公开(公告)号：US20150074433A1

公开(公告)日：2015-03-12

申请号：US14072735

申请日：2013-11-05

Applicant: QUALCOMM Incorporated

Inventor： Xiaochun Zhu ,  Steven M. Millendorf ,  Xu Guo ,  David M. Jacobson ,  Kangho Lee ,  Seung H. Kang ,  Matthew Michael Nowak

IPC: G06F21/70 ,  G06F1/26

CPC classification number: G06F21/70 ,  G06F1/26 ,  G09C1/00 ,  G11C11/161 ,  G11C11/1673 ,  G11C11/1675 ,  G11C11/1695 ,  G11C17/02 ,  G11C17/14 ,  H04L9/0866 ,  H04L9/3278 ,  H04L2209/12

Abstract: One feature pertains to a method of implementing a physically unclonable function that includes providing an array of metal-insulator-metal (MIM) devices, where the MIM devices are configured to represent a first resistance state or a second resistance state and a plurality of the MIM devices are initially at the first resistance state. The MIM devices have a random breakdown voltage that is greater than a first voltage and less than a second voltage, where the breakdown voltage represents a voltage that causes the MIM devices to transition from the first resistance state to the second resistance state. The method further includes applying a signal line voltage to the MIM devices to cause a portion of the MIM devices to randomly breakdown and transition from the first resistance state to the second resistance state, the signal line voltage greater than the first voltage and less than the second voltage.

Abstract translation: 一个特征涉及实现物理上不可克隆的功能的方法，其包括提供金属 - 绝缘体 - 金属（MIM）器件的阵列，其中MIM器件被配置为表示第一电阻状态或第二电阻状态，并且多个 MIM器件最初处于第一电阻状态。 MIM器件具有大于第一电压且小于第二电压的随机击穿电压，其中击穿电压表示使MIM器件从第一电阻状态转变到第二电阻状态的电压。 该方法还包括向MIM器件施加信号线电压以使MIM器件的一部分随机击穿并从第一电阻状态转变到第二电阻状态，信号线电压大于第一电压并小于 第二电压。

公开(公告)号：US20150058928A1

公开(公告)日：2015-02-26

申请号：US13975082

申请日：2013-08-23

Applicant: QUALCOMM Incorporated

Inventor： Xu Guo ,  David M. Jacobson ,  Yafei Yang ,  Adam J. Drew ,  Brian Marc Rosenberg

IPC: H04L29/06

CPC classification number: H04L9/3278 ,  G06F7/588 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/0884

Abstract: One feature pertains to generating a unique identifier for an electronic device by combining static random access memory (SRAM) PUFs and circuit delay based PUFs (e.g., ring oscillator (RO) PUFs, arbiter PUFs, etc.). The circuit delay based PUFs may be used to conceal either a challenge to, and/or response from, the SRAM PUFs, thereby inhibiting an attacker from being able to clone a memory device's response.

Abstract translation: 一个特征涉及通过组合静态随机存取存储器（SRAM）PUF和基于电路延迟的PUF（例如，环形振荡器（RO）PUF，仲裁器PUF等））来为电子设备生成唯一的标识符。 基于电路延迟的PUF可以用于隐藏对SRAM PUF的挑战和/或响应，从而阻止攻击者克隆存储器设备的响应。

公开(公告)号：US20170308705A1

公开(公告)日：2017-10-26

申请号：US15136752

申请日：2016-04-22

Applicant: QUALCOMM Incorporated

Inventor： Chad Karaginides ,  Xu Guo ,  Eugen Pirvu ,  Dhaval Patel ,  Ron Keidar ,  Amit Shukla ,  Selvaraj Jaikumar ,  Yau Chu

IPC: G06F21/57 ,  G06F9/44 ,  G06F9/445 ,  H04L29/08 ,  H04L29/06

CPC classification number: G06F21/575 ,  G06F8/654 ,  G06F9/4401 ,  G06F9/4406 ,  G06F11/1433 ,  G06F2221/033 ,  H04L63/0428 ,  H04L63/0876 ,  H04L63/12 ,  H04W12/0013 ,  H04W12/0023 ,  H04W12/10

