-
公开(公告)号:US20180295127A1
公开(公告)日:2018-10-11
申请号:US16004715
申请日:2018-06-11
Applicant: Cryptography Research, Inc.
Inventor: Michael Hamburg , Benjamin Che-Ming Jun , Paul C. Kocher , Daniel O'Loughlin , Denis Alexandrovich Pochuev
Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.
-
Patent Agency Ranking
32.发明授权Auditing and permission provisioning mechanisms in a distributed secure asset-management infrastructure 有权分布式安全资产管理基础架构中的审计和权限提供机制公开(公告)号:US09584509B2
公开(公告)日:2017-02-28
申请号:US14535202
申请日:2014-11-06
Applicant: CRYPTOGRAPHY RESEARCH, INC.
Inventor: Michael Hamburg , Benjamin Che-Ming Jun , Paul C. Kocher , Daniel O'Loughlin , Denis Alexandrovich Pochuev , Ambuj Kumar
IPC: H04L9/32 , H04L29/06 , H04L29/08 , H04W12/06 , G06F21/60 , G06F21/62 , G06F21/72 , G06F21/73 , G06F21/33
CPC classification number: H04L63/0853 , G06F21/335 , G06F21/602 , G06F21/6209 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2135 , G06F2221/2145 , G06F2221/2149 , G06F2221/2153 , H04L63/0428 , H04L63/062 , H04L63/123 , H04L67/32 , H04W12/06
Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.
Abstract translation: 这里描述的实施例描述了在诸如预先计算(PCD)资产的数据资产的消费和供应中使用的票务系统的技术。 票可以是数字文件或数据,其能够执行使用计数限制和唯一性发放矿石连续发放目标设备参数。 实施时包括通过网络从服务设备接收模块和故障单的密码管理器(CM)系统的电器设备。 该模块是在目标设备的制造生命周期的操作阶段中将数据资产安全地提供给目标设备的应用程序。 该票是允许电器设备执行模块的数字数据。 电器设备验证机票以执行模块。 该模块在执行时会导致一系列操作的安全构造,以将数据资产安全地提供给目标设备。
-
公开(公告)号:US09576133B2
公开(公告)日:2017-02-21
申请号:US14737154
申请日:2015-06-11
Applicant: Cryptography Research, Inc.
Inventor: Paul C. Kocher , Pankaj Rohatgi , Joshua M. Jaffe
IPC: H04L9/00 , G06F21/57 , G06F21/60 , H04L9/08 , H04L9/32 , G06F12/14 , H04L9/06 , H04L9/16 , G06F9/445 , G06F21/76 , G06F9/44 , G06F21/55 , H04L29/06
CPC classification number: G06F21/575 , G06F8/71 , G06F9/44505 , G06F12/1408 , G06F21/556 , G06F21/602 , G06F21/755 , G06F21/76 , G06F2212/402 , G06F2221/034 , G06F2221/2107 , G06F2221/2125 , G06F2221/2145 , H04L9/003 , H04L9/0631 , H04L9/085 , H04L9/0861 , H04L9/088 , H04L9/0894 , H04L9/16 , H04L9/3236 , H04L9/3247 , H04L63/0428 , H04L63/0869 , H04L2209/24 , H04L2209/38 , H04L2209/56 , H04L2463/061
Abstract: A device includes storage hardware to store a secret value and processing hardware coupled to the storage hardware. The processing hardware is to receive an encrypted data segment with a validator and derive a decryption key using the secret value and a plurality of entropy distribution operations. The processing hardware is further to verify, using the received validator, that the encrypted data segment has not been modified. The processing hardware is further to decrypt the encrypted data segment using the decryption key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.
Abstract translation: 设备包括存储硬件以存储与存储硬件耦合的秘密值和处理硬件。 处理硬件是使用验证器接收加密数据段,并使用秘密值和多个熵分布操作导出解密密钥。 处理硬件还使用接收到的验证器验证加密的数据段未被修改。 所述处理硬件还用于使用所述解密密钥对所述加密数据段进行解密,以响应于验证所述加密数据段未被修改而产生解密的数据段。
-
34.发明申请公开(公告)号:US20160026826A1
公开(公告)日:2016-01-28
申请号:US14752677
申请日:2015-06-26
Applicant: Cryptography Research, Inc.
