公开(公告)号：US20060027898A1

公开(公告)日：2006-02-09

申请号：US11159571

申请日：2005-06-21

申请人： Mark Buer

发明人： Mark Buer

IPC分类号： H01L29/06

CPC分类号： G06K9/0002

摘要： A sensor is implemented in an integrated circuit. The sensor includes one or more sensor pads that are provided at or near a surface of the integrated circuit. One or more integrated circuit components such as a sense amplifier are provided in the integrated circuit die adjacent the sensor pads. One or more other components are provided in the integrated circuit die adjacent the sensor pads.

摘要翻译： 传感器在集成电路中实现。 传感器包括设置在集成电路的表面处或附近的一个或多个传感器焊盘。 在与传感器焊盘相邻的集成电路管芯中设置有诸如读出放大器的一个或多个集成电路部件。 在与传感器焊盘相邻的集成电路管芯中提供一个或多个其它部件。

公开(公告)号：US20050060485A1

公开(公告)日：2005-03-17

申请号：US10899815

申请日：2004-07-27

申请人： Mark Buer

发明人： Mark Buer

IPC分类号： G06F12/06 ,  G06F12/14 ,  G06F21/00 ,  G06F12/00

CPC分类号： G06F21/73 ,  G06F12/06 ,  G06F12/1466 ,  G06F21/6209 ,  Y02D10/13

摘要： One or more methods and/or systems of utilizing a memory external to an integrated circuit chip are presented. In one embodiment, the system comprises an integrated circuit containing a logic circuitry, a one time programmable memory, a control processor, and a data interface. In one embodiment, a method of storing data into a memory comprises programming one or more bits of a one time programmable memory, generating an identifier from the integrated circuit chip, and using the identifier to store data within the memory.

摘要翻译： 提出了利用集成电路芯片外部的存储器的一个或多个方法和/或系统。 在一个实施例中，该系统包括包含逻辑电路，一次可编程存储器，控制处理器和数据接口的集成电路。 在一个实施例中，将数据存储到存储器中的方法包括对一次可编程存储器的一个或多个位进行编程，从集成电路芯片生成标识符，并使用标识符将数据存储在存储器内。

公开(公告)号：US09747472B2

公开(公告)日：2017-08-29

申请号：US12210013

申请日：2008-09-12

申请人： Mark Buer

发明人： Mark Buer

IPC分类号： G06F21/00 ,  G06F21/86 ,  H01L23/00

CPC分类号： G06F21/86 ,  G06F2221/2101 ,  H01L23/576 ,  H01L2924/0002 ,  H01L2924/00

摘要： A mesh grid protection system is provided. The protection system includes a plurality of grid lines forming a mesh grid proximate to operational logic. The protection system also includes tamper-detection logic coupled to the plurality of grid lines and configured to toggle a polarity of a signal on at least one grid line at each clock cycle and to detect attempts to access the operational logic by comparing a reference signal driving a first end of a grid line to a signal at the opposite end of the grid line.

公开(公告)号：US08806616B2

公开(公告)日：2014-08-12

申请号：US13617818

申请日：2012-09-14

申请人： Mark Buer ,  Ed Frank ,  Nambi Seshadri

发明人： Mark Buer ,  Ed Frank ,  Nambi Seshadri

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F21/35 ,  G06Q20/327 ,  G07C9/00007 ,  H04L9/32 ,  H04L63/0492 ,  H04L63/0807 ,  H04L63/0853 ,  H04L63/0861 ,  H04L2209/805 ,  H04W4/021 ,  H04W4/80

摘要： An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token.

摘要翻译： 只有当分配给用户的无线令牌处于计算设备附近时，才可以向授权用户提供对服务的访问。 用户的证书可以存储在RFID令牌上，并且可以在计算设备上的安全边界内实现RFID读取器。 因此，凭证可以被传递到安全边界，而不经由软件消息或应用程序通过计算设备。 可以部分地通过将RFID读取器结合到与密码处理部件相同的芯片上来提供安全边界。 一旦RFID读取器接收到信息，它可以在芯片内进行加密。 因此，信息可能永远不会出现在芯片外面。 加密处理组件可以对从令牌接收到的凭证进行密码加密/签名。

公开(公告)号：US08689290B2

公开(公告)日：2014-04-01

申请号：US13367293

申请日：2012-02-06

申请人： Mark Buer

发明人： Mark Buer

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04L9/32 ,  H04L9/3226 ,  H04L9/3234 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/126

摘要： Systems and methods for securing a credential generated by or stored in an authentication token during an attempt to access a service, application, or resource are provided. A secure processor receives a credential from an authentication token and securely stores the credential. The secure processor then verifies the identity of the individual attempting to use the authentication token and cryptographically verifies the identity of the server being accessed. The credential is only released for transmission to the server if both the identity of the individual and the identity of the server are successfully verified. Alternatively, a secure connection is established between the secure processor and the server being accessed and a secure connection is established between the secure processor and a computing device. The establishment of the secure connections verifies the identity of the server. After the secure connections are established, the identity of the user is verified.