Abstract: Technologies for updating a processing device, where a first device image is stored in a first (non-volatile) memory. When a new second device image is received via a communication interface, a first boot of the device is performed and a boot loader performs security processing on the second device image. Once security processing has passed, the second device image is set as a trial image and executed. The executed image is monitored to determine if predetermined operational parameters in the device are met. If the parameters are met, the second device image is set as a current image and the first device image is deactivated. A second boot is performed to make the new image operational for the device and the anti-rollback version one-time programmable fuses are blown. If the parameters are not met, the device revers to the first device image.

公开(公告)号：US09787480B2

公开(公告)日：2017-10-10

申请号：US13975082

申请日：2013-08-23

Applicant: QUALCOMM Incorporated

Inventor： Xu Guo ,  David M. Jacobson ,  Yafei Yang ,  Adam J. Drew ,  Brian Marc Rosenberg

IPC: H04L9/32 ,  H04L29/06 ,  G06F7/58

CPC classification number: H04L9/3278 ,  G06F7/588 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/0884

Abstract: One feature pertains to generating a unique identifier for an electronic device by combining static random access memory (SRAM) PUFs and circuit delay based PUFs (e.g., ring oscillator (RO) PUFs, arbiter PUFs, etc.). The circuit delay based PUFs may be used to conceal either a challenge to, and/or response from, the SRAM PUFs, thereby inhibiting an attacker from being able to clone a memory device's response.

公开(公告)号：US09755831B2

公开(公告)日：2017-09-05

申请号：US14161185

申请日：2014-01-22

Applicant: QUALCOMM Incorporated

Inventor： Steven Douglas Laver ,  Xu Guo ,  Brian Marc Rosenberg ,  David Merrill Jacobson

IPC: H04L9/08 ,  G06F21/57

CPC classification number: H04L9/0894 ,  G06F21/575 ,  H04L9/0866

Abstract: One feature pertains to a method for extracting a secret key during a secure boot flow of an integrated circuit. Specifically, the secure boot flow includes powering ON a first volatile memory circuit to generate a plurality of initial logical state values, deriving secret data based on the plurality of initial logical state values, storing the secret data in a secure volatile memory circuit that is secured by a secure execution environment (SEE), clearing the plurality of initial logical state values in the first volatile memory circuit, executing a cryptographic algorithm at the SEE to extract a secret key based on the secret data, and storing the secret key in the secure volatile memory circuit. The secure boot flow controls access to the first volatile memory circuit to secure the secret data and the plurality of initial logical state values from the insecure applications.

公开(公告)号：US20170060595A1

公开(公告)日：2017-03-02

申请号：US14836651

申请日：2015-08-26

Applicant: QUALCOMM Incorporated

Inventor： Ron Keidar ,  Yau Chu ,  Xu Guo

IPC: G06F9/44 ,  H04L9/30 ,  G06F21/57

CPC classification number: G06F21/62 ,  G06F9/4401 ,  G06F21/575 ,  H04L9/0891 ,  H04L9/30 ,  H04L9/3268

Abstract: Disclosed is an apparatus and method to securely activate or revoke a key. For example, the apparatus may comprise: a storage device to store a plurality of pre-stored keys; a communication interface to receive an activate key command and a certificate associated with one of the pre-stored keys; and a processor. The processor may be coupled to the storage device and the communication interface and may be configured to: implement the activate key command to reboot the apparatus with the pre-stored key and the certificate; and determine if the reboot is successful.

