专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080120481A1 Methods For Protection Of Data Integrity Of Updatable Data Against Unauthorized Modification 审中-公开
标题翻译：用于保护可更新数据的数据完整性的方法用于未经授权的修改
公开(公告)号：US20080120481A1
公开(公告)日：2008-05-22
申请号：US11837544
申请日：2007-08-13
申请人： Boris Dolgunov , Rami Koren
发明人： Boris Dolgunov , Rami Koren
IPC分类号： G06F12/00
CPC分类号： G06F21/6218 , G06F11/1008 , G06F11/1402
摘要： The present invention discloses methods for protecting data integrity of updatable data against unauthorized modification. A method for protecting data integrity of updatable data in a storage system, the method including the steps of: storing a data copy of the data in the storage system; upon storing the data copy, transforming the data copy into at least one transformed copy of the data; storing at least one transformed copy in the storage system; upon a request to read the data, reading the data copy and at least one transformed copy; transform-comparing the data copy and at least one transformed copy; and designating the data integrity of the data as verified contingent upon the data copy and at least one transformed copy being identical.
摘要翻译：本发明公开了用于保护可更新数据的数据完整性以防止未经授权的修改的方法。一种用于保护存储系统中可更新数据的数据完整性的方法，所述方法包括以下步骤：将所述数据的数据副本存储在所述存储系统中; 在存储数据副本时，将数据拷贝变换成数据的至少一个经变换的副本; 将至少一个转换的副本存储在所述存储系统中; 在读取数据的请求时，读取数据副本和至少一个转换的副本; 转换 - 比较数据副本和至少一个转换的副本; 并且指定数据的数据完整性，这是根据数据拷贝验证的，并且至少一个转换的拷贝是相同的。

2. 发明授权

US08392714B2 Secure overlay manager protection 有权
标题翻译：安全覆盖管理器保护
公开(公告)号：US08392714B2
公开(公告)日：2013-03-05
申请号：US12255229
申请日：2008-10-21
申请人： Boris Dolgunov , Yonatan Halevi , Eran Shen , Amir Samuelov , Niv Cohen , Michael Holtzman , Rotem Sela
发明人： Boris Dolgunov , Yonatan Halevi , Eran Shen , Amir Samuelov , Niv Cohen , Michael Holtzman , Rotem Sela
IPC分类号： H04L9/32
CPC分类号： G06F21/57 , G06F21/572
摘要： A method for protection of data includes maintaining a control parameter indicative of a current version of the data. The data is partitioned into multiple segments. Respective signatures of the segments are computed, responsively to the control parameter, the segments and respective signatures forming respective signed input segments, which are stored in a memory. After the signed input segments are stored, a signed output segment is fetched from the memory. The signature of the signed output segment is verified responsively to the control parameter, and the data in the signed output segment is processed responsively to verifying the signature.
摘要翻译：用于保护数据的方法包括维护指示数据的当前版本的控制参数。数据被分割成多个段。响应于控制参数，形成分别存储在存储器中的相应带符号输入段的段和相应签名来计算段的相应签名。在有符号输入段被存储之后，从存储器中取出带符号的输出段。响应于控制参数验证有符号输出段的签名，并且响应地处理签名输出段中的数据以验证签名。

3. 发明授权

US08266446B2 Software protection against fault attacks 有权
标题翻译：防止故障攻击的软件保护
公开(公告)号：US08266446B2
公开(公告)日：2012-09-11
申请号：US12253394
申请日：2008-10-17
申请人： Boris Dolgunov , Arseniy Aharonov , Raphael Slepon Ben-Yaish
发明人： Boris Dolgunov , Arseniy Aharonov , Raphael Slepon Ben-Yaish
IPC分类号： G06F12/14
CPC分类号： G06F21/556
摘要： A method for protecting information in a device includes providing a device with a non-secure hardware domain, a processor having a software-controlled mode of operation, and a secure hardware domain having a secure memory that is inaccessible by the processor when the processor is operating in the software-controlled mode of operation. Data from the non-secure hardware domain is established in the secure hardware domain. Computing operations are executed on the data in the secure hardware domain to produce a result. The secure hardware domain is purged, while retaining the result therein. The result is thereafter returned from the secure hardware domain into the non-secure hardware domain.
摘要翻译：一种用于保护设备中的信息的方法包括：提供具有非安全硬件域的设备，具有软件控制操作模式的处理器，以及具有安全存储器的安全硬件域，所述安全存储器在处理器为以软件控制的操作模式运行。来自非安全硬件域的数据建立在安全的硬件领域。对安全硬件域中的数据执行计算操作以产生结果。清除安全硬件域，同时保留其中的结果。之后，结果从安全硬件域返回到非安全的硬件域。

