公开(公告)号：US20150365404A1

公开(公告)日：2015-12-17

申请号：US14833929

申请日：2015-08-24

Applicant: Broadcom Corporation

Inventor： Mark BUER

IPC: H04L29/06

CPC classification number: H04L63/0853 ,  G06Q20/341 ,  G06Q20/40975 ,  G07F7/1008 ,  H04L63/0876

Abstract: Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.

Abstract translation: 提供了用于绑定智能卡和智能卡读取器的系统和方法。 智能卡是用于存储在传统交易中使用的第一组凭证的准备，例如在实体零售商店和第二套凭证，以便在使用与用户相关联的智能卡读卡器 线交易。 用户智能卡读取器通过加密地认证与智能卡读取器相关联的安全处理器来向智能卡发行者服务器注册。 作为注册的结果，安全处理器获得与第二组凭证相关联的一组私钥。 当接收到通过用户的智能卡读取器授权交易的请求时，智能卡读取器使用与用于授权交易的凭证相关联的私钥对智能卡进行加密认证。

公开(公告)号：US20150237608A1

公开(公告)日：2015-08-20

申请号：US14706515

申请日：2015-05-07

Applicant: BROADCOM CORPORATION

Inventor： Mark BUER ,  Thomas QUIGLEY ,  Alexander G. MACINNIS ,  Arya BEHZAD ,  Jeyhan KARAOGUZ ,  John WALLEY

IPC: H04W72/04 ,  H04W40/24 ,  H04W84/18

CPC classification number: H04W72/042 ,  H04L12/5691 ,  H04L47/824 ,  H04L67/16 ,  H04W40/246 ,  H04W48/18 ,  H04W72/04 ,  H04W84/18

Abstract: A wireless mobile communication (WMC) device may discover available networks, and available local and/or remote resources. The WMC device may configure routes utilizing one or more of discovered resources and one or more available networks. The routes may be utilized to performed operations requested via the WMC device. A standardized language and/or protocol may be utilized in discovering and/or communicating with available resources and/or networks. The standardized language and/or protocol may enable commonality among the discovered networks and/or resources, and encryption of data communicated through the established routes. The standardized language and/or protocol may be updated and/or modified to incorporate new resources either by direct interactions between the new resources and the WMC device, or via existing available resources and/or networks. The discovery of resources and/or establishment of routes may be user-triggered, or it may be based on user preference information.

Abstract translation: 无线移动通信（WMC）设备可以发现可用的网络，以及可用的本地和/或远程资源。 WMC设备可以使用发现的资源和一个或多个可用网络中的一个或多个来配置路由。 这些路由可以用于执行通过WMC设备请求的操作。 可以使用标准化语言和/或协议来发现和/或与可用资源和/或网络进行通信。 标准化语言和/或协议可以实现所发现的网络和/或资源之间的共同性，以及通过建立的路由传递的数据的加密。 标准化语言和/或协议可以被更新和/或修改以通过新资源和WMC设备之间的直接交互，或者通过现有的可用资源和/或网络来引入新的资源。 资源的发现和/或建立路由可以是用户触发的，或者可以基于用户偏好信息。

公开(公告)号：US20150195276A1

公开(公告)日：2015-07-09

申请号：US14667202

申请日：2015-03-24

Applicant: Broadcom Corporation

Inventor： Mark BUER ,  Douglas ALLEN

IPC: H04L29/06

CPC classification number: H04L63/0838 ,  G06F21/31 ,  H04L63/0428 ,  H04L63/083 ,  H04L63/0853

Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages standard TPM keys.

Abstract translation: 诸如TPM之类的安全处理器生成用于向服务提供商认证通信设备的一次性密码。 在一些实施例中，TPM维护一次密码数据并且在与TPM相关联的安全边界内执行一次密码算法。 在一些实施例中，TPM以与管理标准TPM密钥相同的方式生成一次密码数据结构和相关联的父密钥并管理父密钥。

公开(公告)号：US20150137340A1

公开(公告)日：2015-05-21

申请号：US14540678

申请日：2014-11-13

Applicant: Broadcom Corporation

Inventor： Mark BUER ,  Matthew KAUFMANN

IPC: H01L23/00 ,  H01L23/04

CPC classification number: H01L23/573 ,  G06F21/87 ,  G06F2221/2143 ,  H01L23/04 ,  H01L23/16 ,  H01L23/3128 ,  H01L23/576 ,  H01L24/06 ,  H01L24/17 ,  H01L24/48 ,  H01L24/49 ,  H01L24/81 ,  H01L2224/0401 ,  H01L2224/05554 ,  H01L2224/05599 ,  H01L2224/48091 ,  H01L2224/48227 ,  H01L2224/49171 ,  H01L2224/49431 ,  H01L2224/85399 ,  H01L2924/00014 ,  H01L2924/01005 ,  H01L2924/01006 ,  H01L2924/01015 ,  H01L2924/01033 ,  H01L2924/01047 ,  H01L2924/01057 ,  H01L2924/014 ,  H01L2924/14 ,  H01L2924/15311 ,  H01L2924/15331 ,  H01L2924/16195 ,  H01L2924/181 ,  H01L2924/30105 ,  Y10S257/922 ,  H01L2224/45099 ,  H01L2924/00 ,  H01L2924/00012

