公开(公告)号：US09892269B2

公开(公告)日：2018-02-13

申请号：US14736888

申请日：2015-06-11

Applicant: QUALCOMM Incorporated

Inventor： Michael J. T. Chan ,  Lu Xiao ,  Rosario Cammarota ,  Olivier Jean Benoit ,  Saurabh Sabnis ,  Yin Ling Liong ,  Manish Mohan

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/64 ,  G06F2221/2101 ,  H04L63/0823 ,  H04L63/105

Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.

公开(公告)号：US20150373036A1

公开(公告)日：2015-12-24

申请号：US14312957

申请日：2014-06-24

Applicant: QUALCOMM Incorporated

Inventor： Satyajit Prabhakar Patne ,  Rajarshi Gupta ,  Lu Xiao

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/556 ,  G06F21/755 ,  H04L63/1466

Abstract: A computing device may use machine learning techniques to determine whether a side channel attack is underway and perform obfuscation operations (e.g., operations to raise the noise floor) or other similar operations to stop or prevent a detected side channel attack. The computing device may determine that a side channel attack is underway in response to determining that the computing device is in airplane mode, that the battery of the computing device the battery has been replaced with a stable DC power supply, that the touch-screen display of the computing device has been disconnected, that there are continuous calls to a cipher application programming interface (API) using the same cipher key, that there has been tampering with a behavioral analysis engine of the computing device, or any combination thereof.

Abstract translation: 计算设备可以使用机器学习技术来确定侧信道攻击是否正在进行并且执行模糊操作（例如，用于提高本底噪声的操作）或其他类似操作以停止或防止检测到的侧信道攻击。 响应于确定计算设备处于飞行模式，计算设备的电池已经被稳定的DC电源替代，计算设备可以确定正在进行侧面信道攻击，触摸屏显示 已经断开了计算设备的连接，使用相同的加密密钥对密码应用程序编程接口（API）进行连续的调用，这已经篡改了计算设备的行为分析引擎，或其任何组合。

公开(公告)号：US20150373035A1

公开(公告)日：2015-12-24

申请号：US14312939

申请日：2014-06-24

Applicant: QUALCOMM Incorporated

Inventor： Satyajit Prabhakar Patne ,  Rajarshi Gupta ,  Lu Xiao

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/556 ,  G06F2221/2125 ,  H04L63/1433

Abstract: A computing device may use machine learning techniques to determine the level, degree, and severity of its vulnerability to side channel attacks. The computing device may intelligently and selectively perform obfuscation operations (e.g., operations to raise the noise floor) to prevent side channel attacks based on the determined level, degree, or severity of its current vulnerability to such attacks. The computing device may also monitor the current level of natural obfuscation produced by the device, determining whether there is sufficient natural obfuscation to prevent a side channel attack during an ongoing critical activity, and perform the obfuscation operation during the ongoing critical activity and in response to determining that there is not sufficient natural obfuscation to adequately protect the computing device against side channel attacks.

Abstract translation: 计算设备可以使用机器学习技术来确定其侧向通道攻击的漏洞的级别，程度和严重性。 计算设备可以智能地和选择性地执行模糊操作（例如，提高噪声底层的操作），以基于其当前对这种攻击的脆弱性的确定的水平，程度或严重性来防止侧信道攻击。 计算设备还可以监视由设备产生的自然混淆的当前水平，确定在持续的关键活动期间是否存在足够的自然混淆以防止侧信道攻击，并且在正在进行的关键活动期间执行混淆操作，并响应于 确定没有足够的自然混淆来充分保护计算设备免受侧向信道攻击。

公开(公告)号：US20150024689A1

公开(公告)日：2015-01-22

申请号：US14504659

申请日：2014-10-02

Applicant: QUALCOMM Incorporated

Inventor： Avneesh Agrawal ,  Chong Uk Lee ,  Kamran Moallemi ,  David Jonathan Julian ,  Manuel Eduardo Jaime ,  Robert Keith Douglas ,  Lu Xiao ,  Gregory Gordon Rose

