公开(公告)号：US20180046808A1

公开(公告)日：2018-02-15

申请号：US15234909

申请日：2016-08-11

Applicant: QUALCOMM Incorporated

Inventor： Rosario CAMMAROTA ,  Roberto AVANZI ,  Ramesh Chandra CHAUHAN ,  Harold Wade CAIN, III ,  Darren LASKO

IPC: G06F21/57 ,  G06F12/0891 ,  G06F12/0877

CPC classification number: G06F21/57 ,  G06F12/0877 ,  G06F12/0891 ,  G06F21/556 ,  G06F21/75 ,  G06F21/79 ,  G06F2212/1052 ,  G06F2212/603

Abstract: Techniques for preventing side-channel attacks on a cache are provided. A method according to these techniques includes executing a software instruction indicating that a portion of software requiring data protection is about to be executed, setting the cache to operate in a randomized mode to de-correlate cache timing and cache miss behavior from data being processed by the portion of software requiring data protection responsive to the instruction indicating that the portion of software requiring data protection is about to be executed, executing the portion of software requiring data protection, storing the data being processed by the portion of software requiring data protection, and setting the cache to operate in a standard operating mode responsive to an instruction indicating that execution of the portion of software requiring data protection has completed.

公开(公告)号：US20170075820A1

公开(公告)日：2017-03-16

申请号：US15232723

申请日：2016-08-09

Applicant: QUALCOMM Incorporated

Inventor： David HARTLEY ,  Roberto AVANZI ,  Rosario CAMMAROTA

IPC: G06F12/14 ,  G06F21/62 ,  G06F21/12

CPC classification number: G06F12/1408 ,  G06F21/121 ,  G06F21/125 ,  G06F21/14 ,  G06F21/62 ,  G06F21/74 ,  G06F2212/1052 ,  G06F2221/0755

Abstract: Techniques for protecting software in a computing device are provided. A method according to these techniques includes receiving a request from a non-secure software module to execute an instruction of a secure software module comprising encrypted program code, determining whether the instruction comprises an instruction associated with a controlled point of entry to the secure software module accessible outside of the secure software module, executing one or more instructions of the secure software module responsive to the instruction comprising an instruction associated with the controlled point of entry to the secure software module, and controlling exit from the secure software module to return execution to the non-secure software module.

Abstract translation: 提供了用于在计算设备中保护软件的技术。 根据这些技术的方法包括接收来自非安全软件模块的请求以执行包括加密程序代码的安全软件模块的指令，确定指令是否包括与控制入口点相关联的指令到安全软件模块 可访问安全软件模块外部，响应于包括与受控控制点相关联的指令到安全软件模块的指令执行安全软件模块的一个或多个指令，以及控制从安全软件模块退出以将执行返回到 非安全软件模块。

公开(公告)号：US20170085540A1

公开(公告)日：2017-03-23

申请号：US14862059

申请日：2015-09-22

Applicant: QUALCOMM Incorporated

Inventor： Roberto AVANZI ,  Rosario CAMMAROTA ,  Ron KEIDAR

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L9/0877 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0853 ,  H04L2209/60 ,  H04L2209/80 ,  H04W4/70 ,  H04W12/02

Abstract: A method includes: decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, where a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and where the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; decrypting, in the device, the second subset of encrypted data using the cryptographic device key to produce second plain text; encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.

公开(公告)号：US20160295283A1

公开(公告)日：2016-10-06

申请号：US14677762

申请日：2015-04-02

Applicant: QUALCOMM Incorporated

Inventor： Roberto AVANZI ,  Simo Petteri KANGASLAMPI ,  Ron KEIDAR ,  Chang-Kuk CHOI

IPC: H04N21/4627 ,  H04N21/439

CPC classification number: H04N21/4627 ,  G06F21/10 ,  G06F2221/07 ,  H04L2209/603 ,  H04N21/4394 ,  H04N21/4398

Abstract: Techniques for preventing circumvention of digital rights management protections on electronic content are provided. A method according to these techniques includes receiving a content stream, obtaining samples from the content stream, generating a histogram based on the samples from the content stream, classifying the content stream as including audio content or non-audio content based on the histogram, and modifying portions of the content stream responsive to classifying the content stream as including non-audio content. The content stream can be modified such that any video content included in the content stream would be rendered unplayable, while audio content included in the content stream remains playable.

Abstract translation: 提供了防止数字版权管理保护电子内容的技术。 根据这些技术的方法包括接收内容流，从内容流获得样本，基于来自内容流的样本生成直方图，基于直方图将内容流分类为包括音频内容或非音频内容;以及 响应于将内容流分类为包括非音频内容来修改内容流的部分。 可以修改内容流，使得包含在内容流中的任何视频内容将被渲染为不可播放，而包含在内容流中的音频内容保持可播放。

公开(公告)号：US20200042746A1

公开(公告)日：2020-02-06

申请号：US16053626

申请日：2018-08-02

Applicant: QUALCOMM Incorporated

Inventor： Roberto AVANZI ,  Darren LASKO

IPC: G06F21/72 ,  G06F12/14 ,  H04L9/08 ,  H04L9/06

Abstract: Some embodiments include systems and methods for the management of a plurality of expanded cryptographic keys associated with a plurality of corresponding Protected Software Environments (PSEs) supervised by PSE-management software running on a computer system. In one embodiment, a computer system has a first processor, a first memory controller, and a first RAM. The first memory controller has a first memory cryptography circuit connected between the first processor and the first RAM. The memory cryptography circuit comprises a keystore and a first cryptographic engine. The keystore comprises a seedstore and a key-expansion engine. The seedstore is configured to store a first plurality of cryptographic key seeds accessible by a key identifier, for use by the key-expansion engine to generate expanded keys, where each key seed corresponds to a corresponding client.

公开(公告)号：US20190384725A1

公开(公告)日：2019-12-19

申请号：US16547527

申请日：2019-08-21

Applicant: QUALCOMM Incorporated

Inventor： Darren LASKO ,  Roberto AVANZI ,  Thomas Philip SPEIER ,  Harb ABDULHAMID ,  Vikramjit SETHI

IPC: G06F12/14 ,  H04L9/14 ,  H04L9/06 ,  G06F21/72

Abstract: A method, apparatus, and system for storing memory encryption realm key IDs is disclosed. A method comprises accessing a memory ownership table with a physical address to determine a realm ID associated with the physical address, accessing a key ID association structure with the realm ID to determine a realm key IS associated with the realm ID, and initiating a memory transaction based on the realm key ID. Once retrieved, the realm key ID may be stored in a translation lookaside buffer.