专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明申请

US20150033012A1 SECURE PROCESSING ENVIRONMENT MEASUREMENT AND ATTESTATION 有权
标题翻译：安全处理环境测量和指导
公开(公告)号：US20150033012A1
公开(公告)日：2015-01-29
申请号：US13949192
申请日：2013-07-23
申请人： Vincent R. Scarlata , Carlos Rozas , Simon Johnson , Uday Savagaonkar , Rebekah Leslie-Hurd , Barry Huntley , Vedvyas Shanbhogue , Ittai Anati , Francis McKeen , Michael Goldsmith , William Wood , Shay Gueron
发明人： Vincent R. Scarlata , Carlos Rozas , Simon Johnson , Uday Savagaonkar , Rebekah Leslie-Hurd , Barry Huntley , Vedvyas Shanbhogue , Ittai Anati , Francis McKeen , Michael Goldsmith , William Wood , Shay Gueron
IPC分类号： H04L9/32
CPC分类号： H04L9/3242 , G06F9/3004 , H04L9/3234 , H04L2209/127
摘要： Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement.
摘要翻译：公开了用于安全处理环境测量和认证的发明的实施例。在一个实施例中，处理器包括指令单元和执行单元。指令单元将接收与构建或重建安全飞地相关联的第一条指令。执行单元执行第一条指令。当与构建相关联时，执行第一条指令包括对安全飞地的第一测量和第二测量的计算。当与重建相关联时，第一条指令的执行包括第二次测量的计算，而不计算第一次测量。

52. 发明授权

US08879725B2 Combining instructions including an instruction that performs a sequence of transformations to isolate one transformation 有权
标题翻译：组合指令，包括执行转换序列以隔离一个转换的指令
公开(公告)号：US08879725B2
公开(公告)日：2014-11-04
申请号：US12040214
申请日：2008-02-29
申请人： Shay Gueron , Zeev Sperber
发明人： Shay Gueron , Zeev Sperber
IPC分类号： H04K1/00 , H04L9/32 , H04L9/06 , G06F21/75
CPC分类号： H04L9/0681 , G06F9/30007 , G06F21/75 , G06F2221/2107 , G09C1/00 , H04L9/0631 , H04L2209/125 , H04L2209/24
摘要： The Advanced Encryption Standard (AES) is a symmetric block cipher that can encrypt and decrypt information. Encryption (cipher) performs a series of transformations (Shift Rows, Substitute Bytes, Mix Columns) using the secret key (cipher key) to transforms intelligible data referred to as “plaintext” into an unintelligible form referred to as “cipher text”. The transformations (Inverse Shift Rows, Inverse Substitute Bytes, Inverse Mix Columns) in the inverse cipher (decryption) are the inverse of the transformations in the cipher. Encryption and decryption is performed efficiently through the use of instructions that perform the series of transformations. Combinations of these instructions allow the isolation of the transformations (Shift Rows, Substitute Bytes, Mix Columns, Inverse Shift Rows, Inverse Substitute Bytes, Inverse Mix Columns) to be obtained.
摘要翻译：高级加密标准（AES）是可以加密和解密信息的对称块密码。加密（密码）使用秘密密钥（密码密钥）执行一系列转换（Shift Rows，Substitute Bytes，Mix Columns），将被称为“明文”的可理解数据转换成称为“密文”的无法理解的形式。反密码（解密）中的变换（逆位排，逆替换字节，反混合列）是密码中的变换的逆。通过使用执行一系列转换的指令来有效地执行加密和解密。这些指令的组合允许要获得的转换的隔离（Shift Rows，Substitution Bytes，Mix Columns，Inverse Shift Rows，Inverse Substitute Bytes，Inverse Mix Columns）。

53. 发明授权

US08799343B2 Modular exponentiation with partitioned and scattered storage of Montgomery Multiplication results 有权
标题翻译：使用蒙哥马利乘法结果的分区和分散存储进行模块化取幂
公开(公告)号：US08799343B2
公开(公告)日：2014-08-05
申请号：US13241137
申请日：2011-09-22
申请人： Shay Gueron , Vlad Krasnov
发明人： Shay Gueron , Vlad Krasnov
IPC分类号： G06F7/38
CPC分类号： G06F7/723 , G06F7/728 , G06F2207/7257
摘要： Embodiments of techniques and systems for side-channel-protected modular exponentiation are described. In embodiments, during a modular exponentiation calculation, Montgomery Multiplication (“MM”) results are produced. These MM results are scattered through a table for storage, such that storage of the values may not lead to discovery of a secret exponent value by a spy process through a side-channel attack. The scattering may be performed in order to reduce a number of per-result memory operations performed during each MM result storage or retrieval. In embodiments, a window size of 4 may be used in the modular exponentiation, along with partitioning of the MM result into 32-bit partition values which are scattered with offsets of 64-bytes. In embodiments, while use of a window size of 4 may result in additional MM calculations during modular exponentiation than other window sizes, the reduction in memory operations may provide a positive performance offset.
摘要翻译：描述了用于侧信道保护的模幂运算的技术和系统的实施例。在实施例中，在模幂乘计算期间，产生蒙哥马利乘法（“MM”）结果。这些MM结果分散在一个表中用于存储，这样，存储值可能不会导致间谍进程通过侧信道攻击发现秘密指数值。可以执行散射以便减少在每个MM结果存储或检索期间执行的每结果存储器操作的数量。在实施例中，可以在模幂运算中使用4的窗口大小，以及将MM结果划分为以64字节的偏移散布的32位分区值。在实施例中，尽管窗口大小为4的使用可能导致在模幂运算期间的额外的MM计算，而不是其他窗口大小，但存储器操作的减少可以提供正的性能偏移。

