公开(公告)号：US20140053003A1

公开(公告)日：2014-02-20

申请号：US13589580

申请日：2012-08-20

Applicant: William C. Moyer ,  Jeffrey W. Scott

Inventor： William C. Moyer ,  Jeffrey W. Scott

IPC: G06F21/02 ,  G06F1/00

CPC classification number: G06F21/558 ,  G06F21/556 ,  G06F21/755

Abstract: A data processing system having a first processor, a second processor, a local memory of the second processor, and a built-in self-test (BIST) controller of the second processor which can be randomly enabled to perform memory accesses on the local memory of the second processor and which includes a random value generator is provided. The system can perform a method including executing a secure code sequence by the first processor and performing, by the BIST controller of the second processor, BIST memory accesses to the local memory of the second processor in response to the random value generator. Performing the BIST memory accesses is performed concurrently with executing the secure code sequence.

Abstract translation: 一种具有第一处理器，第二处理器，第二处理器的本地存储器和第二处理器的内置自检（BIST）控制器的数据处理系统，其可以被随机地启用以对本地存储器执行存储器访问 的第二处理器，并且包括随机值发生器。 该系统可以执行包括由第一处理器执行安全代码序列并且由第二处理器的BIST控制器响应于随机值生成器对第二处理器的本地存储器进行BIST存储器访问的方法。 执行BIST存储器访问同时执行安全代码序列。

公开(公告)号：US20130104252A1

公开(公告)日：2013-04-25

申请号：US13280205

申请日：2011-10-24

Applicant: Subbayya Chowdary Yanamadala ,  Anish Dhanekula

Inventor： Subbayya Chowdary Yanamadala ,  Anish Dhanekula

IPC: G06F21/02

CPC classification number: G06F21/76

Abstract: Various embodiments of the present invention relates generally to an integrated circuit, and more particularly, to systems, devices and methods of incorporating a tamper detection countermeasure into a security ASIC to deter physical attacks. The tamper detection countermeasure architects an active mesh to cover a sensitive area in the security ASIC. A plurality of time-varying random numbers is generated by a random number generator (RNG), and the active mesh is driven and configured according to these random numbers. During tamper detection cycles, the active mesh is monitored with respect to the plurality of random numbers that is directly provided by the RNG. Upon a tampering attempt, a flag signal is generated and used to initialize subsequent anti-tampering actions. The active mesh may be controlled and monitored based on time-varying codes, and therefore, an adversary may not easily bypass the active mesh and attack the sensitive area.

Abstract translation: 本发明的各种实施例一般涉及集成电路，更具体地，涉及将防篡改检测对策并入到安全ASIC中以阻止物理攻击的系统，设备和方法。 篡改检测对策构建了一个活动网格以覆盖安全ASIC中的敏感区域。 随机数生成器（RNG）生成多个时变随机数，并根据这些随机数来驱动和配置活动网格。 在篡改检测周期期间，相对于由RNG直接提供的多个随机数来监视活动网格。 在篡改尝试时，产生标志信号并用于初始化后续的反篡改动作。 可以基于随时间变化的代码来控制和监视活动网格，因此对手可能不容易地绕过活动网格并攻击敏感区域。

公开(公告)号：US20130074145A1

公开(公告)日：2013-03-21

申请号：US13617436

申请日：2012-09-14

Applicant: Paul Berenberg ,  Georgi Danielyan

Inventor： Paul Berenberg ,  Georgi Danielyan

IPC: G06F21/02

CPC classification number: G06F21/71 ,  G06F21/575

Abstract: Techniques are disclosed for providing secure critical security parameter (CSP) generation in an integrated circuit (IC). Embodiments generally include determining that an ability to read the CSP externally (e.g., through a debug interface) has been disabled before the CSP is generated. Depending on the functionality of the device, embodiments can include other steps, such as determining whether software for executing a method for providing a secure CSP is being run for a first time. Among other things, the techniques provided herein for providing secure CSP generation can increase the security of the CSP and reduce manufacturing costs of the IC.

Abstract translation: 公开了用于在集成电路（IC）中提供安全关键安全参数（CSP）生成的技术。 实施例通常包括确定在生成CSP之前外部（例如，通过调试接口）读取CSP的能力已被禁用。 取决于设备的功能，实施例可以包括其他步骤，例如确定用于执行用于提供安全CSP的方法的软件是否正在第一次运行。 除此之外，本文提供的用于提供安全CSP生成的技术可以增加CSP的安全性并降低IC的制造成本。

公开(公告)号：US20120284808A1

公开(公告)日：2012-11-08

申请号：US13458138

申请日：2012-04-27

Applicant: Yannick Teglia

Inventor： Yannick Teglia

IPC: G06F21/02 ,  G06F12/16 ,  G06F12/14

CPC classification number: G06F21/6218 ,  G06F12/1425 ,  G06F12/1483 ,  G06F21/561 ,  G06F21/566 ,  G06F21/79 ,  G06F2212/1052 ,  G06F2221/034

Abstract: A method for protecting a volatile memory against a virus, wherein: rights of writing, reading, or execution are assigned to certain areas of the memory; and a first list of opcodes authorized or forbidden as a content of the areas is associated with each of these areas.

