公开(公告)号：US20240106824A1

公开(公告)日：2024-03-28

申请号：US17934774

申请日：2022-09-23

Applicant: QUALCOMM Incorporated

Inventor： Samar ASBE ,  Vijayakumar GOPALAKRISHNAN ,  Ai LI

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/101 ,  H04L63/1483

Abstract: Systems and techniques are provided for identity impersonation in access control systems. For example, a process for identity impersonation in access control systems can include: receiving, at a hardware identity impersonator from a first access domain, a request to make a target region accessible to a second access domain; updating a second access domain identity data structure to include an entry corresponding to the first access domain, the entry comprising an address of the target region and a first access domain identifier; receiving, at the hardware identity impersonator from the second access domain, an access request to access the target region, wherein the access request comprises an address and a second access domain identifier of the second access domain; and transmitting, at the hardware identity impersonator based on the access request, the address and the first access domain identifier to a memory management unit (MMU) of an access control system.

公开(公告)号：US20250061181A1

公开(公告)日：2025-02-20

申请号：US18452209

申请日：2023-08-18

Applicant: QUALCOMM Incorporated

Inventor： Rengarajan RAGAVAN ,  Changjian GAO ,  Samar ASBE ,  Shivaprasad HONGAL ,  Denis POCHUEV ,  Richard Wesley BASS ,  Priyanka DOSI

IPC: G06F21/33 ,  G06F21/57 ,  G06F21/64

Abstract: Systems and techniques are provided for establishing a connection. For instance, a process may include receiving, by a first root of trust (C-ROT) of a first chiplet of a plurality of chiplets from a second C-RoT of a second chiplet, a second certificate along with security state information and debug information for the second chiplet; authenticating a security state and a debug state of the second chiplet based on the security state information and the debug information; authenticating the second certificate; and establishing a security boundary with the second chiplet.

公开(公告)号：US20250097019A1

公开(公告)日：2025-03-20

申请号：US18468666

申请日：2023-09-15

Applicant: QUALCOMM Incorporated

Inventor： Rengarajan RAGAVAN ,  Arun MENON ,  Samar ASBE ,  Aseem BRAHMA ,  Shivaprasad HONGAL ,  Changjian GAO ,  Denis POCHUEV

IPC: H04L9/08 ,  G06F21/72

Abstract: Systems and techniques are provided for establishing a connection. For instance, a process may include receiving, at a first chiplet root of trust (C-ROT) of a first chiplet of a plurality of chiplets, a request for a cryptographic key; generating, by the first C-ROT, the cryptographic key; wrapping, by the first C-ROT, the cryptographic key using a wrapping key to generate a wrapped cryptographic key; outputting, by the first C-ROT, the wrapped cryptographic key; receiving the wrapped cryptographic key at a second C-ROT of a second chiplet of the plurality of chiplets; unwrapping, by the second C-ROT, the wrapped cryptographic key using the wrapping key; and performing, by the second C-ROT, an operation based on the cryptographic key.

公开(公告)号：US20210365557A1

公开(公告)日：2021-11-25

申请号：US16880819

申请日：2020-05-21

Applicant: QUALCOMM Incorporated

Inventor： Jaydeep CHOKSHI ,  Miguel BALLESTEROS ,  Mahadevamurty NEMANI ,  Samar ASBE ,  Girish BHAT ,  Alan YOUNG ,  Victor WONG ,  Steven HALTER

IPC: G06F21/57 ,  G06F21/44 ,  G06F11/36 ,  G06F13/42

Abstract: A method for external access control to protect system-on-chip (SoC) subsystems and stored subsystem assets is described. The method includes sensing, during a cold boot of an SoC hardware system, a debug fuse vector for access to SoC subsystems of an SoC owner and/or third-party subsystems of an SoC hardware architecture. The method also includes disabling access to each SoC subsystem with a blown fuse in the debug fuse vector. The method further includes re-enabling, by a secure root of trust, access to an SoC subsystem and/or a third-party subsystem for an external debugger when authentication of one or more debug certificates of a third-party owner of the external debugger is successful.

公开(公告)号：US20250053659A1

公开(公告)日：2025-02-13

申请号：US18447888

申请日：2023-08-10

Applicant: QUALCOMM Incorporated

Inventor： Samar ASBE ,  Aseem BRAHMA ,  Shivaprasad HONGAL

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/44 ,  H04L9/30

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for booting a device with independent stage keys. In one illustrative example, a computing device can generate a first stage key for a first stage of a current boot operation of the device based on a private key associated with the device. The computing device can authenticate a first firmware of the first stage using a first authentication tag and the first stage key, wherein the first authentication tag is generated during a previous boot operation. computing device can execute the first firmware based on authenticating the first firmware.

公开(公告)号：US20210397714A1

公开(公告)日：2021-12-23

申请号：US16903982

申请日：2020-06-17

Applicant: QUALCOMM INCORPORATED

Inventor： Steven HALTER ,  Samar ASBE ,  Miguel BALLESTEROS ,  Girish BHAT ,  Mahadevamurty NEMANI

IPC: G06F21/57 ,  G06F9/445 ,  G06F9/50 ,  G06F21/62

Abstract: Resource access control in a system-on-chip (“SoC”) may employ an agent executing on a processor of the SoC and a trust management engine of the SoC. The agent, such as, for example, a high-level operating system or a hypervisor, may be configured to allocate a resource comprising a memory region to an access domain and to load a software image associated with the access domain into the memory region. The trust management engine may be configured to lock the resource against access by any entity other than the access domain, to authenticate the software image associated with the access domain, and to initiate booting of the access domain in response to a successful authentication of the software image associated with the access domain.

公开(公告)号：US20190012271A1

公开(公告)日：2019-01-10

申请号：US15641765

申请日：2017-07-05

Applicant: QUALCOMM Incorporated

Inventor： Christophe AVOINNE ,  Samar ASBE ,  Thomas ZENG ,  Jean-Louis TARDIEUX ,  Jeffrey SHABEL ,  Azzedine TOUZNI

IPC: G06F12/14 ,  G06F12/1027 ,  G06F12/1009 ,  G06F1/32

Abstract: One feature pertains to an apparatus that includes a memory circuit, a system memory-management unit (SMMU), and a processing circuit. The memory circuit stores an executable program associated with a client. The SMMU enforces memory access control policies for the memory circuit, and includes a plurality of micro-translation lookaside buffers (micro-TLBs), macro-TLB, and a page walker circuit. The plurality of micro-TLBs include a first micro-TLB that enforces memory access control policies for the client. The processing circuit loads memory address translations associated with the executable program into the first micro-TLB, and initiates isolation mode for the first micro-TLB causing communications between the first micro-TLB and the macro-TLB and between the first micro-TLB and the page walker circuit to be severed. The first micro-TLB continues to enforce memory access control policies for the client while in isolation mode.