公开(公告)号：US20220329587A1

公开(公告)日：2022-10-13

申请号：US17722226

申请日：2022-04-15

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L9/40 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33 ,  H04W12/30 ,  H04W12/0431 ,  H04L67/60

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US20200267142A1

公开(公告)日：2020-08-20

申请号：US16804555

申请日：2020-02-28

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/00 ,  G06F21/33 ,  G06F21/73 ,  G06F21/72 ,  G06F21/62 ,  G06F21/60 ,  H04W12/06 ,  H04L29/08

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US10581838B2

公开(公告)日：2020-03-03

申请号：US16004715

申请日：2018-06-11

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US10015164B2

公开(公告)日：2018-07-03

申请号：US14535194

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/0023 ,  H04W12/04031 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.

公开(公告)号：US09923890B2

公开(公告)日：2018-03-20

申请号：US14535197

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.

公开(公告)号：US20160028722A1

公开(公告)日：2016-01-28

申请号：US14871951

申请日：2015-09-30

Applicant: Cryptography Research, Inc.

Inventor： Paul Carl Kocher ,  Benjamin Che-Ming Jun ,  Andrew John Leiserson

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/54 ,  G06F21/71 ,  G06F2221/2101 ,  H04L9/083 ,  H04L9/0897 ,  H04L9/14 ,  H04L9/3247 ,  H04L63/061 ,  H04L63/083

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract translation: 描述了在集成电路中提供安全特征和密钥管理的机制。 一种示例性方法包括：通过根管理系统接收识别影响集成电路的操作的命令的数据，由根授权系统使用根权限密钥来创建命令以创建根签名块（RSB），以及 将RSB提供给集成电路的安全管理器。

公开(公告)号：US20160013939A1

公开(公告)日：2016-01-14

申请号：US14792445

申请日：2015-07-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Benjamin Che-Ming Jun ,  Ambuj Kumar

IPC: H04L9/08

CPC classification number: H04L9/0866 ,  H04L9/003 ,  H04L2209/24

Abstract: A first key associated with a plurality of devices may be received. Furthermore, a second key associated with a single device may be received. The first key associated with the plurality of devices may be modified based on a device identification of the single device. Additionally, a primary key may be generated based on the modified first key and the second key.

Abstract translation: 可以接收与多个设备相关联的第一密钥。 此外，可以接收与单个设备相关联的第二密钥。 可以基于单个设备的设备标识来修改与多个设备相关联的第一密钥。 另外，可以基于修改的第一密钥和第二密钥来生成主密钥。

公开(公告)号：US11895109B2

公开(公告)日：2024-02-06

申请号：US17722226

申请日：2022-04-15

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L9/40 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33 ,  H04W12/30 ,  H04W12/0431 ,  H04L67/60

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  H04L63/0428 ,  H04L63/062 ,  H04L67/60 ,  H04W12/0431 ,  H04W12/06 ,  H04W12/35 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/123

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US10860229B2

公开(公告)日：2020-12-08

申请号：US15512041

申请日：2015-08-31

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Benjamin Che-Ming Jun ,  William Craig Rawlings ,  Ambuj Kumar ,  Mark Evan Marson

IPC: G06F12/00 ,  G06F3/06 ,  G06F21/71 ,  G06F21/76 ,  G11C17/16 ,  G11C17/18

Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

公开(公告)号：US10771448B2

公开(公告)日：2020-09-08

申请号：US13831545

申请日：2013-03-14

Applicant: Cryptography Research, Inc.

Inventor： Paul Carl Kocher ,  Benjamin Che-Ming Jun ,  Andrew John Leiserson

IPC: G07B17/00 ,  H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F21/54 ,  G06F21/71

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.