公开(公告)号：US20080232581A1

公开(公告)日：2008-09-25

申请号：US11725985

申请日：2007-03-19

Applicant: Reouven Elbaz ,  Joan Daemen ,  Guido Bertoni

Inventor： Reouven Elbaz ,  Joan Daemen ,  Guido Bertoni

IPC: H04L9/00

CPC classification number: H04L9/065 ,  H04L9/002 ,  H04L2209/122 ,  H04L2209/125

Abstract: A method and device for encrypting and/or decrypting binary data blocks protecting both confidentiality and integrity of data sent to or received from a memory. The encryption method comprises steps of: applying to the input data block a reversible scrambling process, the scrambling process providing a scrambled data block in which the bits of the input data block are mixed so that a modification of one bit in the scrambled data block impacts on every bit of the input data block, and applying to the scrambled data block a stream cipher encryption algorithm providing an encrypted data block. Application can be made to secured integrated circuits requiring to securely store data in an external memory.

Abstract translation: 一种用于加密和/或解密二进制数据块的方法和装置，其保护发送到或从存储器接收的数据的机密性和完整性。 加密方法包括以下步骤：向输入数据块应用可逆加扰处理，该加扰处理提供加扰数据块，其中输入数据块的比特被混合，使得加扰数据块中的一比特的修改影响 在输入数据块的每一位上，并向加扰数据块应用提供加密数据块的流密码加密算法。 可以应用于需要将数据安全地存储在外部存储器中的安全集成电路。

公开(公告)号：US08000467B2

公开(公告)日：2011-08-16

申请号：US11725985

申请日：2007-03-19

Applicant: Reouven Elbaz ,  Joan Daemen ,  Guido Bertoni

Inventor： Reouven Elbaz ,  Joan Daemen ,  Guido Bertoni

IPC: H04K1/00

CPC classification number: H04L9/065 ,  H04L9/002 ,  H04L2209/122 ,  H04L2209/125

Abstract: A method and device for encrypting and/or decrypting binary data blocks protecting both confidentiality and integrity of data sent to or received from a memory. The encryption method comprises steps of: applying to the input data block a reversible scrambling process, the scrambling process providing a scrambled data block in which the bits of the input data block are mixed so that a modification of one bit in the scrambled data block impacts on every bit of the input data block, and applying to the scrambled data block a stream cipher encryption algorithm providing an encrypted data block. Application can be made to secured integrated circuits requiring to securely store data in an external memory.

Abstract translation: 一种用于加密和/或解密二进制数据块的方法和装置，其保护发送到或从存储器接收的数据的机密性和完整性。 加密方法包括以下步骤：向输入数据块应用可逆加扰处理，该加扰处理提供加扰数据块，其中输入数据块的比特被混合，使得加扰数据块中的一比特的修改影响 在输入数据块的每一位上，并向加扰数据块应用提供加密数据块的流密码加密算法。 可以应用于需要将数据安全地存储在外部存储器中的安全集成电路。

公开(公告)号：US20170024568A1

公开(公告)日：2017-01-26

申请号：US14974874

申请日：2015-12-18

Applicant: Pradeep M. Pappachan ,  Reshma Lal ,  Bin Xing ,  Steven B. McGowan ,  Siddhartha Chhabra ,  Reouven Elbaz

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Bin Xing ,  Steven B. McGowan ,  Siddhartha Chhabra ,  Reouven Elbaz

IPC: G06F21/60 ,  G06F13/28 ,  G06F17/30

CPC classification number: G06F21/602 ,  G06F13/28 ,  G06F17/30371 ,  G06F21/606 ,  G06F21/64 ,  G06F2221/031

Abstract: Technologies for authenticity assurance for I/O data include a computing device with a cryptographic engine and one or more I/O controllers. A metadata producer of the computing device performs an authenticated encryption operation on I/O data to generate encrypted I/O data and an authentication tag. The metadata producer stores the encrypted I/O data in a DMA buffer and the authentication tag in an authentication tag queue. A metadata consumer decrypts the encrypted I/O data from the DMA buffer and determines whether the encrypted I/0 data is authentic using the authentication tag from the authentication tag queue. For input, the metadata producer may be embodied as the cryptographic engine and the metadata consumer may be embodied as a trusted software component. For output, the metadata producer may be embodied as the trusted software component and the metadata consumer may be embodied as the cryptographic engine. Other embodiments are described and claimed.

Abstract translation: 用于I / O数据的真实性保证的技术包括具有加密引擎和一个或多个I / O控制器的计算设备。 计算设备的元数据生成器对I / O数据执行认证加密操作以产生加密的I / O数据和认证标签。 元数据生成器将加密的I / O数据存储在DMA缓冲器中，认证标签存储在认证标签队列中。 元数据消费者从DMA缓冲器解密加密的I / O数据，并使用来自认证标签队列的认证标签来确定加密的I / O数据是否是真实的。 对于输入，元数据生成器可以体现为加密引擎，并且元数据消费者可以被实现为可信软件组件。 对于输出，元数据生成器可以被实现为可信软件组件，并且元数据消费者可以被体现为密码引擎。 描述和要求保护其他实施例。

公开(公告)号：US20170026181A1

公开(公告)日：2017-01-26

申请号：US14974948

申请日：2015-12-18

Applicant: Siddhartha Chhabra ,  Reshma Lal ,  Ravi L. Sahita ,  Reouven Elbaz ,  Bin Xing

Inventor： Siddhartha Chhabra ,  Reshma Lal ,  Ravi L. Sahita ,  Reouven Elbaz ,  Bin Xing

IPC: H04L9/32 ,  G06F9/455 ,  G06F21/53 ,  G06F13/28

CPC classification number: H04L9/3234 ,  G06F9/45558 ,  G06F13/28 ,  G06F21/53 ,  G06F2009/45579 ,  G06F2009/45587 ,  G06F2221/2149 ,  H04L2209/127 ,  H04L2209/26

Abstract: Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes one or more trusted execution environments (TEEs). A TEE generates a request to program the cryptographic engine with respect to a DMA channel. The computing device may verify a signed manifest that indicates the TEEs permitted to program DMA channels and, if verified, determine whether the TEE is permitted to program the requested DMA channel. The computing device may record the TEE for a request to protect the DMA channel and may determine whether the programming TEE matches the recorded TEE for a request to unprotect a DMA channel. The computing device may allow the request to unprotect the DMA channel if the programming TEE matches the recorded TEE. Other embodiments are described and claimed.

Abstract translation: 用于加密引擎的安全编程的技术包括具有密码引擎和一个或多个I / O控制器的计算设备。 计算设备建立一个或多个可信执行环境（TEE）。 TEE生成关于DMA通道对加密引擎进行编程的请求。 计算设备可以验证指示允许编程DMA通道的TEE的签名清单，并且如果被验证，则确定是否允许TEE对所请求的DMA通道进行编程。 计算设备可以记录TEE以保护DMA通道的请求，并且可以确定编程TEE是否与用于取消保护DMA通道的请求的记录的TEE匹配。 如果编程TEE与记录的TEE匹配，则计算设备可以允许请求取消对DMA通道的保护。 描述和要求保护其他实施例。