专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08826039B2 Apparatus and method for providing hardware security 有权
标题翻译：提供硬件安全性的装置和方法
公开(公告)号：US08826039B2
公开(公告)日：2014-09-02
申请号：US12714383
申请日：2010-02-26
申请人： Paul Chou , Love Kothari , Lawrence J. Madar, III
发明人： Paul Chou , Love Kothari , Lawrence J. Madar, III
IPC分类号： G06F12/14
CPC分类号： G06F21/72 , G06F12/14
摘要： A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.
摘要翻译：一种提供硬件安全模块的技术，其提供用于将安全密钥保持在安全边界内的安全边界，并防止从安全边界外部的外部源的未经授权的访问以获得安全密钥。硬件安全模块包括一个安全处理器，用于对安全边界内的安全密钥进行解包和认证，以对数据进行解密或加密，并通过与外部源通信的单一接口提供数据，从而在安全边界之间传输所有数据，由硬件安全模块和外部源仅通过接口传输。硬件安全模块确保没有解开的密钥离开硬件安全模块建立的安全边界。

2. 发明申请

US20110191599A1 Apparatus and method for providing hardware security 有权
标题翻译：提供硬件安全性的装置和方法
公开(公告)号：US20110191599A1
公开(公告)日：2011-08-04
申请号：US12714383
申请日：2010-02-26
申请人： Paul Chou , Love Kothari , Lawrence J. Madar, III
发明人： Paul Chou , Love Kothari , Lawrence J. Madar, III
IPC分类号： G06F12/14
CPC分类号： G06F21/72 , G06F12/14
摘要： A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.
摘要翻译：一种提供硬件安全模块的技术，其提供用于将安全密钥保持在安全边界内的安全边界，并防止从安全边界外部的外部源的未经授权的访问以获得安全密钥。硬件安全模块包括一个安全处理器，用于对安全边界内的安全密钥进行解包和认证，以对数据进行解密或加密，并通过与外部源通信的单一接口提供数据，从而在安全边界之间传输所有数据，由硬件安全模块和外部源仅通过接口传输。硬件安全模块确保没有解开的密钥离开硬件安全模块建立的安全边界。

3. 发明申请

US20110191562A1 Apparatus and method for partitioning, sandboxing and protecting external memories 审中-公开
标题翻译：用于分割，沙箱和保护外部存储器的装置和方法
公开(公告)号：US20110191562A1
公开(公告)日：2011-08-04
申请号：US12714367
申请日：2010-02-26
申请人： Paul Chou , Love Kothari , Lawrence J. Madar, III , Ravi Sreenivasa Setty , Dharmvir Singh
发明人： Paul Chou , Love Kothari , Lawrence J. Madar, III , Ravi Sreenivasa Setty , Dharmvir Singh
IPC分类号： G06F12/14 , G06F12/06
CPC分类号： G06F12/06 , G06F12/14
摘要： A technique to provide an integrated circuit that performs memory partitioning to partition a memory into a plurality of regions, in which the memory is accessed by a plurality of heterogeneous processing devices that operate to access the memory. The integrated circuit also assigns a security level for each region of the memory and permits a memory access by a transaction to a particular region of the memory, only when a level of security assigned to the transaction meets or exceeds the assigned security level for the particular region. The integrated circuit also performs sandboxing by assigning which of the plurality of processing devices are permitted access to each of the plurality of regions. The integrated circuit may implement only the security level function or only the sandboxing function, or the integrated circuit may implement them both. In some instances, a scrambling/descrambling function is included to scramble/descramble data. In one application, the integrated circuit is included within a mobile phone.
摘要翻译：一种提供集成电路的技术，其执行存储器分区以将存储器分割成多个区域，其中存储器被操作以访问存储器的多个异构处理设备访问。集成电路还为存储器的每个区域分配安全级别，并且仅当分配给事务的安全级满足或超过特定的分配的安全级别时才允许通过存储器的特定区域的事务的存储器访问地区。集成电路还通过分配多个处理设备中的哪一个被允许访问多个区域中的每一个来执行沙箱。集成电路只能实现安全级别功能或仅实施沙盒功能，或者集成电路可以实现它们。在一些情况下，加扰/解扰功能被包括以加扰/解扰数据。在一个应用中，集成电路被包括在移动电话中。

