公开(公告)号：US20190073472A1

公开(公告)日：2019-03-07

申请号：US15694881

申请日：2017-09-04

Applicant: Cisco Technology, Inc.

Inventor： David Darmon ,  Lev Yudalevich ,  Leonid Frenkel ,  Yair Arzi ,  Yigal Dahan ,  Eyal Wasserman ,  Yaacov Belenky

IPC: G06F21/52 ,  G06F21/57

Abstract: In one embodiment a device is described, the device including a memory operative to store an program, a storage operative to store a reference check value for at least one operation in the program, a processor operative to execute the program, including, determining a run-time check value upon execution of the at least one operation in the program, comparing the stored reference check value with the run-time check value, storing the run-time check value as a pre-branch run-time check value prior to entering a conditional branch of the program when the compared stored reference check value and the run-time check value are equal values, resetting the run-time check value of the executing program to the pre-branch run-time check value upon exiting the conditional branch of the program, wherein the reference check value, the run-time check value, and the pre-branch run-time check value are determined as a result of a single function. Related apparatus, methods and systems are also described.

公开(公告)号：US09871651B2

公开(公告)日：2018-01-16

申请号：US14607137

申请日：2015-01-28

Applicant: Cisco Technology, Inc.

Inventor： Yaacov Belenky

IPC: H04L9/00

CPC classification number: H04L9/003 ,  H04L2209/08

Abstract: An electronic device includes a plurality of logic units, which have respective inputs and outputs and are arranged in a ring topology, such that an input of each of the logic units is coupled to an output of another of the logic units. Each of the logic units includes respective processing logic, which is identical to and operates in synchrony with the processing logic of the other logic units to process respective data values using at least one secret value stored in the device. The logic units are coupled, at an initial cycle of the device, to receive respective input values that are mutually uncorrelated. At subsequent cycles of the device, each of the logic units receives and operates on intermediate values that are output by another of the logic units.

公开(公告)号：US20130326632A1

公开(公告)日：2013-12-05

申请号：US13958986

申请日：2013-08-05

Applicant: Cisco Technology Inc.

Inventor： Chaim Shen-Orr ,  Zvi Shkedy ,  Reuven Elbaum ,  Yonatan Shlomovich ,  Yigal Shapiro ,  Yaacov Belenky ,  Yaakov (Jordan) Levy ,  Reuben Sumner ,  Itsik Mantin

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/79 ,  H04L9/003

Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described.

Abstract translation: 描述了阻止从存储单元中保存的秘密泄漏的信息的检测的方法，所述方法包括在接收到触发事件之后接收等待至少第一时间量的触发事件以通过，所述存储单元为 在所述至少第一时间量之后的至少第一时间量内处于非操作状态，改变所述存储器单元在其下操作的至少一个第一状态，从而使所述存储器单元进入操作状态 在改变至少一个第一条件之后等待第二时间量过去，并且在所述第二时间量之后改变所述存储器单元操作的至少一个第二状态，从而使所述存储器单元进入非 其中对秘密信息的访问仅在第二时间段期间被启用，并且在f期间有意无意地泄漏的秘密信息的检测受到限制 第一次的时间 还描述了相关装置和方法。

公开(公告)号：US09407434B2

公开(公告)日：2016-08-02

申请号：US14759417

申请日：2013-07-10

Applicant: Cisco Technology, Inc.

Inventor： Michael Kara-Ivanov ,  Aviad Kipnis ,  Tzachy Reinman ,  Efraim Mangell ,  Erez Waisbard ,  Yaacov Belenky

IPC: H04L9/08

CPC classification number: H04L9/0861 ,  H04L9/0869

Abstract: A method, system and apparatus for deriving a secondary secret from a root secret are described, the method, system and apparatus including reserving a memory buffer included in an integrated circuit, the memory buffer being large enough to contain all of the bits which will include the secondary secret, receiving a plurality of bits from a root secret, the root secret being stored in a secure memory of the integrated circuit, inputting the plurality of bits from the root secret and at least one control bit into a permutation network, and thereby producing a multiplicity of output bits, the at least one control bit including one of one bit of a value g, and one bit an output of a function which receives g as an input, receiving the multiplicity of output bits from the permutation network, inputting the multiplicity of output bits from the permutation network into a plurality of logic gates, thereby combining the multiplicity of output bits, wherein a fixed number of bits is output from the logic gates, inputting the fixed number of bits output by the logic gates into an error correcting code module, the fixed number of bits output by the logic gates including a first group of intermediate output bits and a second group of intermediate output bits and receiving output bits from the error correcting code module, the output bits of the error correcting code module including the first group of intermediate output bits as changed by the error correcting code module, where the change depends on the second group of intermediate output bits, filling non-filled registers in the reserved memory buffer with the first group of intermediate output bits as changed by the error correcting code module, and repeating the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” until the entire secondary secret is derived, wherein the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” are performed in a single clock cycle of the integrated circuit. Related apparatus, methods and systems are also described.

