公开(公告)号：US20210124818A1

公开(公告)日：2021-04-29

申请号：US16661856

申请日：2019-10-23

Applicant: QUALCOMM Incorporated

Inventor： Baranidharan MUTHUKUMARAN ,  Satish ANAND ,  Mahadevamurty NEMANI ,  Ivan MCLEAN ,  Miguel BALLESTEROS

IPC: G06F21/45 ,  H04L9/08 ,  H04L9/14

Abstract: In illustrative examples described herein, a hardware-based mechanism is provided to prevent brute force attacks on user credentials. In some examples, a throttling policy is added to a hardware key manager to provide timer-based throttling using a secure hardware timer. A register or slot in hardware is used to maintain throttling policy attributes or parameters for tracking a throttle count and a timeout value to be enforced. During a cryptographic wrap operation, a user key is associated with, or bound to, the slot or register. During a subsequent unwrap operation, the hardware key manager then enforces any needed timeouts by throttling user access in response to any incorrect entries based on the throttling policy attributes or parameters maintained in the slot or register. Examples exploiting an always-on battery-backed processing island are also provided. In some examples, throttling is implemented without the use of any secure storage.

公开(公告)号：US20210397714A1

公开(公告)日：2021-12-23

申请号：US16903982

申请日：2020-06-17

Applicant: QUALCOMM INCORPORATED

Inventor： Steven HALTER ,  Samar ASBE ,  Miguel BALLESTEROS ,  Girish BHAT ,  Mahadevamurty NEMANI

IPC: G06F21/57 ,  G06F9/445 ,  G06F9/50 ,  G06F21/62

Abstract: Resource access control in a system-on-chip (“SoC”) may employ an agent executing on a processor of the SoC and a trust management engine of the SoC. The agent, such as, for example, a high-level operating system or a hypervisor, may be configured to allocate a resource comprising a memory region to an access domain and to load a software image associated with the access domain into the memory region. The trust management engine may be configured to lock the resource against access by any entity other than the access domain, to authenticate the software image associated with the access domain, and to initiate booting of the access domain in response to a successful authentication of the software image associated with the access domain.

公开(公告)号：US20210365557A1

公开(公告)日：2021-11-25

申请号：US16880819

申请日：2020-05-21

Applicant: QUALCOMM Incorporated

Inventor： Jaydeep CHOKSHI ,  Miguel BALLESTEROS ,  Mahadevamurty NEMANI ,  Samar ASBE ,  Girish BHAT ,  Alan YOUNG ,  Victor WONG ,  Steven HALTER

IPC: G06F21/57 ,  G06F21/44 ,  G06F11/36 ,  G06F13/42

Abstract: A method for external access control to protect system-on-chip (SoC) subsystems and stored subsystem assets is described. The method includes sensing, during a cold boot of an SoC hardware system, a debug fuse vector for access to SoC subsystems of an SoC owner and/or third-party subsystems of an SoC hardware architecture. The method also includes disabling access to each SoC subsystem with a blown fuse in the debug fuse vector. The method further includes re-enabling, by a secure root of trust, access to an SoC subsystem and/or a third-party subsystem for an external debugger when authentication of one or more debug certificates of a third-party owner of the external debugger is successful.