Abstract: A secure integrated circuit package is provided. The secure integrated circuit package includes a first substrate having an upper surface and a lower surface. A first plurality of solder balls are arranged in a pattern on the lower surface of the first substrate. A die is coupled to the upper surface of the first substrate. A second plurality of solder balls is coupled to the upper surface of the substrate and arranged in a ring surrounding the die. A mesh substrate including a mesh protection grid is coupled to the second plurality of solder balls.

Abstract translation: 提供了一个安全的集成电路封装。 安全集成电路封装包括具有上表面和下表面的第一基板。 第一多个焊球以图案布置在第一基板的下表面上。 模具耦合到第一基板的上表面。 第二多个焊球联接到基板的上表面并且布置在围绕模具的环中。 包括网格保护网格的网格基板耦合到第二多个焊球。

公开(公告)号：US20140035136A1

公开(公告)日：2014-02-06

申请号：US13925673

申请日：2013-06-24

Applicant: Broadcom Corporation

Inventor： Mark BUER ,  Matthew Kaufmann

IPC: H01L23/00

CPC classification number: H01L23/573 ,  G06F21/87 ,  G06F2221/2143 ,  H01L23/04 ,  H01L23/16 ,  H01L23/3128 ,  H01L23/576 ,  H01L24/06 ,  H01L24/17 ,  H01L24/48 ,  H01L24/49 ,  H01L24/81 ,  H01L2224/0401 ,  H01L2224/05554 ,  H01L2224/05599 ,  H01L2224/48091 ,  H01L2224/48227 ,  H01L2224/49171 ,  H01L2224/49431 ,  H01L2224/85399 ,  H01L2924/00014 ,  H01L2924/01005 ,  H01L2924/01006 ,  H01L2924/01015 ,  H01L2924/01033 ,  H01L2924/01047 ,  H01L2924/01057 ,  H01L2924/014 ,  H01L2924/14 ,  H01L2924/15311 ,  H01L2924/15331 ,  H01L2924/16195 ,  H01L2924/181 ,  H01L2924/30105 ,  Y10S257/922 ,  H01L2224/45099 ,  H01L2924/00 ,  H01L2924/00012

Abstract: Systems and methods for embedded tamper mesh protection are provided. The embedded tamper mesh includes a series of protection bond wires surrounding bond wires carrying sensitive signals. The protection bond wires are positioned to be vertically higher than the signal bond wires. The protection wires may be bonded to outer contacts on the substrate while the signal bond wires are bonded to inner contacts, thereby creating a bond wire cage around the signal wires. Methods and systems for providing package level protection are also provided. An exemplary secure package includes a substrate having multiple contacts surrounding a die disposed on an upper surface of the substrate. A mesh die including a series of mesh die pads is coupled to the upper surface of the die. Bond wires are coupled from the mesh die pads to contacts on the substrate thereby creating a bond wire cage surrounding the die.

Abstract translation: 提供嵌入式篡改网格保护的系统和方法。 嵌入式篡改网格包括一系列保护接合线，包括携带敏感信号的接合线。 保护接合线定位成垂直于信号接合线。 保护线可以结合到衬底上的外触点，同时将信号接合线结合到内触点，从而在信号线周围产生接合线笼。 还提供了用于提供封装级保护的方法和系统。 示例性的安全封装包括具有围绕设置在基板的上表面上的管芯的多个触点的基板。 包括一系列网眼模片的网眼模具联接到模具的上表面。 键合线从网状裸片焊盘耦合到衬底上的触点，从而形成围绕裸片的接合线笼。

公开(公告)号：US20130230165A1

公开(公告)日：2013-09-05

申请号：US13853880

申请日：2013-03-29

Applicant: BROADCOM CORPORATION

Inventor： Mark BUER ,  Zheng QI

IPC: H04L9/08

CPC classification number: H04L63/0428 ,  G06F21/602 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/061

Abstract: A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE.

Abstract translation: 本文描述了用于数据的密码处理的用于安全和可扩展的密钥管理的方法和系统。 在该方法中，通用密码引擎（GPE）通过密钥服务器的安全通道接收密钥资料，并将接收到的密钥加密密钥（KEK）和/或纯文本密钥存储在安全密钥缓存中。 当从主机接收到加密处理数据块的请求时，请求实体使用包含在请求中的认证标签进行认证。 如果认证成功，则GPE检索明文密钥或使用KEK生成明文密文，使用明文密钥对数据进行加密处理，并发送处理后的数据。 该系统包括安全地向主机提供加密密钥和/或密钥句柄的密钥服务器以及GPE的密钥加密密钥和/或明文密钥。