4. 发明申请

US20100146303A1 PROTECTING EXTERNAL VOLATILE MEMORIES USING LOW LATENCY ENCRYPTION/DECRYPTION 有权
标题翻译：使用低延迟加密/分解保护外部挥发性记忆
公开(公告)号：US20100146303A1
公开(公告)日：2010-06-10
申请号：US12614383
申请日：2009-11-06
申请人： Love Kothari , Lawrence J. Madar, III
发明人： Love Kothari , Lawrence J. Madar, III
IPC分类号： G06F12/14 , H04L9/06 , G06F7/58
CPC分类号： G06F12/1408 , G06F21/10 , G06F21/79 , G06F2221/2107 , H04L9/0625 , H04L2209/08 , H04L2209/24 , Y02D10/13
摘要： A data processing apparatus includes a volatile memory, a random number generator adapted for generating random numbers from which one or more keys are generated, and a memory encryption unit (MEU). The MEU is configured to receive an N-bit block of data and to divide the N-bit block of data into two more sub-blocks of data, where each sub-block contains fewer than N-bits. The MEU is further configured to encrypt each sub-block of data using the one more keys, to combine the encrypted sub-blocks into an N-bit block of encrypted data, and to write the encrypted N-bit block of data to the volatile memory.
摘要翻译：一种数据处理装置，包括易失性存储器，适于产生生成一个或多个密钥的随机数的随机数发生器和存储器加密单元（MEU）。 MEU被配置为接收N位数据块并且将N位数据块划分为两个更多的数据子块，其中每个子块包含少于N位。 MEU还被配置为使用一个以上的密钥来加密数据的每个子块，将加密的子块组合成N位的加密数据块，并将加密的N位数据块写入到易失性记忆。

5. 发明授权

US08745411B2 Protecting external volatile memories using low latency encryption/decryption 有权
标题翻译：使用低延迟加密/解密保护外部易失性存储器
公开(公告)号：US08745411B2
公开(公告)日：2014-06-03
申请号：US12614383
申请日：2009-11-06
申请人： Love Kothari , Lawrence J. Madar, III
发明人： Love Kothari , Lawrence J. Madar, III
IPC分类号： G06F21/00
CPC分类号： G06F12/1408 , G06F21/10 , G06F21/79 , G06F2221/2107 , H04L9/0625 , H04L2209/08 , H04L2209/24 , Y02D10/13
摘要： A data processing apparatus includes a volatile memory, a random number generator adapted for generating random numbers from which one or more keys are generated, and a memory encryption unit (MEU). The MEU is configured to receive an N-bit block of data and to divide the N-bit block of data into two more sub-blocks of data, where each sub-block contains fewer than N-bits. The MEU is further configured to encrypt each sub-block of data using the one more keys, to combine the encrypted sub-blocks into an N-bit block of encrypted data, and to write the encrypted N-bit block of data to the volatile memory.
摘要翻译：一种数据处理装置，包括易失性存储器，适于产生生成一个或多个密钥的随机数的随机数发生器和存储器加密单元（MEU）。 MEU被配置为接收N位数据块并且将N位数据块划分为两个更多的数据子块，其中每个子块包含少于N位。 MEU还被配置为使用一个以上的密钥来加密数据的每个子块，将加密的子块组合成N位的加密数据块，并将加密的N位数据块写入到易失性记忆。

6. 发明申请

US20110067110A1 METHOD AND SYSTEM FOR HARDWARE ENFORCED VIRTUALIZATION IN AN INTEGRATED CIRCUIT 有权
标题翻译：在集成电路中硬件实现虚拟化的方法和系统
公开(公告)号：US20110067110A1
公开(公告)日：2011-03-17
申请号：US12559154
申请日：2009-09-14
申请人： John Markey , Love Kothari , Paul Chou
发明人： John Markey , Love Kothari , Paul Chou
IPC分类号： G06F21/20 , G06F9/00
CPC分类号： G06F21/575 , G06F21/74 , G06F2221/2105
摘要： Aspects of a method and system for hardware enforced virtualization in an integrated circuit are provided. In this regard, a mode of operation of an integrated circuit may be controlled such that the integrated circuit alternates between a secure mode of operation and an open mode of operation. Various resources of the integrated circuit may be designated as open or secure, and secure resources may be made inaccessible while the integrated circuit operates in the open mode. Access to the secure resources may be controlled based on a configuration of one or more registers and/or switching elements. Resources designated as secure may comprise, for example, a one-time-programmable memory. The integrated circuit may comprise ROM and/or one-time-programmable memory that stores one or more instructions, wherein execution of the one or more instructions may control transitions between the secure mode and the open mode.
摘要翻译：提供了集成电路中用于硬件强制虚拟化的方法和系统的方面。在这方面，可以控制集成电路的操作模式，使得集成电路在安全操作模式和开放操作模式之间交替。集成电路的各种资源可以被指定为开放的或安全的，并且当集成电路在开放模式下操作时，可以使安全的资源变得不可访问。可以基于一个或多个寄存器和/或开关元件的配置来控制对安全资源的访问。指定为安全的资源可以包括例如一次性可编程存储器。集成电路可以包括存储一个或多个指令的ROM和/或一次可编程存储器，其中一个或多个指令的执行可以控制安全模式和打开模式之间的转换。