Abstract translation: 公开了一种安全地激活或撤销密钥的装置和方法。 例如，该设备可以包括：存储设备，用于存储多个预先存储的密钥; 用于接收激活密钥命令的通信接口和与预先存储的密钥之一相关联的证书; 和处理器。 处理器可以耦合到存储设备和通信接口，并且可以被配置为：实现激活密钥命令以用预存的密钥和证书重新启动设备; 并确定重启是否成功。

公开(公告)号：US09298946B2

公开(公告)日：2016-03-29

申请号：US14072735

申请日：2013-11-05

Applicant: QUALCOMM Incorporated

Inventor： Xiaochun Zhu ,  Steven M. Millendorf ,  Xu Guo ,  David M. Jacobson ,  Kangho Lee ,  Seung H. Kang ,  Matthew Michael Nowak

IPC: G11C17/02 ,  G06F21/70 ,  G06F1/26 ,  G11C11/16 ,  H04L9/08 ,  H04L9/32 ,  G09C1/00

CPC classification number: G06F21/70 ,  G06F1/26 ,  G09C1/00 ,  G11C11/161 ,  G11C11/1673 ,  G11C11/1675 ,  G11C11/1695 ,  G11C17/02 ,  G11C17/14 ,  H04L9/0866 ,  H04L9/3278 ,  H04L2209/12

Abstract: One feature pertains to a method of implementing a physically unclonable function that includes providing an array of metal-insulator-metal (MIM) devices, where the MIM devices are configured to represent a first resistance state or a second resistance state and a plurality of the MIM devices are initially at the first resistance state. The MIM devices have a random breakdown voltage that is greater than a first voltage and less than a second voltage, where the breakdown voltage represents a voltage that causes the MIM devices to transition from the first resistance state to the second resistance state. The method further includes applying a signal line voltage to the MIM devices to cause a portion of the MIM devices to randomly breakdown and transition from the first resistance state to the second resistance state, the signal line voltage greater than the first voltage and less than the second voltage.

Abstract translation: 一个特征涉及实现物理上不可克隆的功能的方法，其包括提供金属 - 绝缘体 - 金属（MIM）器件的阵列，其中MIM器件被配置为表示第一电阻状态或第二电阻状态，并且多个 MIM器件最初处于第一电阻状态。 MIM器件具有大于第一电压且小于第二电压的随机击穿电压，其中击穿电压表示使MIM器件从第一电阻状态转变到第二电阻状态的电压。 该方法还包括向MIM器件施加信号线电压以使MIM器件的一部分随机击穿并从第一电阻状态转变到第二电阻状态，信号线电压大于第一电压并小于 第二电压。

公开(公告)号：US20150207624A1

公开(公告)日：2015-07-23

申请号：US14161185

申请日：2014-01-22

Applicant: QUALCOMM Incorporated

Inventor： Steven Douglas Laver ,  Xu Guo ,  Brian Marc Rosenberg ,  David Merrill Jacobson

IPC: H04L9/08 ,  G06F21/57

CPC classification number: H04L9/0894 ,  G06F21/575 ,  H04L9/0866

Abstract: One feature pertains to a method for extracting a secret key during a secure boot flow of an integrated circuit. Specifically, the secure boot flow includes powering ON a first volatile memory circuit to generate a plurality of initial logical state values, deriving secret data based on the plurality of initial logical state values, storing the secret data in a secure volatile memory circuit that is secured by a secure execution environment (SEE), clearing the plurality of initial logical state values in the first volatile memory circuit, executing a cryptographic algorithm at the SEE to extract a secret key based on the secret data, and storing the secret key in the secure volatile memory circuit. The secure boot flow controls access to the first volatile memory circuit to secure the secret data and the plurality of initial logical state values from the insecure applications.

