公开(公告)号：US20150113258A1

公开(公告)日：2015-04-23

申请号：US14058784

申请日：2013-10-21

Applicant: Cisco Technology, Inc.

Inventor： Anthony H. Grieco ,  Chirag Shroff

IPC: G06F21/57

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: A trusted processor is pre-booted using a secure pre-boot loader integrated with the trusted processor. The trusted processor verifies whether an external boot loader is valid, and when valid, the trusted processor is booted using the external boot loader, thereby enabling trusted operation of the trusted processor. The trusted processor verifies whether a firmware image for a field programmable device is valid, and when valid, a firmware image loading process for the field programmable device is triggered. When the firmware image loading process is triggered, the firmware image is loaded into the field programmable device and the field programmable device is released to execute of the firmware image. The field programmable device verifies whether an external boot loader for an untrusted processor is valid, and when valid, the untrusted processor is booted using the external boot loader for the untrusted processor, thereby enabling trusted operation of the untrusted processor.

Abstract translation: 可信处理器使用与可信处理器集成的安全预引导加载程序进行预引导。 受信任的处理器验证外部引导加载程序是否有效，并且当有效时，使用外部引导加载程序引导可信处理器，从而使可信处理器的可信操作。 受信任的处理器验证现场可编程设备的固件映像是否有效，并且当有效时，触发现场可编程设备的固件映像加载过程。 当固件图像加载过程被触发时，固件图像被加载到现场可编程设备中，现场可编程设备被释放以执行固件图像。 现场可编程设备验证用于不受信任的处理器的外部引导加载程序是否有效，并且当有效时，使用不可信处理器的外部引导加载程序引导不可信处理器，从而实现不受信任的处理器的可信操作。

公开(公告)号：US12072981B2

公开(公告)日：2024-08-27

申请号：US17335219

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Chirag Shroff ,  David McGrew

IPC: G06F21/57 ,  H04L9/08

CPC classification number: G06F21/57 ,  H04L9/0869 ,  G06F2221/034

Abstract: According to certain embodiments, a method performed by a trust anchor comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with a hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and receiving a response encrypted using the random value (K). The response is received from the hardware component. The method further comprise encrypting a schema using the random value (K) and sending the encrypted schema to the hardware component. The schema indicates functionality that the hardware component is authorized to enable.

公开(公告)号：US20220382866A1

公开(公告)日：2022-12-01

申请号：US17335156

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Chirag Shroff ,  David McGrew

IPC: G06F21/57 ,  H04L9/08

Abstract: According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

公开(公告)号：US11436333B2

公开(公告)日：2022-09-06

申请号：US16378068

申请日：2019-04-08

Applicant: Cisco Technology, Inc.

Inventor： Chandan Singh ,  Chandrashekar Sodankoor ,  Chirag Shroff ,  Gregory James Waldschmidt

IPC: G06F9/4401 ,  G06F21/57 ,  G06F8/65

Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.

公开(公告)号：US10929807B2

公开(公告)日：2021-02-23

申请号：US15067287

申请日：2016-03-11

Applicant: Cisco Technology, Inc.

Inventor： Chirag Shroff ,  Anthony H. Grieco

IPC: G06Q10/00 ,  G06Q10/08 ,  G06K7/10

Abstract: A method includes modifying a product with a first configuration such that the product is configured in accordance with a second configuration, generating data representative of the second configuration, obtaining a signed version of the data representative of the second configuration, and storing the signed version of the data representative of the second configuration in a wireless read/write accessory that is affixed to the product, wherein the wireless read/write accessory includes a prior signed version of data representative of the first configuration.

公开(公告)号：US10761955B2

公开(公告)日：2020-09-01

申请号：US15891868

申请日：2018-02-08

Applicant: Cisco Technology, Inc.

Inventor： Anthony H. Grieco ,  Chirag Shroff

IPC: G06F21/57 ,  G06F11/30 ,  G06F21/81

Abstract: Techniques are provided for monitoring power consumption for individual systems or devices as a way to detect illicit or rogue hardware, e.g., addition of an unauthorized integrated circuit (IC), which may have been added to an existing system. Techniques include monitoring a power on sequence of a system, the power on sequence including one or more distinct stages, determining for each stage of the one or more distinct stages of the power on sequence, whether an observed power load of any distinct stage has deviated from an expected power load according to a power profile for the system, and when the observed power load of a given distinct stage has deviated from the expected power load, performing an action indicating that a deviation from the expected power load has occurred. The power profile specifies expected power characteristics of the system for each stage of a power on sequence.

