公开(公告)号：US20230379133A1

公开(公告)日：2023-11-23

申请号：US18131086

申请日：2023-04-05

Applicant: CRYPTOGRAPHY RESEARCH, INC

Inventor： Michael Tunstall ,  Francois Durvaux

IPC: H04L9/00 ,  G06F21/71

CPC classification number: H04L9/003 ,  G06F21/71 ,  H04L2209/046 ,  H04L2209/08

Abstract: A value corresponding to an input for a cryptographic operation may be received. The value may be masked by multiplying the value with a first number modulo a prime number. The cryptographic operation may subsequently be performed on the masked value.

公开(公告)号：US11789625B2

公开(公告)日：2023-10-17

申请号：US17876960

申请日：2022-07-29

Applicant: Cryptography Research, Inc.

Inventor： Benjamin Che-Ming Jun ,  William Craig Rawlings ,  Ambuj Kumar ,  Mark Evan Marson

IPC: G06F3/06 ,  G06F21/71 ,  G06F21/76 ,  G11C17/16 ,  G11C17/18

CPC classification number: G06F3/0637 ,  G06F3/0622 ,  G06F3/0688 ,  G06F21/71 ,  G06F21/76 ,  G11C17/16 ,  G11C17/18

Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

公开(公告)号：US11757617B2

公开(公告)日：2023-09-12

申请号：US17122310

申请日：2020-12-15

Applicant: Cryptography Research, Inc.

Inventor： Sami James Saab ,  Pankaj Rohatgi ,  Craig E. Hampel

IPC: H04L9/00 ,  G06F21/55 ,  G06F9/30 ,  H04L9/08 ,  H04L9/06

CPC classification number: H04L9/002 ,  G06F9/30007 ,  G06F21/556 ,  H04L9/003 ,  H04L9/0822 ,  H04L9/0631 ,  H04L2209/12

Abstract: Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting a state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.

公开(公告)号：US20230161506A1

公开(公告)日：2023-05-25

申请号：US17987092

申请日：2022-11-15

Applicant: Cryptography Research, Inc.

Inventor： Thomas J. THATCHER ,  Bryan Jason WANG

IPC: G06F3/06

CPC classification number: G06F3/0659 ,  G06F3/0604 ,  G06F3/0656 ,  G06F3/0673

Abstract: Multiple (e.g., two) hosts access a single memory channel (and/or device) via a memory controller. The single memory channel/device can support at most one access at a time. To reduce contention between the multiple hosts, the memory controller comprises multiple (e.g., two), independent, host ports. Each host port is associated with a write buffer(s) in the memory controller that stores write data at least until the memory controller writes the data to the memory channel. Data stored in a write buffer may be used to respond to memory access commands (e.g., reads or writes) on the ports without accessing the memory channel. In this manner, the hosts do not directly contend with each other for the single memory channel or the memory controller.

公开(公告)号：US11539535B2

公开(公告)日：2022-12-27

申请号：US16339172

申请日：2017-10-05

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Philippe Alain Martineau ,  Helena Handschuh

IPC: H04L9/32 ,  H04L9/08

Abstract: An encrypted sequence that includes an authentication key may be received. A base key stored at a device may be identified and the encrypted sequence may be decrypted with the base key to obtain the authentication key. A challenge value may be received and the authentication key may be combined with the challenge value to generate a device ephemeral key. An authentication result may be generated for the device based on a combination of the device ephemeral key and the challenge value. Furthermore, the authentication result may be transmitted to a mobile network to authenticate the device.

公开(公告)号：US20220398339A1

公开(公告)日：2022-12-15

申请号：US17834511

申请日：2022-06-07

Applicant: Cryptography Research, Inc.

Inventor： Mark Evan Marson ,  Michael Alexander Hamburg ,  Helena Handschuh

IPC: G06F21/62 ,  G06F12/14

Abstract: Described are implementations directed to protecting secret data against adversarial attacks by obfuscating the secret data during storage and communication. Obfuscation techniques include, among other things, splitting secret data into a plurality of portions, performing rotation of secret data, splitting secret data into a plurality of shares, modifying shares of secret data in view of the values of the shares, and various other protection mechanisms.

公开(公告)号：US11522669B2

公开(公告)日：2022-12-06

申请号：US17042006

申请日：2019-03-26

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Tunstall

IPC: H04L9/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

Abstract: Aspects of the present disclosure involves receiving an input message, generating a first random value that is used to blind the input message input message to prevent a side-channel analysis (SCA) attack, computing a second random value using the first random value and a factor used to compute the Montgomery form of a blinded input message without performing an explicit Montgomery conversion of the input message, and computing a signature using Montgomery multiplication, of the first random value and the second random value, wherein the signature is resistant to the SCA attack.

公开(公告)号：US20220382874A1

公开(公告)日：2022-12-01

申请号：US17650544

申请日：2022-02-10

Applicant: Cryptography Research, Inc.

Inventor： Ambuj KUMAR

IPC: G06F21/57 ,  G06F21/51 ,  G06F9/4401 ,  G06F21/44 ,  H04L9/32

Abstract: A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.

公开(公告)号：US11386236B2

公开(公告)日：2022-07-12

申请号：US16427636

申请日：2019-05-31

Applicant: Cryptography Research, Inc.

Inventor： Andrew John Leiserson ,  Mark Evan Marson ,  Megan Anneke Wachs

IPC: G06F21/72 ,  G06F21/71 ,  G06F21/75 ,  H04L9/00

Abstract: A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

公开(公告)号：US11310227B2

公开(公告)日：2022-04-19

申请号：US16804555

申请日：2020-02-28

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L67/60 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33 ,  H04W12/30 ,  H04W12/0431

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.