4. 发明申请

US20110314296A1 Host Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme 有权
标题翻译：使用双加密方案在第一和第二存储设备之间通信密码的主机设备和方法
公开(公告)号：US20110314296A1
公开(公告)日：2011-12-22
申请号：US13073740
申请日：2011-03-28
申请人： Boris Dolgunov , Eyal Sobol , David Matot , Vered Babayov
发明人： Boris Dolgunov , Eyal Sobol , David Matot , Vered Babayov
IPC分类号： G06F21/00
CPC分类号： G06F21/34 , G06F21/31
摘要： A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device.
摘要翻译：第一存储设备通过使用双加密方案经由主机设备在第一存储设备和第二存储设备之间传送密码来向主机设备提供对专用存储器区域的访问。在一个实施例中，主机设备从第一存储设备接收两次加密的密码，将二次加密的密码发送到第二存储设备，从第二存储设备接收一次加密的密码，将一次加密的密码解密为获取密码，并将密码发送到第一个存储设备。在另一个实施例中，第一存储设备向主机设备发送两次加密的密码，在由第二存储设备和主设备解密两次加密的密码之后从主机设备接收密码，并向主机设备提供仅当密码与存储在第一存储设备中的密码匹配时，才能访问私有内存区域。

5. 发明授权

US07979628B2 Re-flash protection for flash memory 有权
标题翻译：重新闪存保护闪存
公开(公告)号：US07979628B2
公开(公告)日：2011-07-12
申请号：US12252930
申请日：2008-10-16
申请人： Boris Dolgunov , Arseniy Aharonov
发明人： Boris Dolgunov , Arseniy Aharonov
IPC分类号： G06F12/00 , G06F13/00 , G06F13/28
CPC分类号： G06F21/554 , G06F21/64 , G06F21/79
摘要： A method for storing data includes providing a memory package including an integrated circuit containing a non-volatile memory and counter circuitry. The data is written to the non-volatile memory. The counter circuitry is operated to maintain a count of write operations performed on the non-volatile memory. The data and the count from the memory package are received at a controller, separate from the memory package, and the data is authenticated in response to the count.
摘要翻译：一种用于存储数据的方法包括提供包括包含非易失性存储器和计数器电路的集成电路的存储器包。数据被写入非易失性存储器。操作计数器电路以维持对非易失性存储器执行的写入操作的计数。来自存储器包的数据和计数在与存储器包分开的控制器处被接收，并且数据被认证以响应于计数。

6. 发明申请

US20100332855A1 Method and Memory Device for Performing an Operation on Data 有权
标题翻译：用于执行数据操作的方法和存储器件
公开(公告)号：US20100332855A1
公开(公告)日：2010-12-30
申请号：US12495302
申请日：2009-06-30
申请人： Boris Dolgunov , Michael Holtzman , Ron Barzilai , Eran Shen
发明人： Boris Dolgunov , Michael Holtzman , Ron Barzilai , Eran Shen
IPC分类号： G06F12/14
CPC分类号： G06F13/385
摘要： A method and memory device for implementing long operations and supporting multiple streams are provided. In one embodiment, a memory device receives data and a command from a host to perform an operation on the data, wherein a time required for the memory device to complete the operation exceeds a maximum response time for the memory device to respond to the command. The memory device begins performing the operation on the data and, before exceeding the maximum response time and before completing the operation, sends the context of the operation to the host. At a later time, the memory device receives from the host: (i) a command to resume performing the operation and (ii) the context. The memory device then resumes performing the operation on the data based on the context received from the host.
摘要翻译：提供了一种用于实现长操作并支持多个流的方法和存储器件。在一个实施例中，存储器设备从主机接收数据和命令以执行对数据的操作，其中存储器设备完成操作所需的时间超过存储器设备响应命令的最大响应时间。存储设备开始对数据执行操作，并且在超过最大响应时间之前并且在完成操作之前，将操作的上下文发送到主机。在稍后的时间，存储器装置从主机接收：（i）恢复执行操作的命令和（ii）上下文。然后，存储器设备基于从主机接收的上下文恢复对数据的操作。