IPC: H04W76/02 ,  A61B5/0404 ,  A61B5/00 ,  H04B5/00

CPC classification number: H04W76/14 ,  A61B5/0015 ,  A61B5/0404 ,  G01S13/0209 ,  G01S13/284 ,  G01S13/765 ,  H04B5/0031 ,  H04L63/0861 ,  H04L67/24 ,  H04W4/023 ,  H04W4/027 ,  H04W4/029 ,  H04W4/50 ,  H04W8/005 ,  H04W12/003 ,  H04W12/00503 ,  H04W12/06

Abstract: Various operations may be performed based on a distance-related function associated with two or more devices. For example, an association procedure for two or more devices may be based on one or more determined distances. Similarly, presence management may be based on one or more determined distances. A distance-related function may take various form including, for example, a distance between devices, two or more distances between devices, a rate of change in a relative distance between devices, relative acceleration between devices, or some combination of two or more of the these distance-related functions.

Abstract translation: 可以基于与两个或更多个设备相关联的距离相关功能来执行各种操作。 例如，两个或多个设备的关联过程可以基于一个或多个确定的距离。 类似地，存在管理可以基于一个或多个确定的距离。 距离相关功能可以采取各种形式，包括例如设备之间的距离，设备之间的两个或更多个距离，设备之间的相对距离的变化率，设备之间的相对加速度，或两个或更多个 这些距离相关的功能。

公开(公告)号：US20180026782A1

公开(公告)日：2018-01-25

申请号：US15217760

申请日：2016-07-22

Applicant: QUALCOMM Incorporated

Inventor： Lu Xiao ,  Jing Deng ,  Justin Yongjin Kim

IPC: H04L9/00

CPC classification number: H04L9/002 ,  G06F7/72 ,  G06F21/75 ,  G06F21/755 ,  H04L9/003 ,  H04L9/302 ,  H04L2209/12

Abstract: A method of implementing security in a modular exponentiation function for cryptographic operations is provided. A key is obtained as a parameter when the modular exponentiation function is invoked. The key may be one of either a public key or a private key of a cryptographic key pair. Within the modular exponentiation function, the method ascertains whether the key is greater than L bits long, where L is a positive integer. A countermeasure against an attack is implemented if the key is greater than L bits long. The countermeasure may include one or more techniques (e.g., hardware and/or software techniques) that inhibit or prevent information about the key from being ascertained through analysis. One or more exponentiation operations may then be performed using the key. The same modular exponentiation function may be used to perform encryption and decryption operations but with different keys.

公开(公告)号：US09774614B2

公开(公告)日：2017-09-26

申请号：US14312957

申请日：2014-06-24

Applicant: QUALCOMM Incorporated

Inventor： Satyajit Prabhakar Patne ,  Rajarshi Gupta ,  Lu Xiao

IPC: G06F21/55 ,  H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/556 ,  G06F21/755 ,  H04L63/1466

Abstract: A computing device may use machine learning techniques to determine whether a side channel attack is underway and perform obfuscation operations (e.g., operations to raise the noise floor) or other similar operations to stop or prevent a detected side channel attack. The computing device may determine that a side channel attack is underway in response to determining that the computing device is in airplane mode, that the battery of the computing device the battery has been replaced with a stable DC power supply, that the touch-screen display of the computing device has been disconnected, that there are continuous calls to a cipher application programming interface (API) using the same cipher key, that there has been tampering with a behavioral analysis engine of the computing device, or any combination thereof.

公开(公告)号：US09509707B2

公开(公告)日：2016-11-29

申请号：US14312939

申请日：2014-06-24

Applicant: QUALCOMM Incorporated

Inventor： Satyajit Prabhakar Patne ,  Rajarshi Gupta ,  Lu Xiao

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/1416 ,  G06F21/556 ,  G06F2221/2125 ,  H04L63/1433

Abstract: A computing device may use machine learning techniques to determine the level, degree, and severity of its vulnerability to side channel attacks. The computing device may intelligently and selectively perform obfuscation operations (e.g., operations to raise the noise floor) to prevent side channel attacks based on the determined level, degree, or severity of its current vulnerability to such attacks. The computing device may also monitor the current level of natural obfuscation produced by the device, determining whether there is sufficient natural obfuscation to prevent a side channel attack during an ongoing critical activity, and perform the obfuscation operation during the ongoing critical activity and in response to determining that there is not sufficient natural obfuscation to adequately protect the computing device against side channel attacks.