公开(公告)号：US20140164788A1

公开(公告)日：2014-06-12

申请号：US14100380

申请日：2013-12-09

Applicant: Cisco Technology Inc.

Inventor： Yaacov Belenky ,  Chaim Shen-Orr

IPC: G06F9/30 ,  G06F21/60

CPC classification number: G06F21/74 ,  G06F21/14

Abstract: A state sensitive device is described, the device including a state register which stores a record of the effective-state of the device, a mask field having a value which varies according to a value of the state register, and a processor which changes the value of the mask field to a new value of the mask field when there is a change in the value of the state register, wherein, the processor performs a state dependent calculation requiring the value of the mask field as an operand in the state dependent calculation which will yield an incorrect result if the value of the mask field does not properly correspond to the value of the state register. Related methods, systems and apparatus are also described.

Abstract translation: 描述了一种状态敏感设备，该设备包括存储设备的有效状态的记录的状态寄存器，具有根据状态寄存器的值而变化的值的掩码域，以及改变该值的处理器 当处于状态寄存器的值的变化时，掩码字段的值与掩码字段的新值相关，其中处理器执行需要掩模字段的值的状态相关计算作为状态相关计算中的操作数， 如果掩码字段的值不正确对应于状态寄存器的值，将产生不正确的结果。 还描述了相关方法，系统和装置。

公开(公告)号：US09747471B2

公开(公告)日：2017-08-29

申请号：US14100380

申请日：2013-12-09

Applicant: Cisco Technology Inc.

Inventor： Yaacov Belenky ,  Chaim Shen-Orr

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/74 ,  G06F21/14

CPC classification number: G06F21/74 ,  G06F21/14

Abstract: A state sensitive device is described, the device including a state register which stores a record of the effective-state of the device, a mask field having a value which varies according to a value of the state register, and a processor which changes the value of the mask field to a new value of the mask field when there is a change in the value of the state register, wherein, the processor performs a state dependent calculation requiring the value of the mask field as an operand in the state dependent calculation which will yield an incorrect result if the value of the mask field does not properly correspond to the value of the state register. Related methods, systems and apparatus are also described.

公开(公告)号：US08913745B2

公开(公告)日：2014-12-16

申请号：US13958986

申请日：2013-08-05

Applicant: Cisco Technology Inc.

Inventor： Chaim Shen-Orr ,  Zvi Shkedy ,  Reuven Elbaum ,  Yonatan Shlomovich ,  Yigal Shapiro ,  Yaacov Belenky ,  Yaakov (Jordan) Levy ,  Reuben Sumner ,  Itsik Mantin

IPC: H04L9/34 ,  G06F21/79 ,  G06F21/60 ,  H04L9/18

CPC classification number: G06F21/60 ,  G06F21/79 ,  H04L9/003

Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described.

Abstract translation: 描述了阻止从存储单元中保存的秘密泄漏的信息的检测的方法，所述方法包括在接收到触发事件之后接收等待至少第一时间量的触发事件以通过，所述存储单元为 在所述至少第一时间量之后的至少第一时间量内处于非操作状态，改变所述存储器单元在其下操作的至少一个第一状态，从而使所述存储器单元进入操作状态 在改变至少一个第一条件之后等待第二时间量过去，并且在所述第二时间量之后改变所述存储器单元操作的至少一个第二状态，从而使所述存储器单元进入非 其中对秘密信息的访问仅在第二时间段期间被启用，并且在f期间有意无意地泄漏的秘密信息的检测受到限制 第一次的时间 还描述了相关装置和方法。

公开(公告)号：US20190028266A1

公开(公告)日：2019-01-24

申请号：US15657159

申请日：2017-07-23

Applicant: Cisco Technology, Inc.

Inventor： David DARMON ,  Avi Klein ,  Yaacov Belenky

IPC: H04L9/06 ,  H04L9/08

Abstract: In one embodiment, a system and method is described for dynamic encryption of CPU registers. A data item, encrypted according to a first key is stored in one register in a CPU register file. A second data item is encrypted according to a second key, and is written to another of the registers. A flag, associated with each of the registers, is stored, indicating whether the data item is encrypted according to the first or second key. One of the data items is decrypted by retrieving its associated flag, thereby determining according to which key the data item is encrypted. Thereupon, the data item is decrypted according to the determined key. The keys are updated by a controller once each of the flags are set. The controller changes the second key to be the first key, stores a new second key, and clears each of the flags. Related apparatus, systems and methods are also described.