公开(公告)号：US09553722B2

公开(公告)日：2017-01-24

申请号：US14792445

申请日：2015-07-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Benjamin Che-Ming Jun ,  Ambuj Kumar

IPC: H04L9/00 ,  H04L9/08

CPC classification number: H04L9/0866 ,  H04L9/003 ,  H04L2209/24

Abstract: A first key associated with a plurality of devices may be received. Furthermore, a second key associated with a single device may be received. The first key associated with the plurality of devices may be modified based on a device identification of the single device. Additionally, a primary key may be generated based on the modified first key and the second key.

Abstract translation: 可以接收与多个设备相关联的第一密钥。 此外，可以接收与单个设备相关联的第二密钥。 可以基于单个设备的设备标识来修改与多个设备相关联的第一密钥。 另外，可以基于修改的第一密钥和第二密钥来生成主密钥。

公开(公告)号：US20150326541A1

公开(公告)日：2015-11-12

申请号：US14535202

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev ,  Ambuj Kumar

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

Abstract translation: 这里描述的实施例描述了在诸如预先计算（PCD）资产的数据资产的消费和供应中使用的票务系统的技术。 票可以是数字文件或数据，其能够执行使用计数限制和唯一性发放矿石连续发放目标设备参数。 实施时包括通过网络从服务设备接收模块和故障单的密码管理器（CM）系统的电器设备。 该模块是在目标设备的制造生命周期的操作阶段中将数据资产安全地提供给目标设备的应用程序。 该票是允许电器设备执行模块的数字数据。 电器设备验证机票以执行模块。 该模块在执行时会导致一系列操作的安全构造，以将数据资产安全地提供给目标设备。

公开(公告)号：US11582033B2

公开(公告)日：2023-02-14

申请号：US17119513

申请日：2020-12-11

Applicant: Cryptography Research, Inc

Inventor： Ambuj Kumar ,  Ronald Perez

IPC: H04L9/00 ,  H04L9/08 ,  G09C1/00

Abstract: A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to the scrambling of the secret key. The scrambled values of the secret key (whether changed or unchanged) are used as seeds to produce keys for cryptographic operations by a device.

公开(公告)号：US11250134B2

公开(公告)日：2022-02-15

申请号：US15739105

申请日：2016-08-10

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Ambuj Kumar

IPC: G06F21/57 ,  G06F21/51 ,  G06F9/4401 ,  G06F21/44 ,  H04L9/32

Abstract: A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.

公开(公告)号：US20220021534A1

公开(公告)日：2022-01-20

申请号：US17389746

申请日：2021-07-30

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  Mark Evan Marson ,  Daniel Robert Beitel

IPC: H04L9/30 ,  H04L9/32 ,  H04W12/02 ,  G06F21/60 ,  H04L9/08

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

公开(公告)号：US11216389B2

公开(公告)日：2022-01-04

申请号：US15780005

申请日：2016-12-01

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Ambuj Kumar ,  William Craig Rawlings

IPC: G06F21/14 ,  G06F12/14 ,  G06F21/57 ,  G06F21/62 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: A container from a first root of trust associated with a first root entity may be received. The container may correspond to a mapping of a resource of an integrated circuit that is associated with the first root entity. The container may be verified based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit. An identification may be made that an assignment of the resource from the container corresponds to assigning the resource from the first root of trust to a new root of trust. A new key corresponding to the new root of trust may be generated. Information corresponding to the new key may be stored into a memory of the integrated circuit. Furthermore, the new key may be used to delegate the resource to a subsequent container.

公开(公告)号：US11010494B2

公开(公告)日：2021-05-18

申请号：US16566391

申请日：2019-09-10

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael Alexander Hamburg ,  Paul Kocher

IPC: G06F21/52 ,  G06F21/62 ,  G06F21/45 ,  G06F21/60 ,  G06F9/4401 ,  G06F21/44 ,  G06F21/57

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US10860229B2

公开(公告)日：2020-12-08

申请号：US15512041

申请日：2015-08-31

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Benjamin Che-Ming Jun ,  William Craig Rawlings ,  Ambuj Kumar ,  Mark Evan Marson

IPC: G06F12/00 ,  G06F3/06 ,  G06F21/71 ,  G06F21/76 ,  G11C17/16 ,  G11C17/18

Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

公开(公告)号：US20200026474A1

公开(公告)日：2020-01-23

申请号：US16528232

申请日：2019-07-31

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  Roy Moss

IPC: G06F3/06 ,  G06F12/06 ,  G06F12/1036

Abstract: A virtual memory including virtual addresses may be generated. A first virtual address of the virtual memory may be mapped to a first physical address of a one-time programmable (OTP) memory of a device. Furthermore, a second virtual address of the virtual memory may be mapped to a second physical address of a static memory of the device. The virtual memory that is mapped to the OTP memory and the static memory may be provided for accessing of the data of the OTP memory of the device.

公开(公告)号：US10379785B2

公开(公告)日：2019-08-13

申请号：US15153624

申请日：2016-05-12

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  Roy Moss

IPC: G06F3/06 ,  G06F12/06 ,  G06F12/1036

Abstract: A virtual memory including virtual addresses may be generated. A first virtual address of the virtual memory may be mapped to a first physical address of a one-time programmable (OTP) memory of a device. Furthermore, a second virtual address of the virtual memory may be mapped to a second physical address of a static memory of the device. The virtual memory that is mapped to the OTP memory and the static memory may be provided for accessing of the data of the OTP memory of the device.