公开(公告)号：US10678924B2

公开(公告)日：2020-06-09

申请号：US15233478

申请日：2016-08-10

Applicant: QUALCOMM Incorporated

Inventor： Vincent Pierre Le Roy ,  Ivan McLean

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/56 ,  G06F21/79 ,  G06F1/30 ,  G06F3/06 ,  G06F21/62

Abstract: Various features relate to the providing Software-Resilient User Privacy within smartphones or other devices by storing and processing all pertinent values needed for user privacy—such as security keys and access attempt counters—in hardware, such as within a System-on-a-Chip (SoC) processor formed on an integrated circuit (IC). For example, an on-die ephemeral Volatile Memory (eVM) device may be employed for storing access attempt counters or other parameters used to control malicious attack countermeasures. In one example, the eVM employs static random-access memory (SRAM) formed on the die and exploits capacitive remanence to recover stored counter values even if power is disconnected, then reconnected. On-chip NVM may be used for permanent storage of other privacy values, such as a device-unique secret key that is generated locally on the device and not known to the chip vendor, the device Original Equipment Manufacturer (OEM)) or the owner/user of the device.

公开(公告)号：US20150095662A1

公开(公告)日：2015-04-02

申请号：US14042675

申请日：2013-09-30

Applicant: QUALCOMM Incorporated

Inventor： Ravindra R. Jejurikar ,  Ivan McLean

IPC: G06F21/78

CPC classification number: G06F21/78 ,  G06F12/14 ,  H04L9/08

Abstract: A method operational within a memory controller is provided for securing content stored in memory. The memory controller may allocate logical memory regions within a memory device to different domains. A different domain-specific key is obtained for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information. During write operations, content/data is encrypted, at the memory controller, as it is written into each logical memory region using a domain-specific key corresponding to a domain providing the content and to which the logical memory region is allocated. Similarly, during read operations, content/data is decrypted, at the memory controller, as it is read from each memory region using a domain-specific key corresponding to a domain requesting the content and to which the logical memory region, where the content is stored, is allocated.

Abstract translation: 提供了在存储器控制器内操作的方法，用于保护存储在存储器中的内容。 存储器控制器可以将存储器设备内的逻辑存储器区域分配给不同的域。 为每个不同的域获得不同的域专用密钥，其中每个域特定密钥是至少一个主密钥和特定于域的信息的函数。 在写入操作期间，内容/数据在存储器控制器处被加密，因为它被使用与提供内容的域对应的域专用密钥写入每个逻辑存储器区域，逻辑存储器区域被分配给该存储器区域。 类似地，在读取操作期间，在存储器控制器处，使用对应于请求内容的域的域专用密钥从存储器控制器解密内容/数据，并且其中内容是 存储，被分配。

公开(公告)号：US10534882B2

公开(公告)日：2020-01-14

申请号：US15234879

申请日：2016-08-11

Applicant: QUALCOMM Incorporated

Inventor： Ivan McLean ,  Stuart Moskovics ,  Bryan Campbell ,  Mark Dragicevich

IPC: G06F17/50 ,  G06F21/57 ,  G06F21/76

Abstract: A method for configuring the features of an integrated circuit. In the method, the integrated circuit receives a feature vector message from a first party. The feature vector message is included in a response to a feature set request from the first party to a second party. The integrated circuit configures at least one feature of the integrated circuit based on a feature vector in the feature vector message. The integrated circuit generates an attestation result based on the at least one configured feature of the integrated circuit and using a key securely stored in the integrated circuit and known to the second party and not known to the first party. The integrated circuit forwards the attestation result to the first party.

公开(公告)号：US09916453B2

公开(公告)日：2018-03-13

申请号：US14979135

申请日：2015-12-22

Applicant: QUALCOMM Incorporated

Inventor： Ivan McLean ,  Ashish Grover

IPC: G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  H04L9/08

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/4406 ,  G06F21/72 ,  G06F2221/034 ,  H04L9/0861

Abstract: Methods, apparatus, and computer program products for generating a derivative key for an execution environment (EE) are described. An example of a method includes obtaining a device key by a key derivation circuit, obtaining a context string by the key derivation circuit from a one-time writable bit register (OWBR), generating the derivative key for a current EE by the key derivation circuit based on the device key and on the context string from the OWBR.

公开(公告)号：US09607177B2

公开(公告)日：2017-03-28

申请号：US14042675

申请日：2013-09-30

Applicant: QUALCOMM Incorporated

Inventor： Ravindra R. Jejurikar ,  Ivan McLean

IPC: G06F21/78 ,  H04L9/08 ,  G06F12/14

CPC classification number: G06F21/78 ,  G06F12/14 ,  H04L9/08

Abstract: A method operational within a memory controller is provided for securing content stored in memory. The memory controller may allocate logical memory regions within a memory device to different domains. A different domain-specific key is obtained for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information. During write operations, content/data is encrypted, at the memory controller, as it is written into each logical memory region using a domain-specific key corresponding to a domain providing the content and to which the logical memory region is allocated. Similarly, during read operations, content/data is decrypted, at the memory controller, as it is read from each memory region using a domain-specific key corresponding to a domain requesting the content and to which the logical memory region, where the content is stored, is allocated.