Abstract translation: 一种用于保护针对病毒的易失性存储器的方法，其中：写入，读取或执行的权限被分配给存储器的某些区域; 并且作为该区域的内容的授权或禁止的操作码的第一列表与这些区域中的每一个相关联。

公开(公告)号：US20120239555A1

公开(公告)日：2012-09-20

申请号：US13051009

申请日：2011-03-18

Applicant: Kenneth Scott Seethaler ,  Randall Scott Springfield

Inventor： Kenneth Scott Seethaler ,  Randall Scott Springfield

IPC: G06Q30/00 ,  G06Q40/00 ,  G06F21/02

Abstract: Improved handling of couplable device recognition tasks in an electronic device such as a cell phone, smart phone, computer system, recording device or others is facilitated. Recognition of a couplable device such as a battery so as to enable exchange of power between the device and the battery or other couplable device functionality is determined by a match between one of a plurality of digital strings stored in the device and the decrypted response to an encrypted challenge derived from the one of stored strings. Control is exercised over the distribution of the encryption elements which enable the improved handling of the tasks.

Abstract translation: 促进了诸如蜂窝电话，智能电话，计算机系统，记录装置等电子设备中的可耦合装置识别任务的改进处理。 可以识别诸如电池的可耦合装置，以便能够在装置和电池或其它可耦合装置功能之间进行电力交换，由存储在装置中的多个数字串中的一个和对该装置的解密响应之间的匹配来确定 从存储的字符串中的一个导出的加密挑战。 对加密元素的分配进行控制，从而能够改进对任务的处理。

公开(公告)号：US08266717B2

公开(公告)日：2012-09-11

申请号：US11779763

申请日：2007-07-18

Applicant: Yi-Shin Pan

Inventor： Yi-Shin Pan

IPC: G06F21/02

CPC classification number: G08C17/02 ,  G06F21/567

Abstract: A monitoring device for a computing device of a computer system includes a remote control module, and a wireless receiving unit disposed on a computing device. The computing device includes an input/output control unit connected electrically to a central processing unit. The remote control module includes a microprocessor, and a connecting interface, a plurality of key units, and a wireless transmitting unit connected electrically to the microprocessor. Each of the key units is depressible to generate a control signal which is transmitted to the microprocessor. The microprocessor transmits the control signal to the input/output control unit through the connecting interface or the wireless transmitting and receiving units according to whether the connecting interface is connected to or disconnected from the input/output control unit so as to communicate with the computing device, thereby protecting the computer system and permitting power management.

Abstract translation: 一种用于计算机系统的计算装置的监视装置，包括远程控制模块和设置在计算装置上的无线接收单元。 计算装置包括与中央处理单元电连接的输入/输出控制单元。 遥控模块包括微处理器，连接接口，多个键单元以及与微处理器电连接的无线发送单元。 每个关键单元是可压制的，以产生传送到微处理器的控制信号。 微处理器根据连接接口是否连接到输入/输出控制单元或与输入/输出控制单元断开以通过连接接口或无线发射和接收单元将控制信号发送到输入/输出控制单元，以便与计算设备 从而保护计算机系统并允许电力管理。

公开(公告)号：US20120124393A1

公开(公告)日：2012-05-17

申请号：US13273016

申请日：2011-10-13

Applicant: Lakshminarasimhan SETHUMADHAVAN ,  Adam Waksman

Inventor： Lakshminarasimhan SETHUMADHAVAN ,  Adam Waksman

IPC: G06F21/02 ,  G06F1/24 ,  G06F1/26

CPC classification number: H04L9/002 ,  G06F21/76 ,  H04L9/008 ,  H04L2209/16

Abstract: Methods for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected. A timer is repeatedly initiated for a period less than a validation epoch, and the hardware units are reset upon expiration of the timer to prevent activation of a time-based backdoor. Data being sent to the hardware unit is encrypted in an encryption element to render it unrecognizable to a single-shot cheat code hardware backdoor present in the hardware unit. The instructions being sent to the hardware unit are reordered randomly or pseudo-randomly, with determined sequential restraints, using an reordering element, to render an activation instruction sequence embedded in the instructions unrecognizable to a sequence cheat code hardware backdoor present in the hardware unit.