摘要翻译： 提供了在尝试访问服务，应用或资源期间确保由认证令牌生成或存储在认证令牌中的证书的系统和方法。 安全处理器从认证令牌接收凭证并安全地存储证书。 然后，安全处理器验证尝试使用认证令牌的个体的身份，并且密码地验证被访问的服务器的身份。 如果个人的身份和服务器的身份均已成功验证，则凭据仅发布给服务器才能传输。 或者，在安全处理器和被访问的服务器之间建立安全连接，并且在安全处理器和计算设备之间建立安全连接。 安全连接的建立验证服务器的身份。 建立安全连接后，验证用户的身份。

公开(公告)号：US08615663B2

公开(公告)日：2013-12-24

申请号：US11785389

申请日：2007-04-17

申请人： Mark Buer

发明人： Mark Buer

IPC分类号： H04L9/00

CPC分类号： H04L63/0861 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/3231 ,  H04L63/0823 ,  H04L2209/805

摘要： Systems and methods for secure remote biometric authentication are provided. A network-based biometric authentication platform stores biometric templates for individuals which have been securely enrolled with the authentication platform. A plurality of sensor platforms separately establishes secure communications with the biometric authentication platform. The sensor platform can perform a biometric scan of an individual and generate a biometric authentication template. The sensor platform then requests biometric authentication of the individual by the biometric authentication platform via the established secure communications. The biometric authentication platform compares the generated biometric template to one or more of the enrolled biometric templates stored in memory at the biometric authentication platform. The result of the authentication is then communicated to the requesting sensor platform via the established secure communications.

摘要翻译： 提供了用于安全远程生物认证的系统和方法。 基于网络的生物识别认证平台为已经安全地注册认证平台的个人存储生物识别模板。 多个传感器平台分别建立与生物特征认证平台的安全通信。 传感器平台可以执行个体的生物特征扫描，并生成生物识别模板。 然后，传感器平台通过所建立的安全通信由生物认证平台请求个人的生物特征认证。 生物特征认证平台将生成的生物特征模板与存储在生物认证平台的存储器中的一个或多个登记的生物特征模板进行比较。 然后通过建立的安全通信将认证的结果传送到请求传感器平台。

公开(公告)号：US08468361B2

公开(公告)日：2013-06-18

申请号：US11524508

申请日：2006-09-21

申请人： Mark Buer ,  Douglas Allen

发明人： Mark Buer ,  Douglas Allen

IPC分类号： H04L9/00

CPC分类号： H04L63/0838 ,  G06F21/31 ,  H04L63/0428 ,  H04L63/083 ,  H04L63/0853

摘要： A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages standard TPM keys.

公开(公告)号：US20120256305A1

公开(公告)日：2012-10-11

申请号：US13250624

申请日：2011-09-30

申请人： Matthew Kaufmann ,  Mark Buer ,  Reza Sharifi

发明人： Matthew Kaufmann ,  Mark Buer ,  Reza Sharifi

IPC分类号： H01L23/52

CPC分类号： H01L24/49 ,  G06F21/87 ,  H01L23/573 ,  H01L23/576 ,  H01L24/06 ,  H01L24/16 ,  H01L24/48 ,  H01L24/73 ,  H01L2224/0401 ,  H01L2224/05554 ,  H01L2224/05599 ,  H01L2224/16225 ,  H01L2224/32225 ,  H01L2224/48091 ,  H01L2224/48227 ,  H01L2224/49171 ,  H01L2224/49431 ,  H01L2224/73265 ,  H01L2224/85399 ,  H01L2924/00014 ,  H01L2924/01005 ,  H01L2924/01015 ,  H01L2924/01033 ,  H01L2924/01047 ,  H01L2924/01057 ,  H01L2924/014 ,  H01L2924/14 ,  H01L2924/15311 ,  H01L2924/15331 ,  H01L2924/16195 ,  H01L2924/181 ,  H01L2924/19107 ,  H01L2924/30105 ,  H01L2224/45099 ,  H01L2924/00 ,  H01L2924/00012

摘要： Embodiments of an integrated circuit package security fence are provided. The integrated circuit package includes a substrate, a die, and a security fence coupled to the substrate such that the die is located between the security fence and the substrate. The security fence includes a first signal net having a plurality of bonding wires and a second signal net having a second plurality of bonding wires. The bonding wires of the first signal net and second signal net are arranged in a pattern to overlap the top surface of die. The die may include tamper detection logic to detect attempt to access the die through the security fence.

