-
公开(公告)号:US11615187B2
公开(公告)日:2023-03-28
申请号:US17219392
申请日:2021-03-31
摘要: A TPM is implemented in an SOC for thwarting PIN state replay attacks. Programmable fuses are used as a counter and an on-die RAM stores a blown-fuse count and a TPM state that includes a PIN-failure count and a fuse count. TPM initialization includes incrementing the TPM state PIN-failure count if the blown-fuse count is greater than the TPM state fuse count. Once a PIN is received, if the TPM state PIN-failure count satisfies a PIN failure policy and the PIN is correct, the TPM state PIN-failure count is cleared, and if the PIN is incorrect, a fuse is blown and the blown-fuse count is incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds, the TPM state PIN-failure count is incremented and the TPM state fuse count is set equal to the blown-fuse count. The TPM state is saved to off-die non-volatile memory.
-
公开(公告)号:US11302411B1
公开(公告)日:2022-04-12
申请号:US17219308
申请日:2021-03-31
IPC分类号: G11C29/02
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.
-
公开(公告)号:US11184164B2
公开(公告)日:2021-11-23
申请号:US15887800
申请日:2018-02-02
摘要: Disclosed is a cryptographic key management system implemented in access and tamper resistant circuitry. The circuitry includes processing circuitry to perform cryptographic processing based cryptographic keys. Cryptographic key registers include key portions and attribute portions. An interface receives commands from exposed circuitry that controls the processing circuitry to perform cryptographic processing based on the keys and associated attributes. The attributes indicate what operations may be performed on, or using, the associated keys. of the associated keys. The attributes indicate intended uses of the keys.
-
公开(公告)号:US20180004531A1
公开(公告)日:2018-01-04
申请号:US15199399
申请日:2016-06-30
发明人: Ling Tony Chen , Kenneth D. Johnson , Jonathan E. Lange , Kinshumann , Matthew Miller , Neeraj Singh
CPC分类号: G06F9/3861 , G06F3/0604 , G06F3/0631 , G06F3/0673 , G06F9/30032 , G06F9/30054 , G06F11/28 , G06F21/6227
摘要: In one example, a method includes allocating separate portions of memory for a control stack and a data stack. The method also includes, upon detecting a call instruction, storing a first return address in the control stack and a second return address in the data stack; and upon detecting a return instruction, popping the first return address from the control stack and the second return address from the data stack and raising an exception if the two return addresses do not match. Otherwise, the return instruction returns the first return address. Additionally, the method includes executing an exception handler in response to the return instruction detecting an exception, wherein the exception handler is to pop one or more return addresses from the control stack until the return address on a top of the control stack matches the return address on a top of the data stack.
-
公开(公告)号:US20170337380A1
公开(公告)日:2017-11-23
申请号:US15158401
申请日:2016-05-18
发明人: Felix Domke , Ling Tony Chen
CPC分类号: G06F21/572 , G06F9/4406 , G06F9/442 , G06F21/57 , G06F21/575 , G06F2221/031 , H04L9/0861 , H04L9/0869 , H04L9/14 , H04L9/3236 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L2209/127
摘要: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.
-
公开(公告)号:US09454661B2
公开(公告)日:2016-09-27
申请号:US14319333
申请日:2014-06-30
CPC分类号: G06F21/575 , G06F21/74 , H04L9/0866 , H04L9/0894
摘要: The subject disclosure is directed towards providing a computing device with access to key that depends on the current software version, e.g., the software version of a security processor. If the software is compromised, another key becomes available with release of each new (non-compromised) software version. Keys for future versions cannot be derived, while keys for earlier versions can be derived from the current key. A secure boot process uses a secret to generate a first key, after which access to the secret is turned off. The first key is used with key blob data to compute a second key used for data decryption (and encryption) as needed. The key blob data may be global for all devices, and/or device specific; a hash stick comprising a set of derivable keys may be used at manufacturing time to generate the device-specific key blob data.
摘要翻译: 本发明涉及提供计算设备对取决于当前软件版本的密钥的访问,例如安全处理器的软件版本。 如果软件受到威胁,则每个新的(非妥协的)软件版本的发布可以使用另一个密钥。 不能导出将来版本的密钥,而可以从当前密钥导出早期版本的密钥。 安全引导过程使用秘密来生成第一个密钥,之后关闭对秘密的访问。 第一个密钥与密钥数据一起使用,以根据需要计算用于数据解密(和加密)的第二个密钥。 所有设备和/或设备特定的关键blob数据可能是全局的; 可以在制造时使用包括一组可导出键的哈希棒来生成特定于设备的键盘数据。
-
公开(公告)号:US11860999B2
公开(公告)日:2024-01-02
申请号:US17219459
申请日:2021-03-31
CPC分类号: G06F21/55 , G06F21/76 , G06F2221/034
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.
-
公开(公告)号:US11776646B2
公开(公告)日:2023-10-03
申请号:US17655447
申请日:2022-03-18
IPC分类号: G11C29/02
CPC分类号: G11C29/027
摘要: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.
-
公开(公告)号:US10198578B2
公开(公告)日:2019-02-05
申请号:US15369874
申请日:2016-12-05
摘要: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.
-
公开(公告)号:US09875358B2
公开(公告)日:2018-01-23
申请号:US14310463
申请日:2014-06-20
发明人: Ling Tony Chen , Felix Stefan Domke
CPC分类号: G06F21/575 , G06F9/4401
摘要: The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.
-
-
-
-
-
-
-
-
-
搜索结果
40 条记录 (耗时 0.021 秒)
