-
公开(公告)号:US11742041B2
公开(公告)日:2023-08-29
申请号:US17655447
申请日:2022-03-18
IPC分类号: G11C29/02
CPC分类号: G11C29/027
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.
-
公开(公告)号:US09916452B2
公开(公告)日:2018-03-13
申请号:US15158401
申请日:2016-05-18
发明人: Felix Domke , Ling Tony Chen
CPC分类号: G06F21/572 , G06F9/4406 , G06F9/442 , G06F21/57 , G06F21/575 , G06F2221/031 , H04L9/0861 , H04L9/0869 , H04L9/14 , H04L9/3236 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L2209/127
摘要: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.
-
公开(公告)号:US11615187B2
公开(公告)日:2023-03-28
申请号:US17219392
申请日:2021-03-31
摘要: A TPM is implemented in an SOC for thwarting PIN state replay attacks. Programmable fuses are used as a counter and an on-die RAM stores a blown-fuse count and a TPM state that includes a PIN-failure count and a fuse count. TPM initialization includes incrementing the TPM state PIN-failure count if the blown-fuse count is greater than the TPM state fuse count. Once a PIN is received, if the TPM state PIN-failure count satisfies a PIN failure policy and the PIN is correct, the TPM state PIN-failure count is cleared, and if the PIN is incorrect, a fuse is blown and the blown-fuse count is incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds, the TPM state PIN-failure count is incremented and the TPM state fuse count is set equal to the blown-fuse count. The TPM state is saved to off-die non-volatile memory.
-
公开(公告)号:US11302411B1
公开(公告)日:2022-04-12
申请号:US17219308
申请日:2021-03-31
IPC分类号: G11C29/02
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.
-
公开(公告)号:US20170337380A1
公开(公告)日:2017-11-23
申请号:US15158401
申请日:2016-05-18
发明人: Felix Domke , Ling Tony Chen
CPC分类号: G06F21/572 , G06F9/4406 , G06F9/442 , G06F21/57 , G06F21/575 , G06F2221/031 , H04L9/0861 , H04L9/0869 , H04L9/14 , H04L9/3236 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L2209/127
摘要: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.
-
公开(公告)号:US11860999B2
公开(公告)日:2024-01-02
申请号:US17219459
申请日:2021-03-31
CPC分类号: G06F21/55 , G06F21/76 , G06F2221/034
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.
-
公开(公告)号:US11776646B2
公开(公告)日:2023-10-03
申请号:US17655447
申请日:2022-03-18
IPC分类号: G11C29/02
CPC分类号: G11C29/027
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.
-
公开(公告)号:US12125547B2
公开(公告)日:2024-10-22
申请号:US18351625
申请日:2023-07-13
CPC分类号: G11C29/027
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.017 秒)