Abstract translation: 用于防止安装在数字电路中的硬件后门的激活的方法，所述数字电路包括要被保护的一个或多个硬件单元。 定时器在小于验证时期的周期内重复启动，并且硬件单元在计时器到期时复位，以防止启动基于时间的后门。 被发送到硬件单元的数据在加密元素中被加密，以使它无法识别到存在于硬件单元中的单一作弊代码硬件后门。 发送到硬件单元的指令被随机地或伪随机地重新排序，使用重新排序元素确定的顺序限制来呈现嵌入在硬件单元中存在的序列作弊码硬件后门的无法识别的指令中的激活指令序列。

公开(公告)号：US20110202948A1

公开(公告)日：2011-08-18

申请号：US13027834

申请日：2011-02-15

Applicant: Marco Bildgen ,  Jean Devin

Inventor： Marco Bildgen ,  Jean Devin

IPC: H04H60/32 ,  G06F21/02 ,  G06F21/22 ,  G06F19/00

CPC classification number: H04N7/1675 ,  G06F21/10 ,  G06F21/552 ,  G06F21/77 ,  G06F2221/0797 ,  G06F2221/2105 ,  G06F2221/2151 ,  G06F2221/2153 ,  H04L9/004 ,  H04L9/0637 ,  H04L63/1441 ,  H04N21/4181 ,  H04N21/4424 ,  H04N21/4432 ,  H04N21/4623

Abstract: A method may be for detecting potentially suspicious operation of an electronic device configured to operate in the course of activity sessions. The method may include within the device, a metering, from an initial instant of the number of activity sessions having a duration below a first threshold, and a comparison of this number with a second threshold.

Abstract translation: 一种方法可以用于检测被配置为在活动会话过程中操作的电子设备的潜在的可疑操作。 所述方法可以在所述设备内包括从具有低于第一阈值的持续时间的活动会话的数量的初始时刻的计量，以及所述数量与第二阈值的比较。

公开(公告)号：US07930563B2

公开(公告)日：2011-04-19

申请号：US12165908

申请日：2008-07-01

Applicant: Timothy David Ebringer ,  Sachiko Yoshihama ,  Seiji Munetoh ,  Hiroshi Maruyama

Inventor： Timothy David Ebringer ,  Sachiko Yoshihama ,  Seiji Munetoh ,  Hiroshi Maruyama

IPC: G06F21/02 ,  G06F12/16 ,  G06F21/24

CPC classification number: G06F21/57 ,  G06F21/445 ,  G06F21/645 ,  G06F2221/2103 ,  G06F2221/2115 ,  G06F2221/2129 ,  G06F2221/2153

Abstract: A platform configuration measurement device including: a configuration register; means for executing extension processing in which a predetermined operation is performed on a content of the configuration register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the configuration register; and measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values, random extension means is provided for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.

Abstract translation: 一种平台配置测量装置，包括：配置寄存器; 用于执行扩展处理的装置，其中通过使用给定的附加值对配置寄存器的内容执行预定操作，通过将预定散列函数应用于通过预定操作获得的值来获得散列值，并且散列值 被设置为配置寄存器的新内容; 以及测量扩展装置，用于通过对预定的组件顺序地进行预定的测量来获得对应于构成平台的预定组件的测量值，并且允许用于执行扩展处理的装置使用测量值来执行扩展处理作为附加值， 提供随机扩展装置，用于允许执行扩展处理的装置使用随机值作为附加值来执行扩展处理。

公开(公告)号：US07840803B2

公开(公告)日：2010-11-23

申请号：US10407603

申请日：2003-04-04

Applicant: Dwaine Clarke ,  Blaise Gassend ,  Marten Van Dijk ,  Srinivas Devadas

Inventor： Dwaine Clarke ,  Blaise Gassend ,  Marten Van Dijk ,  Srinivas Devadas

IPC: G08B29/00 ,  G06F21/02 ,  H01L23/58

CPC classification number: G06F21/31 ,  G06F21/72 ,  G06F21/73 ,  G06F21/77 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2103 ,  G06F2221/2121 ,  G06F2221/2129 ,  G06F2221/2153 ,  G06Q20/3674 ,  G09C1/00 ,  H01L23/544 ,  H01L23/576 ,  H01L2223/54433 ,  H01L2223/5444 ,  H01L2223/54473 ,  H01L2924/0002 ,  H04L9/0897 ,  H04L9/3278 ,  H04L2209/34 ,  H04L2209/42 ,  H01L2924/00

Abstract: A group of devices are fabricated based on a common design, each device having a corresponding plurality of measurable characteristics that is unique in the group to that device, each device having a measurement module for measuring the measurable characteristics. Authentication of one of the group of devices is enabled by selective measurement of one or more of the plurality of measurable characteristics of the device.

Abstract translation: 基于共同设计制造一组设备，每个设备具有对于该设备的组中唯一的相应多个可测量特性，每个设备具有用于测量可测量特性的测量模块。 通过选择性地测量设备的多个可测量特性中的一个或多个来启用该组设备之一的认证。