公开(公告)号：US08811615B2

公开(公告)日：2014-08-19

申请号：US12850693

申请日：2010-08-05

Applicant: Meng-Day Yu ,  Srinivas Devadas

Inventor： Meng-Day Yu ,  Srinivas Devadas

IPC: H04L9/00

CPC classification number: G06F11/10 ,  H04L9/0662 ,  H04L9/3278 ,  H04L2209/34

Abstract: Outputs from at least one pseudo-random source are used to encode hidden value. The hidden value is encoded using index based quantities, for example, based on numerically ordering a sequence of outputs from pseudo-random source(s). In some examples, the numerical ordering of re-generated device-specific quantities is used to re-generate the hidden value, without necessarily requiring additional error correction mechanisms. Information leak may be reduced by constructing system whose “syndrome” helper bits are random, as measured, for example, by NIST's Statistical Tests for Randomness In some examples, index based coding provides coding gain that exponentially reduces total error correction code complexity, resulting in efficiently realizable PRS-based key generation systems. In some examples, index based coding allows noisy PRS to be robust across conditions where conventional error correction code cannot error correct.

Abstract translation: 来自至少一个伪随机源的输出用于对隐藏值进行编码。 隐藏值使用基于索引的量来编码，例如，基于从伪随机源的输出序列的数值排序。 在一些示例中，重新生成的设备特定量的数值排序用于重新生成隐藏值，而不需要额外的纠错机制。 信息泄漏可以通过构建其“综合征”辅助位是随机的系统来减少，例如，通过NIST的随机统计测试来测量。在一些示例中，基于索引的编码提供指数地降低总纠错码复杂度的编码增益，导致 有效实现的基于PRS的密钥生成系统。 在一些示例中，基于索引的编码允许有噪声的PRS在常规纠错码不能正确错误的情况下是稳健的。

公开(公告)号：US08762723B2

公开(公告)日：2014-06-24

申请号：US13543295

申请日：2012-07-06

Applicant: Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

Inventor： Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

IPC: G06F21/00

CPC classification number: H04L9/3278 ,  H04L9/0844 ,  H04L9/0866

Abstract: An approach to cryptographic security uses a “fuzzy” credential, in contrast to a “hard” credential, to eliminate cryptographic algorithmic repeatability on a device that may be subject to physical attacks. By eliminating repeatability performed at an algorithmic (e.g., gate or software) level, a device inherently lacks one of the fundamental setup assumptions associated with certain classes of side channel, fault injection, timing, and related attacks, thus helps to protect the system against such attacks while preserving the cryptographic security of the system.

Abstract translation: 加密安全性的方法使用“模糊”凭据，与“硬”证书相反，以消除可能遭受物理攻击的设备上的加密算法重复性。 通过消除在算法（例如门或软件）级别执行的重复性，设备固有地缺乏与某些类别的侧信道，故障注入，定时和相关攻击相关联的基本设置假设之一，从而有助于保护系统免受 这种攻击同时保留了系统的加密安全性。

公开(公告)号：US20120290845A1

公开(公告)日：2012-11-15

申请号：US13103451

申请日：2011-05-09

Applicant: William Henry Bares ,  Srinivas Devadas ,  Vivek Khandelwal ,  Zdenek Paral ,  Richard Sowell ,  Tonghang Zhou

Inventor： William Henry Bares ,  Srinivas Devadas ,  Vivek Khandelwal ,  Zdenek Paral ,  Richard Sowell ,  Tonghang Zhou

IPC: H04L9/32

CPC classification number: H04L9/3278 ,  H04L9/3247 ,  H04L2209/805

Abstract: A message is signed using a PUF without having to exactly regenerate a cryptographic key. Another party that shares information about the PUF is able to verify the signature to a high degree of accuracy (i.e., high probability of rejection of a forged signature and a low probably of false rejection of a true signature). In some examples, the information shared by a recipient of a message signature includes a parametric model of operational characteristics of the PUF used to form the signature.