公开(公告)号：US20170262792A1

公开(公告)日：2017-09-14

申请号：US15067287

申请日：2016-03-11

Applicant: Cisco Technology, Inc.

Inventor： Chirag Shroff ,  Anthony H. Grieco

IPC: G06Q10/08 ,  G06K7/10

CPC classification number: G06Q10/087 ,  G06K7/10297 ,  G06K7/10366

Abstract: A method includes modifying a product with a first configuration such that the product is configured in accordance with a second configuration, generating data representative of the second configuration, obtaining a signed version of the data representative of the second configuration, and storing the signed version of the data representative of the second configuration in a wireless read/write accessory that is affixed to the product, wherein the wireless read/write accessory includes a prior signed version of data representative of the first configuration.

公开(公告)号：US20170230185A1

公开(公告)日：2017-08-10

申请号：US15386120

申请日：2016-12-21

Applicant: Cisco Technology, Inc.

Inventor： Kannan Varadhan ,  Chirag Shroff ,  Rakesh Chopra

IPC: H04L9/32 ,  H04L9/30 ,  G06F9/445 ,  H04L9/14

CPC classification number: H04L9/3263 ,  G06F8/63 ,  G06F8/65 ,  G06F21/121 ,  G06F21/44 ,  H04L9/14 ,  H04L9/30 ,  H04L63/0823 ,  H04L63/123 ,  H04L63/126

Abstract: In one embodiment, a computing device receives an image that has been signed with a first key, wherein the image includes a first computational value associated with it. A second computational value associated with the image is determined and the image is signed with a second key to produce a signed image that includes both the first and second computational values. Prior to loading the dual-signed image, the computing device attempts to authenticate the dual-signed image using both the first and second computational values, and, if successful, loads and installs the dual-signed image.

公开(公告)号：US20160247002A1

公开(公告)日：2016-08-25

申请号：US14628870

申请日：2015-02-23

Applicant: Cisco Technology, Inc.

Inventor： Anthony H. Grieco ,  Chirag Shroff

IPC: G06F21/86 ,  G06F21/88

CPC classification number: G06F21/86 ,  G06F21/88 ,  G06F2221/2103

Abstract: A trusted guard module stores one or more identifiers, each identifier uniquely identifying a respective electronic component of one or more electronic components in a circuit, wherein each electronic component is previously programmed with its respective identifier. In one embodiment, the one or more electronic components are in communication with the guard module via a test data channel. A query is sent from the guard module to one of the components via the test data channel, requesting that the queried component provide its respective identifier to the guard module. The guard module then receives a response from the queried component via the test data channel. The guard module compares the response to the stored identifier for the queried component. If the response fails to correspond to the stored identifier for the queried component, the guard module asserts an alarm condition.

Abstract translation: 可信保护模块存储一个或多个标识符，每个标识符唯一地标识电路中一个或多个电子部件的相应电子部件，其中每个电子部件预先用其相应的标识符编程。 在一个实施例中，一个或多个电子部件经由测试数据信道与保护模块通信。 通过测试数据通道将查询从保护模块发送到其中一个组件，请求查询的组件将其相应的标识符提供给保护模块。 保护模块然后通过测试数据信道从查询的组件接收响应。 保护模块将响应与所查询的组件的存储标识进行比较。 如果响应不符合被查询组件的存储标识符，则保护模块将发出报警条件。

公开(公告)号：US20240202313A1

公开(公告)日：2024-06-20

申请号：US18084196

申请日：2022-12-19

Applicant: Cisco Technology, Inc.

Inventor： Chandan Singh ,  Ofer Licht ,  Chirag Shroff ,  Srinivas Kothapally

IPC: G06F21/52 ,  G06F21/57

CPC classification number: G06F21/52 ,  G06F21/575 ,  G06F2221/033

Abstract: Techniques and architecture are described to control a debug port access employing the debug image signed offline by a challenge/response mechanism, where the signed image itself is tied to an ECID of a chip together with debug lifecycle information coming from fuses and a hash of a loader being debugged. All these inputs form a nonce (the debug image) that ties the debug image to the hardware being debugged and is restricted to the current debug lifecycle. The cryptographically signed debug image is authenticated by a boot image (or the chip) with a public key in the debug image. The debug image may be expanded to secure maintenance using a secure maintenance blob or “firmware maintenance certificate or nonce.” The secure maintenance blob also includes a natural attribute list of low-level features to be enabled upon verification of the secure maintenance blob.