7. 发明申请

US20090113217A1 MEMORY RANDOMIZATION FOR PROTECTION AGAINST SIDE CHANNEL ATTACKS 有权
标题翻译：用于保护边界通道攻击的记忆随机
公开(公告)号：US20090113217A1
公开(公告)日：2009-04-30
申请号：US12254225
申请日：2008-10-20
申请人： Boris Dolgunov , Arseniy Aharonov
发明人： Boris Dolgunov , Arseniy Aharonov
IPC分类号： H04L9/06
CPC分类号： G06F21/556 , G06F12/1408 , H04L9/0894
摘要： Side channel attacks against a computing device are prevented by combinations of scrambling data to be stored in memory and scrambling the memory addresses of the data using software routines to execute scrambling and descrambling functions. Encrypted versions of variables, data and lookup tables, commonly employed in cryptographic algorithms, are thus dispersed into pseudorandom locations. Data and cryptographic primitives that require data-dependent memory accesses are thus shielded from attacks that could reveal memory access patterns and compromise cryptographic keys.
摘要翻译：通过将要存储在存储器中的加扰数据的组合和使用软件例程对数据的存储器地址进行加扰来执行加扰和解扰功能来防止针对计算设备的侧向信道攻击。通常在加密算法中使用的变量，数据和查找表的加密版本因此分散到伪随机位置。因此，需要依赖数据的内存访问的数据和加密原语可以防止可能暴露内存访问模式和危及加密密钥的攻击。

8. 发明授权

US08694790B2 Storage device and method for communicating a password between first and second storage devices using a double-encryption scheme 有权
标题翻译：用于使用双加密方案在第一和第二存储设备之间传送密码的存储设备和方法
公开(公告)号：US08694790B2
公开(公告)日：2014-04-08
申请号：US13073729
申请日：2011-03-28
申请人： Boris Dolgunov , Eyal Sobol , David Matot , Vered Babayov
发明人： Boris Dolgunov , Eyal Sobol , David Matot , Vered Babayov
IPC分类号： G06F21/31 , G06F21/10
CPC分类号： G06F21/34 , G06F21/31
摘要： A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device.
摘要翻译：第一存储设备通过使用双加密方案经由主机设备在第一存储设备和第二存储设备之间传送密码来向主机设备提供对专用存储器区域的访问。在一个实施例中，主机设备从第一存储设备接收两次加密的密码，将二次加密的密码发送到第二存储设备，从第二存储设备接收一次加密的密码，将一次加密的密码解密为获取密码，并将密码发送到第一个存储设备。在另一个实施例中，第一存储设备向主机设备发送两次加密的密码，在由第二存储设备和主设备解密两次加密的密码之后从主机设备接收密码，并向主机设备提供仅当密码与存储在第一存储设备中的密码匹配时，才能访问私有内存区域。

9. 发明申请

US20120317423A1 Memory randomization for protection against side channel attacks 有权
公开(公告)号：US20120317423A1
公开(公告)日：2012-12-13
申请号：US13486668
申请日：2012-06-01
申请人： Boris Dolgunov , Arseniy Aharonov
发明人： Boris Dolgunov , Arseniy Aharonov
IPC分类号： G06F12/14
CPC分类号： G06F21/556 , G06F12/1408 , H04L9/0894
摘要： Side channel attacks against a computing device are prevented by combinations of scrambling data to be stored in memory and scrambling the memory addresses of the data using software routines to execute scrambling and descrambling functions. Encrypted versions of variables, data and lookup tables, commonly employed in cryptographic algorithms, are thus dispersed into pseudorandom locations. Data and cryptographic primitives that require data-dependent memory accesses are thus shielded from attacks that could reveal memory access patterns and compromise cryptographic keys.

10. 发明申请

US20120185442A1 Write Failure Protection for Hierarchical Integrity Schemes 有权
标题翻译：写层次完整性方案的失效保护
公开(公告)号：US20120185442A1
公开(公告)日：2012-07-19
申请号：US13327365
申请日：2011-12-15
申请人： Arsenly Aharonov , Boris Dolgunov
发明人： Arsenly Aharonov , Boris Dolgunov
IPC分类号： G06F17/30
CPC分类号： G06F21/64 , G06F21/78
摘要： A method for data integrity protection includes arranging in an integrity hierarchy a plurality of data blocks, which contain data. The integrity hierarchy includes multiple levels of signature blocks containing signatures computed respectively over lower levels in the hierarchy, wherein the levels culminate in a top-level block containing a top-level signature computed over the hierarchy. A modification to be made in the data stored in a given data block is received. One or more of the signatures is recomputed in response to the modification, including the top-level signature. Copies of the given data block, and of the signature blocks, including a copy of the top-level block, are stored in respective locations in a storage medium. An indication that the copy is a valid version of the top-level block is recorded in the copy of the top-level block.
摘要翻译：一种用于数据完整性保护的方法包括在完整性层级中布置包含数据的多个数据块。完整性层次结构包括多个级别的签名块，其包含分别在层次结构中的较低级别上计算的签名，其中级别最终导致包含在层次结构上计算的顶级签名的顶级块。接收在给定数据块中存储的数据中进行的修改。响应于修改重新计算一个或多个签名，包括顶级签名。给定数据块和包括顶级块的副本的签名块的副本存储在存储介质中的相应位置中。该副本是顶级块的有效版本的指示被记录在顶级块的副本中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式