公开(公告)号：US12200130B1

公开(公告)日：2025-01-14

申请号：US17248066

申请日：2021-01-07

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Nagendra Gupta Modadugu ,  Neeraj Upasani

IPC: H04L9/32 ,  G06F1/16 ,  G06F3/14 ,  G06F21/52 ,  G06F21/64

Abstract: Systems, methods, and devices authenticate processor instructions stored by a read-only memory (ROM). In one example, a ROM stores a block of register words. The block of register words includes a first register word specifying an authentication tag and one or more register words that each specify an instruction. A security controller identifies the first register word as specifying the authentication tag and performs authentication of the authentication tag. Upon successfully authenticating the authentication tag, the security controller forwards the register words that each specify instructions to a processor for execution. Upon unsuccessfully authenticating the authentication tag, the security controller blocks the register words that each specify instructions from execution by the processor.

公开(公告)号：US11775448B2

公开(公告)日：2023-10-03

申请号：US18048302

申请日：2022-10-20

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Neeraj Upasani ,  Dinesh Patil

IPC: G06F12/14 ,  G06F12/1081 ,  G06T19/00 ,  G06F15/78 ,  G02B27/01 ,  H04L9/40

CPC classification number: G06F12/1408 ,  G02B27/017 ,  G06F12/1081 ,  G06F15/7807 ,  G06T19/006 ,  H04L63/0435

Abstract: This disclosure describes system on a chip (SOC) communications that prevent direct memory access (DMA) attacks. An example SoC includes an encryption engine and a security processor. The encryption engine is configured to encrypt raw input data using a cipher key to form an encrypted payload. The security processor is configured to select the cipher key from a key store holding a plurality of cipher keys based on a channel ID describing a {source subsystem, destination subsystem} tuple for the encrypted payload, to form an encryption header that includes the channel ID, to encapsulate the encrypted payload with the encryption header that includes the channel ID to form a crypto packet, and to transmit the crypto packet to a destination SoC that is external to the SoC.

公开(公告)号：US11637916B2

公开(公告)日：2023-04-25

申请号：US17457599

申请日：2021-12-03

Applicant: Meta Platforms Technologies, LLC

Inventor： Dinesh Patil ,  Wojciech Stefan Powiertowski ,  Neeraj Upasani ,  Sudhir Satpathy

IPC: G06F3/00 ,  H04L69/22 ,  H04L9/40 ,  H04B7/26 ,  H04L45/745 ,  G06F13/28 ,  G06F13/40 ,  G06F21/60 ,  G06F21/79 ,  H04W28/14

Abstract: The disclosure describes wireless communication systems. The wireless communication system includes first memory, second memory, a direct memory access (DMA) controller, an encryption engine in-line between the DMA controller and the second memory, a first microprocessor, and a second microprocessor. The first microprocessor communicates with other systems that generate application data to be wirelessly transmitted. The application data to be wirelessly transmitted is stored in the second memory and programs the DMA controller to transfer packets of the application data to the first memory from the second memory. The encryption engine receives the packets of the application data from the DMA controller, encrypts the packets to generate encrypted application data packets, and outputs the encrypted application data packets for storage to the first memory.

公开(公告)号：US11520707B2

公开(公告)日：2022-12-06

申请号：US16694744

申请日：2019-11-25

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Neeraj Upasani ,  Dinesh Patil

IPC: G06F12/14 ,  G06F12/1081 ,  G06T19/00 ,  G06F15/78 ,  G02B27/01 ,  H04L9/40

Abstract: This disclosure describes system on a chip (SOC) communications that prevent direct memory access (DMA) attacks. An example SoC includes an encryption engine and a security processor. The encryption engine is configured to encrypt raw input data using a cipher key to form an encrypted payload. The security processor is configured to select the cipher key from a key store holding a plurality of cipher keys based on a channel ID describing a {source subsystem, destination subsystem} tuple for the encrypted payload, to form an encryption header that includes the channel ID, to encapsulate the encrypted payload with the encryption header that includes the channel ID to form a crypto packet, and to transmit the crypto packet to a destination SoC that is external to the SoC.

公开(公告)号：US11777711B1

公开(公告)日：2023-10-03

申请号：US17663995

申请日：2022-05-18

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski

IPC: H04L9/06 ,  G06F21/60 ,  H04L9/08 ,  G06F1/32

CPC classification number: H04L9/0631 ,  G06F21/602 ,  H04L9/088 ,  G06F1/32 ,  H04L2209/122 ,  H04L2209/24

Abstract: A system on a chip (SoC) includes a security processor configured to determine that a first channel ID describing a {source, destination} tuple for a crypto packet matches a second channel ID describing a corresponding {source, destination} tuple for a preceding crypto packet received immediately prior to the crypto packet. The SoC also includes a decryption engine configured to, responsive to the determination that the first channel ID matches the second channel ID: obtain a set of round keys applied to perform an add round key computational stage of a previous decryption datapath used to decrypt a preceding cipher text block obtained from the preceding crypto packet, and to reuse the set of round keys to perform a corresponding add round key computational stage of a current decryption datapath used to decrypt a cipher text block obtained from the crypto packet.