Abstract translation: 使用PUF签名消息，而不必完全重新生成加密密钥。 共享关于PUF的信息的另一方能够以高精确度验证签名（即，拒绝伪造签名的可能性很高，并且可能是真正签名的错误拒绝）。 在一些示例中，消息签名的接收方共享的信息包括用于形成签名的PUF的操作特征的参数模型。

公开(公告)号：US20100272255A1

公开(公告)日：2010-10-28

申请号：US12763254

申请日：2010-04-20

Applicant: Srinivas Devadas ,  Thomas Ziola

Inventor： Srinivas Devadas ,  Thomas Ziola

IPC: G06F12/14 ,  H04L9/00 ,  G06F9/24

CPC classification number: H04L9/3278 ,  G06F21/31 ,  G06F21/445 ,  G06F21/602 ,  G06F21/76 ,  G06F2221/2129 ,  G11C7/24 ,  G11C16/20 ,  G11C16/22 ,  G11C2029/4402 ,  G11C2029/5002 ,  H04L9/0838 ,  H04L9/0877 ,  H04L9/304 ,  H04L2209/56 ,  H04L2209/603 ,  H04L2209/805

Abstract: A field configurable device, such as an FPGA, supports secure field configuration without using non-volatile storage for cryptographic keys on the device and without requiring a continuous or ongoing power source to maintain a volatile storage on the device. The approach can be used to secure the configuration data such that it can in general be used on a single or a selected set of devices and/or encryption of the configuration data so that the encrypted configuration data can be exposed without compromising information encoded in the configuration data.

Abstract translation: 诸如FPGA的现场可配置设备支持安全的现场配置，而不需要在设备上使用非易失性存储器用于加密密钥，而不需要连续或正在进行的电源来维护设备上的易失性存储。 该方法可以用于保护配置数据，使得其通常可以在单个或所选择的设备集合上使用和/或配置数据的加密，使得加密的配置数据可以在不损害在 配置数据。

公开(公告)号：US20090254981A1

公开(公告)日：2009-10-08

申请号：US12485479

申请日：2009-06-16

Applicant: Srinivas Devadas ,  Thomas Ziola

Inventor： Srinivas Devadas ,  Thomas Ziola

IPC: G06F21/00 ,  H04L9/06

CPC classification number: H04L9/3278 ,  G06F21/31 ,  G06F21/445 ,  G06F21/602 ,  G06F21/76 ,  G06F2221/2129 ,  G11C7/24 ,  G11C16/20 ,  G11C16/22 ,  G11C2029/4402 ,  G11C2029/5002 ,  H04L9/0838 ,  H04L9/0877 ,  H04L9/304 ,  H04L2209/56 ,  H04L2209/603 ,  H04L2209/805

Abstract: A key is determined from a volatile response using circuitry on the device. The volatile response depend on process variation in fabrication of the device. Error control data that depends on the first volatile response can be computed, stored externally to the device, and then used to generate the key using a volatile response using the circuit. Applications of volatile keys include authentication and rights management for content and software.

Abstract translation: 使用设备上的电路从易失性响应中确定密钥。 挥发性响应取决于器件制造过程的变化。 可以计算取决于第一易失性响应的错误控制数据，存储在设备的外部，然后用于使用电路的易失性响应生成密钥。 易失性密钥的应用包括对内容和软件的认证和权限管理。

公开(公告)号：US20070250938A1

公开(公告)日：2007-10-25

申请号：US11626639

申请日：2007-01-24

Applicant: Gookwon Suh ,  Srinivas Devadas

Inventor： Gookwon Suh ,  Srinivas Devadas

IPC: G08B29/00

CPC classification number: G06F21/31 ,  G06F21/73 ,  G06F2221/2129 ,  H04L9/0866 ,  H04L2209/12

Abstract: Subsets of multiple signal generator circuits embodied in a device are selected, and then a volatile value for the device is generated from the selected subsets. The volatile value may be used for authentication of the device and/or for cryptographic procedures performed on the device. The signal generator circuits may each comprise an oscillator circuit, and the selection of the subsets may be according to a comparison of the outputs of the subsets of circuits, for example, according to a comparison of output oscillation frequencies.