Abstract translation: 一个特征涉及在集成电路的安全启动流程期间提取密钥的方法。 具体地，安全引导流程包括给开启第一易失性存储器电路以产生多个初始逻辑状态值，基于多个初始逻辑状态值导出秘密数据，将秘密数据存储在安全的易失性存储器电路中 通过安全执行环境（SEE），清除第一易失性存储器电路中的多个初始逻辑状态值，在SEE执行密码算法以基于秘密数据提取密钥，并将秘密密钥存储在安全的执行环境 易失性存储器电路。 安全引导流程控制对第一易失性存储器电路的访问以保护来自不安全应用的秘密数据和多个初始逻辑状态值。

公开(公告)号：US09083323B2

公开(公告)日：2015-07-14

申请号：US13764507

申请日：2013-02-11

Applicant: QUALCOMM Incorporated

Inventor： Xu Guo ,  Brian M. Rosenberg

IPC: H03K3/03 ,  H03K5/156 ,  H05K13/00 ,  H03K3/84 ,  H04L9/32

CPC classification number: H03K3/0315 ,  G09C1/00 ,  H03K3/84 ,  H03K5/156 ,  H04L9/0866 ,  H04L9/3278 ,  H04L2209/12 ,  H05K13/00 ,  Y10T29/49117

Abstract: One feature pertains to an integrated circuit (IC) that includes a first plurality of ring oscillators configured to implement, in part, a physically unclonable function (PUF). The IC further includes a second plurality of ring oscillators configured to implement, in part, an age sensor circuit, and also a ring oscillator selection circuit that is coupled to the first plurality of ring oscillators and the second plurality of ring oscillators. The ring oscillator selection circuit is adapted to select at least two ring oscillator outputs from at least one of the first plurality of ring oscillators and/or the second plurality of ring oscillators. Notably, the ring oscillator selection circuit is commonly shared by the PUF and the age sensor circuit. Also, the IC may further include an output function circuit adapted to receive and compare the two ring oscillator outputs and generate an output signal.

Abstract translation: 一个特征涉及一种集成电路（IC），其包括被配置为部分地实现物理上不可克隆功能（PUF）的第一多个环形振荡器。 IC还包括第二多个环形振荡器，其被配置为部分地实现年龄传感器电路，以及耦合到第一多个环形振荡器和第二多个环形振荡器的环形振荡器选择电路。 环形振荡器选择电路适于从第一多个环形振荡器和/或第二多个环形振荡器中的至少一个选择至少两个环形振荡器输出。 值得注意的是，环形振荡器选择电路通常由PUF和年龄传感器电路共享。 此外，IC还可以包括输出功能电路，其适于接收和比较两个环形振荡器输出并产生输出信号。

公开(公告)号：US20150101037A1

公开(公告)日：2015-04-09

申请号：US14045740

申请日：2013-10-03

Applicant: QUALCOMM Incorporated

Inventor： Yafei Yang ,  Xu Guo ,  David Merrill Jacobson ,  Brian Marc Rosenberg ,  Adam John Drew

IPC: G06F21/44

CPC classification number: G06F21/44 ,  G09C1/00 ,  H04L9/3278

Abstract: A method is provided for using obtaining a reproducible device identifier from a physically unclonable function. An authentication device may receive a first physically unclonable function (PUF) dataset from the electronic device, the first PUF dataset including characteristic information generated from a physically unclonable function in the electronic device. The authentication device may then identify a pre-stored PUF dataset corresponding to the electronic device. Authentication of the electronic device may be performed by correlating the pre-stored PUF dataset and the first PUF dataset for the electronic device, wherein such correlation is based on a pattern or distribution correlation the pre-stored PUF dataset and the first PUF dataset. Because such correlation is performed on datasets, and not individual points, systematic variations can be recognized by the correlation operation leading to higher correlation than point-by-point comparisons.

Abstract translation: 提供了一种用于从物理上不可克隆的功能获得可重现设备标识符的方法。 认证设备可以从电子设备接收第一物理不可克隆功能（PUF）数据集，第一PUF数据集包括从电子设备中的物理不可克隆功能产生的特征信息。 然后，认证设备可以识别对应于电子设备的预存储的PUF数据集。 可以通过将预先存储的PUF数据集和电子设备的第一PUF数据集相关联来执行电子设备的认证，其中这种相关性基于预先存储的PUF数据集和第一PUF数据集的模式或分布相关性。 由于这种相关性对数据集进行，而不是单个点，所以相关运算可以识别系统变化，从而导致相对于逐点比较的相关性更高。