54. 发明申请

US20140089659A1 Method and apparatus for key provisioning of hardware devices 审中-公开
标题翻译：用于硬件设备密钥配置的方法和装置
公开(公告)号：US20140089659A1
公开(公告)日：2014-03-27
申请号：US13987807
申请日：2013-09-05
申请人： Ernest F. Brickell , Shay Gueron , Jiangtao Li , Carlos V. Rozas , Daniel Nemiroff , Vincent R. Scarlata , Uday R. Savagaonkar , Simon P. Johnson
发明人： Ernest F. Brickell , Shay Gueron , Jiangtao Li , Carlos V. Rozas , Daniel Nemiroff , Vincent R. Scarlata , Uday R. Savagaonkar , Simon P. Johnson
IPC分类号： H04L9/08
CPC分类号： H04L9/0816 , G06F21/572 , G06F21/73
摘要： Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.
摘要翻译：用于在平台中提供安全性的键控材料可以安全地在线和离线地配置到远程平台中的设备。密钥材料的安全配置基于安装在平台中的固件的修订版本。

55. 发明申请

US20130301826A1 SYSTEM, METHOD, AND PROGRAM FOR PROTECTING CRYPTOGRAPHIC ALGORITHMS FROM SIDE-CHANNEL ATTACKS 审中-公开
标题翻译：用于保护来自边界通道攻击的克隆算法的系统，方法和程序
公开(公告)号：US20130301826A1
公开(公告)日：2013-11-14
申请号：US13466444
申请日：2012-05-08
申请人： Shay GUERON , Vlad KRASNOV
发明人： Shay GUERON , Vlad KRASNOV
IPC分类号： H04L9/28
CPC分类号： H04L9/002 , H04L2209/08
摘要： A system for protecting algorithms from side-channel attacks includes a digital processor having a first register, a second register, and a third register; an execution unit; and a processing unit. The execution unit executes an iterative loop for computing a value of a variable and sets a value of the first register based on either an operation or an instruction (or both) within the iterative loop. The processing unit stores the computed value of the variable in the second register and stores a predefined constant in the third register. Side-channel protection may also be provided by a method, a processor, and a program stored on a computer-readable medium.
摘要翻译：用于保护来自侧信道攻击的算法的系统包括具有第一寄存器，第二寄存器和第三寄存器的数字处理器; 一个执行单元; 和处理单元。执行单元执行用于计算变量的值的迭代循环，并且基于迭代循环内的操作或指令（或两者）来设置第一寄存器的值。处理单元将计算出的变量值存储在第二寄存器中，并将预定常量存储在第三寄存器中。侧通道保护也可以由存储在计算机可读介质上的方法，处理器和程序提供。

56. 发明授权

US08538012B2 Performing AES encryption or decryption in multiple modes with a single instruction 有权
标题翻译：使用单个指令在多种模式下执行AES加密或解密
公开(公告)号：US08538012B2
公开(公告)日：2013-09-17
申请号：US11724005
申请日：2007-03-14
申请人： Martin Dixon , Srinivas Chennupaty , Shay Gueron
发明人： Martin Dixon , Srinivas Chennupaty , Shay Gueron
IPC分类号： H04K1/00 , H04L9/08 , G06F12/14
CPC分类号： H04L9/0631 , G06F9/30007 , H04L9/0637 , H04L9/28 , H04L2209/12
摘要： A machine-readable medium may have stored thereon an instruction, which when executed by a machine causes the machine to perform a method. The method may include combining a first operand of the instruction and a second operand of the instruction to produce a result. The result may be encrypted using a key in accordance with an Advanced Encryption Standard (AES) algorithm to produce an encrypted result. The method may also include placing the encrypted result in a location of the first operand of the instruction.
摘要翻译：机器可读介质可以在其上存储有指令，当由机器执行时，该指令使机器执行方法。该方法可以包括组合指令的第一操作数和指令的第二操作数以产生结果。可以使用根据高级加密标准（AES）算法的密钥来加密结果以产生加密结果。该方法还可以包括将加密结果放置在指令的第一操作数的位置。

