公开(公告)号：US10387336B2

公开(公告)日：2019-08-20

申请号：US15469287

申请日：2017-03-24

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: G06F12/00 ,  G06F12/14 ,  G06F3/06

Abstract: Disclosed in some examples are memory systems, computing systems, and machine readable mediums for protecting memory at identified addresses based upon access rules defining permissible access to the identified memory addresses that depends on the value of one or more registers stored in the memory system. In some examples, the value of the registers (e.g., a Platform Configuration Register) may depend on a state of a computing device in which the memory system is installed.

公开(公告)号：US20250094649A1

公开(公告)日：2025-03-20

申请号：US18962771

申请日：2024-11-27

Applicant: Micron Technology, Inc.

Inventor： Aaron P. Boehm ,  Lance W. Dover ,  Steffen Buch

IPC: G06F21/79 ,  G06F21/60 ,  G06F21/64 ,  G06F21/72 ,  G06F21/78 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: Methods, systems, and devices for safety and security for memory are described. In some examples, data associated with a memory device may be authenticated before an associated operation is executed. The data may be authenticated before it is executed at a volatile memory. The data may be associated with a hash (e.g., a first hash) and may be communicated from the memory device to a host device. At the host device, the data and the first hash may be written (e.g., stored) to temporary storage, such as a cache. Once stored to the cache, the host device may generate an additional hash (e.g., a second hash) related to the data using a key inaccessible to the memory device. If the first hash and second hash match, the data may be authenticated and one or more operations may be executed.

公开(公告)号：US12192329B2

公开(公告)日：2025-01-07

申请号：US17663124

申请日：2022-05-12

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/08 ,  H04L9/32

Abstract: Methods, systems, and devices for multi-factor authentication for memory systems based on internal asymmetric keys are described. In some examples, host systems and memory systems may be configured to implement techniques for the generation and distribution of asymmetric keys, certificates, or both, which may support evaluating the authenticity of interfacing systems (e.g., by signing and verifying exchanged signaling based on system identities) or protecting the integrity of exchanged signaling (e.g., by encrypting exchanged signaling), or both. Such techniques may include implementing asymmetric cryptographic security functionality directly in a memory system, including techniques where the memory system is configured to generate asymmetric key pairs, certificates, or both based on a combination of unique device secret and content stored at the memory system.

公开(公告)号：US20240430253A1

公开(公告)日：2024-12-26

申请号：US18822952

申请日：2024-09-03

Applicant: Micron Technology, Inc.

Inventor： Jeffrey Charles Shiner ,  Lance W. Dover

IPC: H04L9/40 ,  H04L9/14

Abstract: A security server to validate identity data of computing devices having secure memory devices and track activities of components in the computing devices. The server system is configured to store data representative of a unique device secret sealed in the memory device. The server system can generate a first cryptographic key independently from the memory device generating a second cryptographic key. The memory device uses the second cryptographic key to generate identity data including a message and a verification code generated via cryptographic operations combining the message and the second cryptographic key. The server system can use the first cryptographic key to determine whether the verification code is valid for the message. If so, the security server can generate an activity record associating the activity of the computing device with identifications of respective components of the computing device confirmed via validation of the identity data.

公开(公告)号：US11899946B2

公开(公告)日：2024-02-13

申请号：US17710675

申请日：2022-03-31

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: G06F3/06

CPC classification number: G06F3/0629 ,  G06F3/062 ,  G06F3/0679

Abstract: The disclosed embodiments are related to securely updating a semiconductor device. In one embodiment, a method comprises receiving a command; generating, by the semiconductor device, a response code in response to the command; returning the response code to a processing device; receiving a command to replace a storage root key of the device; generating a replacement key based on the response code; and replacing an existing key with the replacement key.

公开(公告)号：US20230353391A1

公开(公告)日：2023-11-02

申请号：US18127546

申请日：2023-03-28

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/3247

Abstract: Methods, systems, and devices for remote provisioning of certificates for memory system provenance are described. The method may include a server receiving a first certificate that includes a first public key, a first signature generated using a first private key of a memory system, and an indication of a characteristic associated with the memory system. The server may verify the first signature and that the characteristic associated with the memory system is a valid characteristic for the memory system to have. The server may generate a second certificate that includes the first public key and a second signature generated using a second private key. The server may provide the second certificate to a host system such that the host may verify the provenance of the memory system.

公开(公告)号：US20230129539A1

公开(公告)日：2023-04-27

申请号：US17664320

申请日：2022-05-20

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover ,  Giuseppe Vito Portacci ,  Giuseppe Ferrari

IPC: G06F3/06

Abstract: Methods, systems, and devices for authenticated modification of memory system data are described. A host system may transmit a command to program data to a protection region of a memory system, and the host system may sign the command using a key associated with the protection region. In some examples, the host system may transmit the data associated with the command, or the command may include instructions to move the data from another region of the memory system. Upon receiving the command, the memory system may verify the signature to determine whether the host is authorized to modify the protection region, and may program the data as requested by the host system. In some cases, the protection regions of the memory system may be updated, for example by adjusting the size or address range of the protection regions, in response to a command from the host system.

公开(公告)号：US20230125636A1

公开(公告)日：2023-04-27

申请号：US17664372

申请日：2022-05-20

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/32 ,  H04L9/08

Abstract: Methods, systems, and devices for use of a physically unclonable function to generate a memory identifier are described. For instance, a memory system may read a set of uninitialized memory cells of a memory system to obtain a first key associated with the memory system. The memory system may generate a private key associated with the memory system based on the first key and may transmit, to a host system, an indication of a public key corresponding to the private key. The memory system may transmit, to the host system, signaling, such as a signature, that is encrypted based on the private key associated with the memory system.

公开(公告)号：US11611433B2

公开(公告)日：2023-03-21

申请号：US16748244

申请日：2020-01-21

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/08 ,  H04L9/40 ,  H04L9/00 ,  H04L9/32 ,  G06F21/78 ,  H04L9/30

Abstract: Various examples are directed to secure memory arrangements and methods of using the same. A gateway device of the secure computing system may receiving a first message from an external system. The first message may comprise a first message payload data and first asymmetric access data. The gateway device may determine that the first asymmetric access data matches the first message payload data based at least in part on an external system public key. The gateway device may access a first system controller symmetric key associated with a first system controller in communication with the gateway device and generate a first symmetric access data based at least in part on the first system controller symmetric key and the first message payload data. The gateway device may send the first message payload data and the first symmetric access data to the first system controller.

公开(公告)号：US20230006816A1

公开(公告)日：2023-01-05

申请号：US17943574

申请日：2022-09-13

Applicant: Micron Technology, Inc.

Inventor： Travis Duane Nelson ,  Lance W. Dover

IPC: H04L9/08 ,  H04L9/40 ,  H04L9/32

Abstract: A system, method and apparatus to control memory devices over computer networks. For example, a server system establishes a secure authenticated connection with a client computer system to receive a request having a batch identification that is configured in the server system to identify a batch of multiple memory devices. After determining that the client computer system is eligible to control the multiple memory devices in the batch, the server system transmits to the client computer system a response. The response contains control data for each respective memory device in the batch. The control data is based on at least a cryptographic key stored in the server system in association with the respective memory device. Using the control data the client computer system submits a command with a digital signature to the respective memory device, which validates the digital signature prior to execution of the command.