7. 发明申请

US20110066835A1 METHOD AND SYSTEM FOR SECURELY PROTECTING A SEMICONDUCTOR CHIP WITHOUT COMPROMISING TEST AND DEBUG CAPABILITIES 失效
标题翻译：在不影响测试和调试能力的情况下安全地保护半导体芯片的方法和系统
公开(公告)号：US20110066835A1
公开(公告)日：2011-03-17
申请号：US12559242
申请日：2009-09-14
申请人： Love Kothari , Paul Chou , John Markey
发明人： Love Kothari , Paul Chou , John Markey
IPC分类号： G06F15/177
CPC分类号： G06F21/33 , G06F11/3648
摘要： A semiconductor chip may be operable to block the debug interfaces when the semiconductor chip boots up from the boot read-only memory (ROM). The semiconductor chip may be operable to authenticate a debug certificate received by the semiconductor chip and enable one or more debug interfaces in the semiconductor chip based on the information resulting from the authentication of the debug certificate. The debug certificate may be in a form of a cryptographic public key certificate. A unique device ID which may be generated at boot and stored in the memory may be used by the semiconductor chip to authenticate the debug certificate. The device ID may be generated using the cryptographic public key that is stored in the one-time programmable (OTP) memory in the semiconductor chip and a cryptographic hash algorithm.
摘要翻译：当半导体芯片从引导只读存储器（ROM）启动时，半导体芯片可以用于阻止调试接口。半导体芯片可以用于对由半导体芯片接收到的调试证书进行认证，并且基于从调试证书的认证得到的信息来启用半导体芯片中的一个或多个调试接口。调试证书可以是加密公钥证书的形式。半导体芯片可以在启动时产生并存储在存储器中的独特的设备ID用于认证调试证书。可以使用存储在半导体芯片中的一次可编程（OTP）存储器中的密码公钥和密码散列算法来生成设备ID。

8. 发明申请

US20130047272A1 INTEGRATED CIRCUIT FOR PREVENTING CHIP SWAPPING AND/OR DEVICE CLONING IN A HOST DEVICE 有权
标题翻译：用于防止主机设备中的芯片切换和/或设备克隆的集成电路
公开(公告)号：US20130047272A1
公开(公告)日：2013-02-21
申请号：US13250529
申请日：2011-09-30
申请人： Love Kothari , Paul Chou
发明人： Love Kothari , Paul Chou
IPC分类号： G06F17/00
CPC分类号： H03L7/0802 , G06F1/26 , G06F1/32 , G06F1/3203 , G06F1/3228 , G06F12/14 , G06F21/44 , H01L2924/0002 , H03K3/0315 , H03K3/037 , H03K3/0375 , H03K5/133 , H03K19/01 , H03K2005/00019 , H03K2005/00026 , H03K2005/00058 , H03L7/097 , H03L7/0997 , H01L2924/00
摘要： An integrated circuit is disclosed that can be included in a host electronic device that can be commonly manufactured, where the integrated circuit can be designated (“locked”) for a specific manufacturer, thereby substantially reducing the likelihood that a third party will be able to successfully clone a host electronic device manufactured by the specific manufacturer and/or swap the chip containing the integrated circuit for one having more enabled features. The integrated circuit includes an ID module that can be programmed after fabrication. Components within the integrated circuit designate manufacturer-specific configurations (e.g., address mapping, pin routing and/or vital function releasing) based on the programmed manufacturer ID. As a result, once the integrated circuit has been programmed with the manufacturer ID, the integrated circuit will function correctly only within a host device manufactured by the manufacturer associated with the programmed manufacturer ID.
摘要翻译：公开了一种集成电路，其可以被包括在可以被共同制造的主机电子设备中，其中集成电路可以被指定（锁定）用于特定制造商，从而显着降低第三方将能够成功克隆的可能性由特定制造商制造的主机电子设备和/或将包含集成电路的芯片交换为具有更多启用特征的芯片。集成电路包括可在制造后编程的ID模块。集成电路中的组件基于编程的制造商ID指定制造商特定的配置（例如，地址映射，引脚布线和/或重要功能释放）。因此，一旦集成电路已经用制造商ID编程，集成电路将仅在制造商制造的与编程的制造商ID相关联的主机设备中正常工作。