摘要翻译： 提供集成电路封装安全栅栏的实施例。 集成电路封装包括衬底，管芯和耦合到衬底的安全栅栏，使得管芯位于安全栅栏和衬底之间。 安全围栏包括具有多个接合线的第一信号网和具有第二多个接合线的第二信号网。 第一信号网和第二信号网的接合线布置成与模具的顶表面重叠的图案。 芯片可以包括篡改检测逻辑，以检测通过安全栅栏访问裸片的尝试。

公开(公告)号：US08086844B2

公开(公告)日：2011-12-27

申请号：US10452792

申请日：2003-06-03

申请人： Mark Buer ,  Pradeep Dubey

发明人： Mark Buer ,  Pradeep Dubey

IPC分类号： H04L29/06 ,  H04L9/00

CPC分类号： H04L63/0428 ,  G06F21/57 ,  G06F21/629 ,  G06F2221/2107 ,  G06F2221/2153 ,  H04L63/166

摘要： An online trusted platform module (TPM) in communication with a security module that can be located elsewhere in the network in a server machine. In an embodiment, the online TPM is connected directly to a network interface card (NIC) that is also resident at the client. This allows the online TPM to communicate directly to the network, and therefore to the security module (without having to deal with the TCP/IP stack at the client machine in some circumstances, e.g., the boot process). In an embodiment, the communications channel between the online TPM and the security module is implemented using the transport layer security (TLS) protocol. A secure boot process is performed in advance of security processing. Typical security processing includes receipt, by the online TPM, of one or more commands from an application. The online TPM then proxies out the commands to the security module. After the security module has completed its processing of the commands, results of the processing and any related status information is returned to the online TPM.

摘要翻译： 与可以位于服务器机器中的网络中的其他位置的安全模块通信的在线可信平台模块（TPM）。 在一个实施例中，在线TPM直接连接到也驻留在客户端的网络接口卡（NIC）。 这允许在线TPM直接与网络通信，并因此与安全模块进行通信（在某些情况下，例如引导过程，无需处理客户端机器上的TCP / IP堆栈）。 在一个实施例中，使用传输层安全（TLS）协议来实现在线TPM和安全模块之间的通信信道。 在安全处理之前执行安全引导过程。 典型的安全处理包括在线TPM从应用程序接收一个或多个命令。 在线TPM然后代理安全模块的命令。 在安全模块完成对命令的处理之后，处理结果和任何相关状态信息返回到在线TPM。

公开(公告)号：US07853691B2

公开(公告)日：2010-12-14

申请号：US11934257

申请日：2007-11-02

申请人： Uri Elzur ,  Bora Akyol ,  Zheng Qi ,  Mark Buer ,  Ford Tamer ,  Yongbum Kim

发明人： Uri Elzur ,  Bora Akyol ,  Zheng Qi ,  Mark Buer ,  Ford Tamer ,  Yongbum Kim

IPC分类号： G06F15/173 ,  G06F15/16 ,  G06F7/04 ,  H04L9/08

CPC分类号： H04L63/0464 ,  H04L63/162 ,  H04L63/164 ,  H04L69/08

摘要： Aspects of a method and system for securing a network utilizing IPsec and MACsec protocols are provided. In one or more network nodes, aspects of the invention may enable conversion between Ethernet packets comprising payloads secured utilizing IPsec protocols and Ethernet packets secured utilizing MACsec protocols. For example, IPsec connections may be terminated at an ingress network node and IPsec connections may be regenerated at an egress network node. Packets secured utilizing MACsec protocols may be detected based on an Ethertype. Packets comprising payloads secured utilizing IPsec protocols may be detected based on a protocol field or a next header field. The conversion may be based on a data structure stored by and/or accessible to the network nodes. Aspects of the invention may enable securing data utilizing MACsec protocols when tunneling IPsec secured data through non-IPsec enabled nodes.

摘要翻译： 提供了使用IPsec和MACsec协议来保护网络的方法和系统的方面。 在一个或多个网络节点中，本发明的方面可以实现包括使用IPsec协议保护的有效载荷的以太网分组和利用MACsec协议来保护的以太网分组之间的转换。 例如，可以在入口网络节点处终止IPsec连接，并且可以在出口网络节点处重新生成IPsec连接。 使用MACsec协议保护的数据包可以基于以太网类型进行检测。 可以基于协议字段或下一个报头字段来检测包括利用IPsec协议保护的有效载荷的分组。 该转换可以基于由网络节点存储和/或可访问的数据结构。 当通过非启用IPsec的节点隧道化IPsec安全数据时，本发明的各方面可以实现利用MACsec协议来保护数据。