公开(公告)号：US11599680B2

公开(公告)日：2023-03-07

申请号：US16721701

申请日：2019-12-19

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy

IPC: G06F21/75 ,  G06F15/78 ,  G06T19/00 ,  H04N13/332

Abstract: A system on a chip (SoC) includes a security processor configured to form a Boolean mask, to form a shifted-row Boolean mask from the Boolean mask, and to add the shifted-row Boolean mask to cipher text to form Boolean-masked cipher text. The SoC includes a decryption engine configured to apply a shift rows operation to the Boolean-masked cipher text to form byte-aligned Boolean-masked cipher text, to apply a product of the Boolean mask and a multiplicative mask to the byte-aligned Boolean-masked cipher text to form multiplicatively masked cipher text, to perform an inverse byte substitution operation on the multiplicatively masked cipher text by applying a product of the Boolean mask and an inverse of the multiplicative mask to the multiplicatively masked cipher text to form Boolean-masked intermediate data, and to apply mix columns logic to the Boolean-masked intermediate data to form byte-shifted Boolean-masked output data.

公开(公告)号：US20250071293A1

公开(公告)日：2025-02-27

申请号：US18809248

申请日：2024-08-19

Applicant: Meta Platforms Technologies, LLC

Inventor： Richard Webb ,  Richa Aggarwal ,  Richard Lawrence Greene ,  Morgyn Taylor ,  Jumnit Hong ,  Sudhir Satpathy ,  Raul Gutierrez ,  Nivedita Gaur

IPC: H04N19/156 ,  H04N19/176 ,  H04N19/182 ,  H04N19/42

Abstract: A computer-implemented method for transport adaptive range packing may include (i) buffering a lane of pixel data, wherein the lane comprises a collection of pixel array tiles, (ii) analyzing the lane of pixel data for sparse data and determining, based on the analysis, whether a lossless compression of the lane would be smaller than a predetermined threshold, (iii) performing lossless compression on the lane of pixel data if a result of the lossless compression would take up less space than the predetermined threshold of space, and (iv) performing lossy compression on the lane of pixel data if a result of the lossless compression would take up more space than the predetermined threshold of space. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US12010205B2

公开(公告)日：2024-06-11

申请号：US17498560

申请日：2021-10-11

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy

IPC: H04L9/00 ,  G06F3/14 ,  G06F21/76 ,  H04L9/06 ,  G06F21/75

CPC classification number: H04L9/003 ,  G06F3/14 ,  G06F21/76 ,  H04L9/0631 ,  G06F21/755

Abstract: Encryption engines shuffle data segments during encryption and/or decryption, thereby obtaining a random permutation of the data segments to be used during encryption and/or decryption. By shuffling the data during encryption/decryption and using the resulting random permutation for encryption/decryption, the encryption engines obfuscate the power consumption information that attackers might access as part of an SCA. In some examples, the encryption engines perform intra-round shuffling of the input data within a reduced-sized encryption datapath configured to iteratively compute a portion of an encrypted block of data.

公开(公告)号：US11941131B1

公开(公告)日：2024-03-26

申请号：US17248883

申请日：2021-02-11

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Nagendra Gupta Modadugu ,  Neeraj Upasani

IPC: G06F21/60 ,  G06F1/16 ,  G06F3/01 ,  G06F15/78 ,  G06F21/10 ,  G06F21/64 ,  G06F21/79 ,  G06T19/00

CPC classification number: G06F21/602 ,  G06F1/163 ,  G06F3/012 ,  G06F15/7807 ,  G06F21/64 ,  G06F21/79 ,  G06T19/006 ,  G06F21/107

Abstract: An example method for execution on a system on a chip (SoC) having a plurality of subsystems includes receiving, by a storage controller from a subsystem of the plurality of subsystems, a command to fetch, from a local memory, task descriptor data comprising access parameters for accessing a storage device, the access parameters including a storage device address; obtaining, by an encryption engine of the SoC, the command to fetch the task descriptor data; determining, by the encryption engine based on an access rule, whether the subsystem has sufficient privilege to access the storage device address; in response to determining that the subsystem has sufficient privilege to access the storage device, encrypting, source data in the local memory according to an encryption key associated with the subsystem; and providing the encrypted source data to the storage controller for writing to the storage device at the storage device address.

公开(公告)号：US11755747B2

公开(公告)日：2023-09-12

申请号：US17248886

申请日：2021-02-11

Applicant: Meta Platforms Technologies, LLC

Inventor： Sudhir Satpathy ,  Wojciech Stefan Powiertowski ,  Nagendra Gupta Modadugu ,  Neeraj Upasani

IPC: G06F21/60 ,  G06F21/64 ,  G06F21/79 ,  G06F13/28 ,  G06F3/01 ,  G06F15/78

CPC classification number: G06F21/602 ,  G06F3/012 ,  G06F13/28 ,  G06F15/7807 ,  G06F21/64 ,  G06F21/79 ,  G06F2221/0751

Abstract: An example system on a chip (SoC) includes a security processor configured to store a plurality of key-pairs associated with subsystems of the SoC to a key vault; and an encryption engine configured to: determine a first tweak value based on a first sector address of a storage device; encrypt the first tweak value according to the second key of the key-pair associated with a subsystem; encrypt a first portion of the source data according to a first key of the key-pair and the encrypted first tweak value; determine a second tweak value based on a second sector address of the storage device and encrypt the second tweak value according to the second key prior to completing the encryption of the first portion of the source data; and encrypt a second portion of the source data according to the first key and the encrypted second tweak value.