-
公开(公告)号:US10193694B1
公开(公告)日:2019-01-29
申请号:US15297989
申请日:2016-10-19
发明人: Paul Guditz , Tolga Nihat Aytek , Deniz Karakoyunlu , Minda Zhang
IPC分类号: H04L9/14 , H04L9/30 , H04L9/32 , G06F21/44 , G01R31/317 , G06F9/4401 , G01R31/3185
摘要: Embodiments include a method comprising: receiving, by a system-on-a-chip (SOC) from a host, a public key of a public/private key pair; generating a first hash value of the public key; authenticating the first hash value; in response to authenticating the first hash value, transmitting, by the SOC, a first nonce to the host; receiving a signed nonce from the host, the signed nonce being signed using a private key of the public/private key pair; decrypting, using the received public key, the signed nonce to generate a second nonce; based on the first nonce and the second nonce, authenticating the host; in response to authenticating the host, receiving, from the host, a command to configure one or more parameters of the SOC; and configuring the one or more parameters of the SOC.
-
公开(公告)号:US09626513B1
公开(公告)日:2017-04-18
申请号:US14052940
申请日:2013-10-14
发明人: Tolga Aytek , Joseph Jolicoeur , Minda Zhang
CPC分类号: G06F8/654 , G06F9/4401 , G06F21/572 , H04L63/0823
摘要: An electronic device includes a boot memory, a hardware memory programmed with a signing key, and a processor configured to implement a fixed trusted module and a dynamic trusted image module. The fixed trusted module contains a digital certificate, which includes a platform key used to verify a first boot module, and a package verification key used to validate authenticity of an image update file. The dynamic trusted image module contains a platform certificate signed by the signing key. The platform certificate includes a platform verification key used to validate at least one of (i) a second boot module, (ii) an operating system loader, (iii) an operating system, or (iv) a file system. The platform certificate also includes image information associated with one or more images stored in the platform certificate, key information associated with one or more public keys, and electronic device-specific data.
-
公开(公告)号:US10521618B1
公开(公告)日:2019-12-31
申请号:US15285320
申请日:2016-10-04
发明人: Minda Zhang , Tolga Nihat Aytek , Jun Yu , Nilotpal Sensarkar
摘要: The present disclosure describes apparatuses and techniques for secure root key provisioning. In some aspects, a stream of entropy bits is generated based on analog noise. From the stream of entropy bits, entropy symbols are constructed and used to modulate bits of a unique chip identifier to provide a block of modulated symbols. A hash digest of the block of modulated symbols is then calculated to generate a device-level root key. This device-level root key written to a write-only register of a one-time programmable (OTP) memory controller for subsequent writing into an OTP memory. By so doing, unauthorized entities can be prevented from accessing the device-level root key during the secure key provisioning process.
-
4.发明授权Method and storage device for isolating and preventing access to processor and memory used in decryption of text 有权用于隔离和防止对文本解密中使用的处理器和存储器的访问的方法和存储设备公开(公告)号:US09251380B1
公开(公告)日:2016-02-02
申请号:US14031653
申请日:2013-09-19
发明人: Siu-Hung Fred Au , Gregory Burd , Wayne C. Datwyler , Leonard J. Galasso , Tze Lei Poo , Minda Zhang
CPC分类号: G06F21/78 , G06F21/602 , G06F21/72 , G06F21/85
摘要: A storage drive includes a first memory that stores first text. A first processor generates a first instruction to decrypt the first text. A cryptographic module includes a second memory, a cryptographic device, a memory module, and a second processor. The second memory is inaccessible to the first processor and stores a cryptographic key. The cryptographic device accesses the second memory to obtain the cryptographic key and based on the first instruction, decrypts the first text. The memory module stores a status of execution of the first instruction by the cryptographic device. The second processor, prior to the cryptographic device decrypting the first text, forwards the first instruction to the cryptographic device and stores the status of execution of the first instruction in the memory module. The memory module is connected between the first and second processors and isolates the first processor from the second processor.
摘要翻译: 存储驱动器包括存储第一文本的第一存储器。 第一处理器产生用于解密第一文本的第一指令。 密码模块包括第二存储器,加密设备,存储器模块和第二处理器。 第一个处理器无法访问第二个内存,并存储加密密钥。 加密设备访问第二存储器以获得加密密钥,并且基于第一指令对第一文本进行解密。 存储器模块存储由密码装置执行第一指令的状态。 第二处理器在加密装置解密第一文本之前将第一指令转发到加密装置,并将第一指令的执行状态存储在存储器模块中。 存储器模块连接在第一和第二处理器之间,并将第一处理器与第二处理器隔离。
-
公开(公告)号:US09235712B1
公开(公告)日:2016-01-12
申请号:US14029506
申请日:2013-09-17
CPC分类号: G06F21/602 , G06F12/1408 , G06F21/575 , G06F21/74 , G06F21/75 , G09C1/00 , H04L9/0618 , H04L2209/12
摘要: The present disclosure includes apparatus, systems, digital logic circuitry and techniques relating to data encoding. A method performed by a system on a chip (SOC) includes receiving data to be output to a memory unit external to the SOC. Also a key for scrambling the received data is received. A proper subset of the key is identified and used to scramble the received data. The scrambled data is output to the memory unit external to the SOC.
-
公开(公告)号:US11250135B1
公开(公告)日:2022-02-15
申请号:US16527302
申请日:2019-07-31
摘要: A programmable integrated circuit device includes a programmable core, a boot device configured to boot up the programmable core, and a one-time programmable memory module controlling life cycle states of the programmable integrated circuit device, including (i) an operational state during which programming resources of the programmable device are locked, and (ii) an inspection state in which the programming resources of the programmable device are accessible. The one-time programmable memory module is configured to allow unidirectional advance from the operational state to the inspection state, when authorized by a lock control circuit responsive to control signals from the boot device to authorize the unidirectional advance from the operational state to the inspection state. Authorization of the unidirectional advance may be limited to a time interval during a boot cycle of the programmable device. The unidirectional advance may be based on receipt of an authenticated request from a requester.
-
公开(公告)号:US08885820B1
公开(公告)日:2014-11-11
申请号:US13759137
申请日:2013-02-05
发明人: Paul A. Lambert , Minda Zhang
CPC分类号: H04L9/0869
摘要: Systems, methods, and other embodiments associated with reducing storage space used for cryptographic keys in a memory are described. According to one embodiment, an apparatus includes a non-volatile memory. The apparatus includes key logic configured to expand a seed value to form a key. The seed value is a sequence of random bits. The apparatus includes inspection logic configured to inspect the key to determine whether the key is valid for use as a cryptographic key. The key logic is configured to store the seed value in the non-volatile memory if the key is valid, and if the key is not valid, the key logic is configured to modify the seed value to form a modified seed value, to generate a new key from the modified seed value, and to repeat inspecting the new key and modifying the seed value until a valid key is determined.
摘要翻译: 描述了与减少用于存储器中的加密密钥的存储空间相关联的系统,方法和其它实施例。 根据一个实施例,一种装置包括非易失性存储器。 该装置包括被配置为扩展种子值以形成密钥的键逻辑。 种子值是随机比特序列。 所述装置包括检查逻辑,其被配置为检查所述密钥以确定所述密钥是否有效用作密码密钥。 密钥逻辑被配置为如果密钥有效则将种子值存储在非易失性存储器中,并且如果密钥无效,则将密钥逻辑配置为修改种子值以形成修改的种子值,以生成 来自修改的种子值的新密钥,并且重复检查新密钥并修改种子值直到确定有效的密钥。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.013 秒)
