公开(公告)号：US10579790B2

公开(公告)日：2020-03-03

申请号：US16015107

申请日：2018-06-21

Applicant: Cryptography Research, Inc.

Inventor： Benjamin Che-Ming Jun ,  Matthew Evan Orzen ,  Joel Patrick Wittenauer ,  Steven C. Woo

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/44

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

公开(公告)号：US20190097999A1

公开(公告)日：2019-03-28

申请号：US16138105

申请日：2018-09-21

Applicant: Cryptography Research Inc.

Inventor： Paul Carl Kocher ,  Benjamin Che-Ming Jun ,  Andrew John Leiserson

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F21/71 ,  G06F21/54

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

公开(公告)号：US10218496B2

公开(公告)日：2019-02-26

申请号：US14808691

申请日：2015-07-24

Applicant: Cryptography Research, Inc.

Inventor： Megan Anneke Wachs ,  Ambuj Kumar ,  Benjamin Che-Ming Jun

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L29/06

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

公开(公告)号：US20180295127A1

公开(公告)日：2018-10-11

申请号：US16004715

申请日：2018-06-11

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04W12/06 ,  G06F21/33 ,  H04L29/08 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US09584509B2

公开(公告)日：2017-02-28

申请号：US14535202

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev ,  Ambuj Kumar

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

Abstract translation: 这里描述的实施例描述了在诸如预先计算（PCD）资产的数据资产的消费和供应中使用的票务系统的技术。 票可以是数字文件或数据，其能够执行使用计数限制和唯一性发放矿石连续发放目标设备参数。 实施时包括通过网络从服务设备接收模块和故障单的密码管理器（CM）系统的电器设备。 该模块是在目标设备的制造生命周期的操作阶段中将数据资产安全地提供给目标设备的应用程序。 该票是允许电器设备执行模块的数字数据。 电器设备验证机票以执行模块。 该模块在执行时会导致一系列操作的安全构造，以将数据资产安全地提供给目标设备。

公开(公告)号：US20150326540A1

公开(公告)日：2015-11-12

申请号：US14535197

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.

Abstract translation: 本文描述的实施例描述了在加密管理器（CM）环境中的目标设备的制造生命周期的操作阶段中的预计算数据（PCD）资产生成和PCD资产到目标设备的安全部署的技术。 一个实现包括根授权（RA）设备，其接收用于为目标设备生成唯一PCD资产的第一命令。 作为响应，RA设备生成PCD资产并打包PCD资产以将PCD资产的安全部署到目标设备并由目标设备专用。 RA设备将包装的PCD资产部署到CM系统中，用于目标设备的识别和跟踪。

公开(公告)号：US20150278506A1

公开(公告)日：2015-10-01

申请号：US14670379

申请日：2015-03-26

Applicant: Cryptography Research, Inc.

Inventor： Benjamin Che-Ming Jun ,  Matthew Evan Orzen ,  Joel Patrick Wittenauer ,  Steven C. Woo

IPC: G06F21/44 ,  H04L9/32 ,  H04L29/06

CPC classification number: G06F21/44 ,  H04L9/321 ,  H04L9/3271 ,  H04L63/08

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract translation: 可以在第一设备处接收与第二设备相关联的数据配对。 可以从服务器接收配对数据。 可以基于从服务器接收的配对数据来生成第一认证证明。 可以从第二设备接收第二认证证明。 此外，可以基于基于从服务器接收的配对数据的第一认证证明和从第二设备接收到的第二认证证明的比较来更新第二设备的认证状态。

公开(公告)号：US20140044265A1

公开(公告)日：2014-02-13

申请号：US13831545

申请日：2013-03-14

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Paul Carl Kocher ,  Benjamin Che-Ming Jun ,  Andrew John Leiserson

IPC: H04L9/30

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.

Abstract translation: 描述了在集成电路中提供安全特征和密钥管理的机制。 示例性集成电路包括用于存储秘密密钥的安全存储器和耦合到安全存储器的安全管理器核，以接收数字签名的命令，使用秘密密钥验证与该命令相关联的签名，以及配置 集成电路使用该命令。