公开(公告)号：US20170325088A1

公开(公告)日：2017-11-09

申请号：US15174673

申请日：2016-06-06

Applicant: QUALCOMM Incorporated

Inventor： Adam Edward NEWHAM ,  Osman KOYUNCU ,  Chandrasekhar GHANTA ,  Ivan McLean ,  Stuart MOSKOVICS ,  Rashid Ahmed Akbar Attar ,  Justin McGloin

IPC: H04W12/06 ,  H04W12/10

CPC classification number: H04W12/06 ,  H04W12/00508 ,  H04W12/08 ,  H04W12/10 ,  H04W88/02

Abstract: Techniques for securing transactions on a mobile device are provided. An example method according to these techniques includes receiving an input of a code to authorize a transaction in a security sensitive application, authenticating the transaction responsive to the input of the code, monitoring sensor information indicative of a context change, and authorizing subsequent transactions responsive to the sensor information indicating that the context change has not occurred since receiving the input of the code.

公开(公告)号：US20170177872A1

公开(公告)日：2017-06-22

申请号：US14979135

申请日：2015-12-22

Applicant: QUALCOMM Incorporated

Inventor： Ivan McLean ,  Ashish Grover

IPC: G06F21/57 ,  H04L9/08

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F9/4406 ,  G06F21/72 ,  G06F2221/034 ,  H04L9/0861

Abstract: Methods, apparatus, and computer program products for generating a derivative key for an execution environment (EE) are described. An example of a method includes obtaining a device key by a key derivation circuit, obtaining a context string by the key derivation circuit from a one-time writable bit register (OWBR), generating the derivative key for a current EE by the key derivation circuit based on the device key and on the context string from the OWBR.

公开(公告)号：US20180046805A1

公开(公告)日：2018-02-15

申请号：US15233478

申请日：2016-08-10

Applicant: QUALCOMM Incorporated

Inventor： Vincent Pierre Le Roy ,  Ivan McLean

IPC: G06F21/56 ,  G06F1/30 ,  G06F3/06 ,  G06F21/62

CPC classification number: G06F21/567 ,  G06F1/30 ,  G06F3/0619 ,  G06F3/0653 ,  G06F3/0685 ,  G06F21/6245 ,  G06F21/79 ,  G06F2221/034

Abstract: Various features relate to the providing Software-Resilient User Privacy within smartphones or other devices by storing and processing all pertinent values needed for user privacy—such as security keys and access attempt counters—in hardware, such as within a System-on-a-Chip (SoC) processor formed on an integrated circuit (IC). For example, an on-die ephemeral Volatile Memory (eVM) device may be employed for storing access attempt counters or other parameters used to control malicious attack countermeasures. In one example, the eVM employs static random-access memory (SRAM) formed on the die and exploits capacitive remanence to recover stored counter values even if power is disconnected, then reconnected. On-chip NVM may be used for permanent storage of other privacy values, such as a device-unique secret key that is generated locally on the device and not known to the chip vendor, the device Original Equipment Manufacturer (OEM)) or the owner/user of the device.

公开(公告)号：US20170286580A1

公开(公告)日：2017-10-05

申请号：US15234879

申请日：2016-08-11

Applicant: QUALCOMM Incorporated

Inventor： Ivan McLean ,  Stuart Moskovics ,  Bryan Campbell ,  Mark Dragicevich

IPC: G06F17/50

Abstract: A method for configuring the features of an integrated circuit. In the method, the integrated circuit receives a feature vector message from a first party. The feature vector message is included in a response to a feature set request from the first party to a second party. The integrated circuit configures at least one feature of the integrated circuit based on a feature vector in the feature vector message. The integrated circuit generates an attestation result based on the at least one configured feature of the integrated circuit and using a key securely stored in the integrated circuit and known to the second party and not known to the first party. The integrated circuit forwards the attestation result to the first party.

公开(公告)号：US20170163417A1

公开(公告)日：2017-06-08

申请号：US15040890

申请日：2016-02-10

Applicant: QUALCOMM Incorporated

Inventor： Ivan McLean ,  David Tamagno ,  Stuart Moskovics ,  Manfred Von Willich

IPC: H04L9/08 ,  H04L9/30 ,  H04W12/04 ,  H04L29/06 ,  H04W12/06 ,  H04L9/14 ,  H04L9/32

CPC classification number: H04L9/0877 ,  H04L9/0863 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3066 ,  H04L9/3234 ,  H04L63/062 ,  H04L63/0838 ,  H04L63/0853 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06

Abstract: Aspects may relate to a device that comprises: a non-volatile storage medium (NVM) to store a signature and a device key, the device key based on a symmetric master key and an identifier; an interface; and a processor coupled to the interface and the NVM. The processor may be configured to: apply a key derivation function (KDF) to the device key to generate a derivative key; apply a key generation function to the derivative key to generate at least one public key; and command transmission of the signature and the at least one public key through the interface to a service provider.