Abstract translation: 计算设备可以使用机器学习技术来确定其侧向通道攻击的漏洞的级别，程度和严重性。 计算设备可以智能地和选择性地执行模糊操作（例如，提高噪声底层的操作），以基于其当前对这种攻击的脆弱性的确定的水平，程度或严重性来防止侧信道攻击。 计算设备还可以监视由设备产生的自然混淆的当前水平，确定在持续的关键活动期间是否存在足够的自然混淆以防止侧信道攻击，并且在正在进行的关键活动期间执行混淆操作，并响应于 确定没有足够的自然混淆来充分保护计算设备免受侧向信道攻击。

公开(公告)号：US20150017951A1

公开(公告)日：2015-01-15

申请号：US14504595

申请日：2014-10-02

Applicant: QUALCOMM Incorporated

Inventor： Avneesh Agrawal ,  Chong Uk Lee ,  Kamran Moallemi ,  David Jonathan Julian ,  Manuel Eduardo Jaime ,  Robert Keith Douglas ,  Lu Xiao ,  Gregory Gordon Rose

IPC: H04L29/08 ,  H04W4/02 ,  H04W12/06

CPC classification number: H04W76/14 ,  A61B5/0015 ,  A61B5/0404 ,  G01S13/0209 ,  G01S13/284 ,  G01S13/765 ,  H04B5/0031 ,  H04L63/0861 ,  H04L67/24 ,  H04W4/02 ,  H04W4/023 ,  H04W4/027 ,  H04W4/50 ,  H04W8/005 ,  H04W12/06

Abstract: Various operations may be performed based on a distance-related function associated with two or more devices. For example, an association procedure for two or more devices may be based on one or more determined distances. Similarly, presence management may be based on one or more determined distances. A distance-related function may take various form including, for example, a distance between devices, two or more distances between devices, a rate of change in a relative distance between devices, relative acceleration between devices, or some combination of two or more of the these distance-related functions.

Abstract translation: 可以基于与两个或更多个设备相关联的距离相关功能来执行各种操作。 例如，两个或多个设备的关联过程可以基于一个或多个确定的距离。 类似地，存在管理可以基于一个或多个确定的距离。 距离相关功能可以采取各种形式，包括例如设备之间的距离，设备之间的两个或更多个距离，设备之间的相对距离的变化率，设备之间的相对加速度，或两个或更多个 这些距离相关的功能。

公开(公告)号：US10367637B2

公开(公告)日：2019-07-30

申请号：US15217760

申请日：2016-07-22

Applicant: QUALCOMM Incorporated

Inventor： Lu Xiao ,  Jing Deng ,  Justin Yongjin Kim

IPC: G06F7/72 ,  G06F21/75 ,  H04L9/00 ,  H04L9/30

Abstract: A method of implementing security in a modular exponentiation function for cryptographic operations is provided. A key is obtained as a parameter when the modular exponentiation function is invoked. The key may be one of either a public key or a private key of a cryptographic key pair. Within the modular exponentiation function, the method ascertains whether the key is greater than L bits long, where L is a positive integer. A countermeasure against an attack is implemented if the key is greater than L bits long. The countermeasure may include one or more techniques (e.g., hardware and/or software techniques) that inhibit or prevent information about the key from being ascertained through analysis. One or more exponentiation operations may then be performed using the key. The same modular exponentiation function may be used to perform encryption and decryption operations but with different keys.

公开(公告)号：US10091188B2

公开(公告)日：2018-10-02

申请号：US14673561

申请日：2015-03-30

Applicant: QUALCOMM Incorporated

Inventor： Lu Xiao ,  Satyajit Patne

IPC: H04L29/06 ,  G06F21/31 ,  H04L9/32

Abstract: Systems and methods for providing accelerated passphrase verification are disclosed. In one embodiment, a method includes receiving a full security string, generating a full security string hash code, storing the full security string hash code in a memory, determining at least one substring based on an entropy value associated with one or more leading characters in the full security string, generating at least one substring hash code and at least one corresponding character count value, such that the corresponding character count value equals a number of characters in the at least one substring, and storing the at least one substring hash code and the at least one corresponding character count value in the memory.