公开(公告)号：US11200322B2

公开(公告)日：2021-12-14

申请号：US14668676

申请日：2015-03-25

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: G06F21/55 ,  G01K13/00 ,  G06F21/57 ,  G06F21/71 ,  G06F12/14

Abstract: A method of detecting a cold-boot attack on an integrated circuit, including the steps of: periodically sampling a signal delivered by at least one ring oscillator; and verifying that the proportion of states “1” and of states “0” of the result of the sampling is within a range of values.

公开(公告)号：US20170061119A1

公开(公告)日：2017-03-02

申请号：US15056601

申请日：2016-02-29

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: G06F21/52

CPC classification number: G06F21/52 ,  G06F7/723 ,  G06F2207/7219 ,  H04L9/004

Abstract: A method of protecting a modular exponentiation calculation executed by an electronic circuit using a first register and a second register, successively comprising, for each bit of the exponent: a first step of multiplying the content of one of the registers, selected from among the first register and the second register according to the state of the bit of the exponent, by the content of the other one of the first and second registers, placing the result in said one of the registers; a second step of squaring the content of said other one of the registers by placing the result in this other register, wherein the content of said other one of the registers is stored in a third register before the first step and is restored in said other one of the registers before the second step.

Abstract translation: 一种用于使用第一寄存器和第二寄存器来保护由电子电路执行的模幂运算的方法，该方法对于指数的每一位依次包括：第一步，将寄存器中的一个的内容从第一 根据指数的位的状态，通过第一和第二寄存器中的另一个的内容将寄存器和第二寄存器置于所述寄存器的所述一个寄存器中; 通过将结果放置在该另一个寄存器中来平均所述另一个寄存器的内容的第二步骤，其中所述另一个寄存器的内容在第一步骤之前存储在第三寄存器中并在所述另一个寄存器中被恢复 的第二步之前的寄存器。

公开(公告)号：US09558375B2

公开(公告)日：2017-01-31

申请号：US14671019

申请日：2015-03-27

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Pierre-Yvan Liardet ,  Yannick Teglia ,  Jerome Tournemille

IPC: G06F21/75 ,  G06F21/72 ,  H04L9/00

CPC classification number: G06F21/75 ,  G06F21/72 ,  G06F2221/2105 ,  H04L9/004

Abstract: A device includes one or more registers and circuitry. The circuitry subjects a key having a number of bits to a first function which takes a selection value into account, generating a result having a number of bits which is twice the number of bits of the key, and stores the result in the one or more registers. In response to a call for the key, the circuitry subjects the result stored in the one or more registers to a second function which takes the selection value into account to generate a response having a same value as the key.

Abstract translation: 设备包括一个或多个寄存器和电路。 该电路将具有多个比特的密钥作为考虑到选择值的第一功能，产生具有该密钥比特数的两倍的比特数的结果，并将该结果存储在一个或多个 注册 响应于对键的调用，电路对存储在一个或多个寄存器中的结果进行考虑到选择值的第二函数，以产生具有与该键相同的值的响应。

公开(公告)号：US09544130B2

公开(公告)日：2017-01-10

申请号：US14470861

申请日：2014-08-27

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: H04L9/00 ,  H04L9/08

CPC classification number: H04L9/0618 ,  H04L9/002 ,  H04L9/003 ,  H04L9/0869 ,  H04L9/3066

Abstract: A method for protecting a ciphering algorithm executing looped operations on bits of a first quantity and on a first variable initialized by a second quantity, wherein, for each bit of the first quantity, a random number is added to the state of this bit to update a second variable maintained between two thresholds.

Abstract translation: 一种用于保护加密算法对第一数量的比特和由第二数量初始化的第一变量执行循环操作的方法，其中对于第一数量的每个比特，将随机数加到该比特的状态以更新 第二个变量保持在两个阈值之间。

公开(公告)号：US20150356296A1

公开(公告)日：2015-12-10

申请号：US14668676

申请日：2015-03-25

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: G06F21/55 ,  G01K13/00

CPC classification number: G06F21/575 ,  G01K13/00 ,  G06F12/1458 ,  G06F21/554 ,  G06F21/71 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2137

Abstract: A method of detecting a cold-boot attack on an integrated circuit, including the steps of: periodically sampling a signal delivered by at least one ring oscillator; and verifying that the proportion of states “1” and of states “0” of the result of the sampling is within a range of values.