57. 发明申请

US20130191699A1 INSTRUCTION-SET ARCHITECTURE FOR PROGRAMMABLE CYCLIC REDUNDANCY CHECK (CRC) COMPUTATIONS 有权
标题翻译：可编程循环冗余检查（CRC）计算的指导体系结构
公开(公告)号：US20130191699A1
公开(公告)日：2013-07-25
申请号：US13793358
申请日：2013-03-11
申请人： VINODH GOPAL , SHAY GUERON , GILBERT WOLRICH , WAJDI FEGHALI , KIRK YAP , BRADLEY BURRES
发明人： VINODH GOPAL , SHAY GUERON , GILBERT WOLRICH , WAJDI FEGHALI , KIRK YAP , BRADLEY BURRES
IPC分类号： H03M13/09
CPC分类号： G06F9/30145 , G06F9/30018 , G06F11/1004 , H03M13/09 , H03M13/091
摘要： A method and apparatus to perform Cyclic Redundancy Check (CRC) operations on a data block using a plurality of different n-bit polynomials is provided. A flexible CRC instruction performs a CRC operation using a programmable n-bit polynomial. The n-bit polynomial is provided to the CRC instruction by storing the n-bit polynomial in one of two operands.
摘要翻译：提供了使用多个不同的n位多项式对数据块执行循环冗余校验（CRC）操作的方法和装置。灵活的CRC指令使用可编程的n位多项式来执行CRC操作。通过将n位多项式存储在两个操作数之一中，将n位多项式提供给CRC指令。

58. 发明授权

US08468365B2 Tweakable encryption mode for memory encryption with protection against replay attacks 有权
标题翻译：可调整的加密模式，用于内存加密，防止重放攻击
公开(公告)号：US08468365B2
公开(公告)日：2013-06-18
申请号：US12890365
申请日：2010-09-24
申请人： Shay Gueron , Gideon Gerzon , Ittai Anati , Jacob Doweck , Moshe Maor
发明人： Shay Gueron , Gideon Gerzon , Ittai Anati , Jacob Doweck , Moshe Maor
IPC分类号： G06F21/00
CPC分类号： G06F12/1408 , G06F21/52 , G06F21/64
摘要： A method and apparatus for protecting against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. An incrementing mechanism using the “time stamp” indicator generates a tweak which separates different contexts over different times such that the effect of “Type 2 replay attacks” is mitigated.
摘要翻译：提供了一种用于防止对系统存储器的硬件攻击的方法和装置。分组密码的操作模式增强了标准的XTS-AES操作模式，通过扩展调整以包括“时间戳”指示符来执行存储器加密。使用“时间戳”指示符的增量机制产生了在不同时间分离不同上下文的调整，使得“类型2重放攻击”的效果得到缓解。

59. 发明授权

US08341356B2 Protected cache architecture and secure programming paradigm to protect applications 有权
标题翻译：保护缓存架构和安全编程范例来保护应用程序
公开(公告)号：US08341356B2
公开(公告)日：2012-12-25
申请号：US13099479
申请日：2011-05-03
申请人： Shlomo Raikin , Shay Gueron , Gad Sheaffer
发明人： Shlomo Raikin , Shay Gueron , Gad Sheaffer
IPC分类号： G06F12/06
CPC分类号： G06F12/0802 , G06F12/0804 , G06F12/1491 , G06F21/10
摘要： Embodiments of the present invention provide a secure programming paradigm, and a protected cache that enable a processor to handle secret/private information while preventing, at the hardware level, malicious applications from accessing this information by circumventing the other protection mechanisms. A protected cache may be used as a building block to enhance the security of applications trying to create, manage and protect secure data. Other embodiments are described and claimed.
摘要翻译：本发明的实施例提供了一种安全编程范例和受保护的高速缓存，其使得处理器能够处理秘密/专用信息，同时防止恶意应用程序通过规避其他保护机制来访问该信息。受保护的缓存可以用作构建块，以增强试图创建，管理和保护安全数据的应用程序的安全性。描述和要求保护其他实施例。

60. 发明申请

US20120265998A1 Methods And Apparatus For Authenticating Components Of Processing Systems 有权
标题翻译：用于认证加工系统部件的方法和装置
公开(公告)号：US20120265998A1
公开(公告)日：2012-10-18
申请号：US13532334
申请日：2012-06-25
申请人： Mohan J. Kumar , Shay Gueron
发明人： Mohan J. Kumar , Shay Gueron
IPC分类号： G06F21/00
CPC分类号： G06F21/57 , G06F21/575 , G06F2221/2129
摘要： When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.
摘要翻译：当处理系统引导时，它可以从非易失性存储器检索加密密钥的加密版本到处理单元，该处理单元可以解密密码密钥。处理系统还可以检索用于处理系统的软件的预定认证码，并且处理系统可以使用密码密钥来计算软件的当前认证码。然后，处理系统可以通过将预定认证码与当前认证码进行比较来确定软件是否应该被信任。在各种实施例中，处理单元可以使用存储在处理单元的非易失性存储器中的密钥对加密密钥的加密版本进行解密，散列消息认证码（HMAC）可以用作认证码，和/或软件被认证可以是启动固件，虚拟机监视器（VMM）或其他软件。描述和要求保护其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式