Inventor: Paul C. Kocher , Pankaj Rohatgi , Joshua M. Jaffe
CPC classification number: G06F21/575 , G06F8/71 , G06F9/44505 , G06F12/1408 , G06F21/556 , G06F21/602 , G06F21/755 , G06F21/76 , G06F2212/402 , G06F2221/034 , G06F2221/2107 , G06F2221/2125 , G06F2221/2145 , H04L9/003 , H04L9/0631 , H04L9/085 , H04L9/0861 , H04L9/088 , H04L9/0894 , H04L9/16 , H04L9/3236 , H04L9/3247 , H04L63/0428 , H04L63/0869 , H04L2209/24 , H04L2209/38 , H04L2209/56 , H04L2463/061
Abstract: A bitstream for configuration of a programmable logic device is received, the bitstream comprising a data segment and authentication data associated with the data segment. The programmable logic device computes a hash of the data segment. The programmable logic device compares the computed hash of the data segment with the authentication data. Configuration of the programmable logic device halts responsive to a determination that the computed hash of the data segment does not match the authentication data. Configuration of the programmable logic device using the data segment continues responsive to a determination that the computed hash of the data segment matches the authentication data.
Abstract translation: 接收用于配置可编程逻辑设备的比特流,所述比特流包括与所述数据段相关联的数据段和认证数据。 可编程逻辑器件计算数据段的散列。 可编程逻辑设备将计算出的数据段的散列与认证数据进行比较。 可编程逻辑设备的配置响应于所计算的数据段的散列与认证数据不匹配的确定停止。 使用数据段的可编程逻辑设备的配置继续响应于所计算的数据段的散列与认证数据匹配的确定。
-
35.发明申请GENERATING AND DISTRIBUTING PRE-COMPUTED DATA (PCD) ASSETS TO A TARGET DEVICE 审中-公开将预计数据(PCD)资产生成和分配给目标设备公开(公告)号:US20150326540A1
公开(公告)日:2015-11-12
申请号:US14535197
申请日:2014-11-06
Applicant: CRYPTOGRAPHY RESEARCH, INC.
Inventor: Michael Hamburg , Benjamin Che-Ming Jun , Paul C. Kocher , Daniel O'Loughlin , Denis Alexandrovich Pochuev
CPC classification number: H04L63/0853 , G06F21/335 , G06F21/602 , G06F21/6209 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2135 , G06F2221/2145 , G06F2221/2149 , G06F2221/2153 , H04L63/0428 , H04L63/062 , H04L63/123 , H04L67/32 , H04W12/06
Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.
Abstract translation: 本文描述的实施例描述了在加密管理器(CM)环境中的目标设备的制造生命周期的操作阶段中的预计算数据(PCD)资产生成和PCD资产到目标设备的安全部署的技术。 一个实现包括根授权(RA)设备,其接收用于为目标设备生成唯一PCD资产的第一命令。 作为响应,RA设备生成PCD资产并打包PCD资产以将PCD资产的安全部署到目标设备并由目标设备专用。 RA设备将包装的PCD资产部署到CM系统中,用于目标设备的识别和跟踪。
-
36.发明申请DEVICE WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS AND OTHER EXTERNAL MONITORING ATTACKS 有权具有抵抗差分功率分析和其他外部监测攻击的装置公开(公告)号:US20150280907A1
公开(公告)日:2015-10-01
申请号:US14737154
申请日:2015-06-11
Applicant: Cryptography Research, Inc.
Inventor: Paul C. Kocher , Pankaj Rohatgi , Joshua M. Jaffe
CPC classification number: G06F21/575 , G06F8/71 , G06F9/44505 , G06F12/1408 , G06F21/556 , G06F21/602 , G06F21/755 , G06F21/76 , G06F2212/402 , G06F2221/034 , G06F2221/2107 , G06F2221/2125 , G06F2221/2145 , H04L9/003 , H04L9/0631 , H04L9/085 , H04L9/0861 , H04L9/088 , H04L9/0894 , H04L9/16 , H04L9/3236 , H04L9/3247 , H04L63/0428 , H04L63/0869 , H04L2209/24 , H04L2209/38 , H04L2209/56 , H04L2463/061
Abstract: A device includes storage hardware to store a secret value and processing hardware coupled to the storage hardware. The processing hardware is to receive an encrypted data segment with a validator and derive a decryption key using the secret value and a plurality of entropy distribution operations. The processing hardware is further to verify, using the received validator, that the encrypted data segment has not been modified. The processing hardware is further to decrypt the encrypted data segment using the decryption key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.
Abstract translation: 设备包括存储硬件以存储与存储硬件耦合的秘密值和处理硬件。 处理硬件是使用验证器接收加密数据段,并使用秘密值和多个熵分布操作导出解密密钥。 处理硬件还使用接收到的验证器验证加密的数据段未被修改。 所述处理硬件还用于使用所述解密密钥对所述加密数据段进行解密,以响应于验证所述加密数据段未被修改而产生解密的数据段。
-
-
-
-
-
Search Results
36
records
(took 0.029 seconds)
