, 2012
  • Filed:
    Oct 25, 2006
  • Appl. No.:
    11/586283
  • Inventors:
    David R. Wooten - Redmond WA, US
    Eric Holt - Redmond WA, US
    Stefan Thom - Snohomish WA, US
    Tony Ureche - Renton WA, US
    Dan Sledz - Seattle WA, US
    Douglas M. Maclver - Seattle WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 21/00
  • US Classification:
    713 2
  • Abstract:
    Firmware of a system is configured to allow secondary devices, such as a smart card, to be used for authentication. In an example embodiment, the secondary device is a CCID smart card in compliance with the ISO 7816 specification. The smart card is inserted into a card reader coupled to the system prior to booting the system. The firmware comprises an emulator and driver configured to allow authentication information from the smart card to be utilized to allow execution of the boot process. In an example embodiment, the smart card comprises external keys for use with BITLOCKER™. The secondary device is compatible with systems implementing a BIOS and with systems implementing EFI. Authentication also can be accomplished via devices that do not provide data storage, such as a biometric device or the like.
  • Secure Storage Of Temporary Secrets

    view source
  • US Patent:
    8250379, Aug 21, 2012
  • Filed:
    Oct 13, 2009
  • Appl. No.:
    12/577846
  • Inventors:
    Stefan Thom - Snohomish WA, US
    Cristian Marius Ilac - Sammamish WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 21/00
  • US Classification:
    713193
  • Abstract:
    Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation.

Googleplus

Stefan Thom Photo 2

Stefan Thom

Work:
Bäckeri Götz - Bäcker (17)
Tagline:
Was is nen Motto? Nexa-Lotte soll helfen :P
Stefan Thom Photo 3

Stefan Thom

Stefan Thom Photo 4

Stefan Thom

Youtube

2017-18 CACR Security Speaker Stefan Thom- "C...

Stefan Thom- Microsoft employee of 15 years Stefan Thom has spent all ...

  • Duration:
    1h 14m 14s

Stefan Thom - Every Sales Call Is A Customer ...

Stefan Thom is an Account Executive at ProductPlan. We talk about Stef...

  • Duration:
    25m 51s

story of lost 1800crores #stefan thom as #sho...

story of lost 1800crores #stefan thom as #bitcoin #shorts #hindi #cryp...

  • Duration:
    50s

The Wheel of Time - The Man Who Can't Forget ...

No idea what it is with bards in TV Shows recently, but I am a fan. Th...

  • Duration:
    1m 54s

Stephen Thompson vs Vicente Luque | FREE FIGH...

#UFC #UFCOrlando.

  • Duration:
    18m 8s

USENIX Security '16 - fTPM: A Software-Only I...

... David Robinson, Rob Spiger, Stefan Thom, and David Wooten, Microso...

  • Duration:
    33m 4s

Get Report for Stefan Thom from Snohomish, WA, age ~55
Control profile