Abstract translation: 一种检测集成电路的冷启动攻击的方法，包括以下步骤：周期性地对由至少一个环形振荡器传送的信号进行采样; 并且验证采样结果的状态“1”和状态“0”的比例在值的范围内。

公开(公告)号：US09710650B2

公开(公告)日：2017-07-18

申请号：US14668692

申请日：2015-03-25

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: G06F21/57 ,  G06F12/14 ,  G06F21/55 ,  G01K13/00 ,  G06F21/71

CPC classification number: G06F21/575 ,  G01K13/00 ,  G06F12/1458 ,  G06F21/554 ,  G06F21/71 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2137

Abstract: A method of detecting a cold-boot attack on an integrated circuit including the steps of: transferring, into a first volatile memory of the integrated circuit, a pattern stored in a non-volatile memory of the circuit; periodically causing a switching down and a switching up of the first volatile memory; and verifying that the number of bits having switched state is within a range of values.

公开(公告)号：US20160188900A1

公开(公告)日：2016-06-30

申请号：US15060159

申请日：2016-03-03

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: G06F21/62 ,  G06F21/56

CPC classification number: G06F21/6218 ,  G06F12/1425 ,  G06F12/1483 ,  G06F21/561 ,  G06F21/566 ,  G06F21/79 ,  G06F2212/1052 ,  G06F2221/034

Abstract: A method for protecting a volatile memory against a virus, wherein: rights of writing, reading, or execution are assigned to certain areas of the memory; and a first list of opcodes authorized or forbidden as a content of the areas is associated with each of these areas.

公开(公告)号：US20140366135A1

公开(公告)日：2014-12-11

申请号：US14299943

申请日：2014-06-09

Applicant: STMICROELECTRONICS (ROUSSET) SAS

Inventor： Yannick Teglia

IPC: G06F21/55

CPC classification number: G06F21/55 ,  G06F7/58 ,  G06F21/556

Abstract: A method for detecting a fault injection in a random number generation circuit, wherein a bit pattern is mixed to a bit stream originating from a noise source and the presence of this pattern is detected in a signal sampled downstream of the mix.

Abstract translation: 一种用于检测随机数生成电路中的故障注入的方法，其中将位模式混合到源自噪声源的比特流，并且在混合下游采样的信号中检测到该模式的存在。

公开(公告)号：US20140079214A1

公开(公告)日：2014-03-20

申请号：US14091153

申请日：2013-11-26

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: H04L9/06

CPC classification number: H04L9/06 ,  H04L9/002 ,  H04L9/065 ,  H04L9/30

Abstract: A method of protecting a circuit from attacks aiming to discover secret data used during the execution of a cryptographic calculation by the circuit, by, executing a transformation calculation implementing a bijective transformation function, receiving as input a secret data, and supplying a transformed data, executing a cryptographic calculation receiving as input a data to process and the transformed data, and executing an inverse transformation calculation receiving as input the result of the cryptographic calculation, and supplying a result that the cryptographic calculation would have supplied if it had been applied to the data to process and directly to the secret data, the data to process belong to a stream of a multiplicity of data, the transformed data being supplied as input to the cryptographic calculation for all the data of the stream.

Abstract translation: 一种保护电路免受攻击的方法，用于发现由电路执行密码计算期间使用的秘密数据，通过执行实现双射变换功能的变换计算，接收作为输入的秘密数据并提供经变换的数据， 执行作为输入接收要处理的数据的加密计算和经变换的数据，并且执行接收作为输入的加密计算的结果的逆变换计算，并且将如果已经应用于加密计算的结果提供给 要处理的数据并直接传送到秘密数据，要处理的数据属于多个数据流，转换的数据作为流的所有数据的密码计算的输入提供。

公开(公告)号：US10229264B2

公开(公告)日：2019-03-12

申请号：US15056601

申请日：2016-02-29

Applicant: STMicroelectronics (Rousset) SAS

Inventor： Yannick Teglia

IPC: G06F21/52 ,  G06F7/72 ,  H04L9/00

Abstract: A method of protecting a modular exponentiation calculation executed by an electronic circuit using a first register and a second register, successively comprising, for each bit of the exponent: a first step of multiplying the content of one of the registers, selected from among the first register and the second register according to the state of the bit of the exponent, by the content of the other one of the first and second registers, placing the result in said one of the registers; a second step of squaring the content of said other one of the registers by placing the result in this other register, wherein the content of said other one of the registers is stored in a third register before the first step and is restored in said other one of the registers before the second step.