9. 发明授权

US08732806B2 Method and system for hardware enforced virtualization in an integrated circuit 有权
标题翻译：集成电路中硬件强制虚拟化的方法和系统
公开(公告)号：US08732806B2
公开(公告)日：2014-05-20
申请号：US12559154
申请日：2009-09-14
申请人： John Markey , Love Kothari , Paul Chou
发明人： John Markey , Love Kothari , Paul Chou
IPC分类号： G06F21/00
CPC分类号： G06F21/575 , G06F21/74 , G06F2221/2105
摘要： Aspects of a method and system for hardware enforced virtualization in an integrated circuit are provided. In this regard, a mode of operation of an integrated circuit may be controlled such that the integrated circuit alternates between a secure mode of operation and an open mode of operation. Various resources of the integrated circuit may be designated as open or secure, and secure resources may be made inaccessible while the integrated circuit operates in the open mode. Access to the secure resources may be controlled based on a configuration of one or more registers and/or switching elements. Resources designated as secure may comprise, for example, a one-time-programmable memory. The integrated circuit may comprise ROM and/or one-time-programmable memory that stores one or more instructions, wherein execution of the one or more instructions may control transitions between the secure mode and the open mode.
摘要翻译：提供了集成电路中用于硬件强制虚拟化的方法和系统的方面。在这方面，可以控制集成电路的操作模式，使得集成电路在安全操作模式和开放操作模式之间交替。集成电路的各种资源可以被指定为开放的或安全的，并且当集成电路在开放模式下操作时，可以使安全的资源变得不可访问。可以基于一个或多个寄存器和/或开关元件的配置来控制对安全资源的访问。指定为安全的资源可以包括例如一次性可编程存储器。集成电路可以包括存储一个或多个指令的ROM和/或一次可编程存储器，其中一个或多个指令的执行可以控制安全模式和打开模式之间的转换。

10. 发明授权

US08644499B2 Method and system for securely protecting a semiconductor chip without compromising test and debug capabilities 失效
标题翻译：在不影响测试和调试能力的情况下安全地保护半导体芯片的方法和系统
公开(公告)号：US08644499B2
公开(公告)日：2014-02-04
申请号：US12559242
申请日：2009-09-14
申请人： Love Kothari , Paul Chou , John Markey
发明人： Love Kothari , Paul Chou , John Markey
IPC分类号： H04K1/00 , G06F9/00
CPC分类号： G06F21/33 , G06F11/3648
摘要： A semiconductor chip may be operable to block the debug interfaces when the semiconductor chip boots up from the boot read-only memory (ROM). The semiconductor chip may be operable to authenticate a debug certificate received by the semiconductor chip and enable one or more debug interfaces in the semiconductor chip based on the information resulting from the authentication of the debug certificate. The debug certificate may be in a form of a cryptographic public key certificate. A unique device ID which may be generated at boot and stored in the memory may be used by the semiconductor chip to authenticate the debug certificate. The device ID may be generated using the cryptographic public key that is stored in the one-time programmable (OTP) memory in the semiconductor chip and a cryptographic hash algorithm.
摘要翻译：当半导体芯片从引导只读存储器（ROM）启动时，半导体芯片可以用于阻止调试接口。半导体芯片可以用于对由半导体芯片接收到的调试证书进行认证，并且基于从调试证书的认证得到的信息来启用半导体芯片中的一个或多个调试接口。调试证书可以是加密公钥证书的形式。半导体芯片可以在启动时产生并存储在存储器中的独特的设备ID用于认证调试证书。可以使用存储在半导体芯片中的一次可编程（OTP）存储器中的密码公钥和密码散列算法来生成设备ID。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式