Abstract translation: 选择体现在设备中的多个信号发生器电路的子集，然后从所选择的子集产生装置的易失性值。 易失性值可以用于设备的认证和/或用于在设备上执行的密码过程。 信号发生器电路可以各自包括振荡器电路，并且子集的选择可以根据电路子集的输出的比较，例如根据输出振荡频率的比较。

公开(公告)号：US20070183194A1

公开(公告)日：2007-08-09

申请号：US11421609

申请日：2006-06-01

Applicant: Srinivas Devadas ,  Blaise Gassend ,  Dwaine Clarke ,  Marten Van Dijk

Inventor： Srinivas Devadas ,  Blaise Gassend ,  Dwaine Clarke ,  Marten Van Dijk

IPC: G11C16/04

CPC classification number: G06F21/31 ,  G06F21/72 ,  G06F21/73 ,  G06F21/77 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2103 ,  G06F2221/2121 ,  G06F2221/2129 ,  G06F2221/2153 ,  G06Q20/3674 ,  G09C1/00 ,  H01L23/544 ,  H01L23/576 ,  H01L2223/54433 ,  H01L2223/5444 ,  H01L2223/54473 ,  H01L2924/0002 ,  H04L9/0897 ,  H04L9/3278 ,  H04L2209/34 ,  H04L2209/42 ,  H01L2924/00

Abstract: A method for providing access to device-specific information includes providing a first value to the device, and then, in the device, using a second value that is a first one-way function of the provided first value to determine a third value such that the third value is a device-specific function of the second value. The third value is then accepted from the device and stored outside the device. Subsequent to accepting the third value from the device, the second value is provided to the device. In the device, the provided second value is used to determine the third value once again and a fourth value is determined that is a second one-way function of the third value. This determining of the fourth value is performed without disclosing the third value outside the device. The fourth value is accepted from the device.

Abstract translation: 用于提供对设备特定信息的访问的方法包括向设备提供第一值，然后在设备中使用作为所提供的第一值的第一单向函数的第二值来确定第三值，使得 第三个值是第二个值的特定于设备的功能。 然后第三个值从设备接受并存储在设备外部。 在从设备接受第三值之后，将第二值提供给设备。 在设备中，所提供的第二值被再次用于确定第三值，并且确定第四值是第三值的第二单向函数。 执行第四值的确定而不在设备外部公开第三值。 从设备接受第四个值。

公开(公告)号：US20060271792A1

公开(公告)日：2006-11-30

申请号：US11421582

申请日：2006-06-01

Applicant: Srinivas Devadas ,  Blaise Gassend

Inventor： Srinivas Devadas ,  Blaise Gassend

IPC: G06F12/14

CPC classification number: G06F21/31 ,  G06F21/72 ,  G06F21/73 ,  G06F21/77 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2103 ,  G06F2221/2121 ,  G06F2221/2129 ,  G06F2221/2153 ,  G06Q20/3674 ,  G09C1/00 ,  H01L23/544 ,  H01L23/576 ,  H01L2223/54433 ,  H01L2223/5444 ,  H01L2223/54473 ,  H01L2924/0002 ,  H04L9/0897 ,  H04L9/3278 ,  H04L2209/34 ,  H04L2209/42 ,  H01L2924/00

Abstract: A digital value is generated in an integrated circuit such that the generated value substantially depends on circuit parameters that vary among like devices. The generated digital value is then used, for example, to access protected information in the device or to perform a cryptographic function in the integrated circuit.

Abstract translation: 在集成电路中产生数字值，使得所产生的值基本上取决于在类似的装置之间变化的电路参数。 所产生的数字值例如用于访问设备中的受保护信息或在集成电路中执行加密功能。

公开(公告)号：US07818569B2

公开(公告)日：2010-10-19

申请号：US11421582

申请日：2006-06-01

Applicant: Srinivas Devadas ,  Blaise Gassend

Inventor： Srinivas Devadas ,  Blaise Gassend

IPC: G08B29/00 ,  G06F21/02 ,  H01L23/58

CPC classification number: G06F21/31 ,  G06F21/72 ,  G06F21/73 ,  G06F21/77 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2103 ,  G06F2221/2121 ,  G06F2221/2129 ,  G06F2221/2153 ,  G06Q20/3674 ,  G09C1/00 ,  H01L23/544 ,  H01L23/576 ,  H01L2223/54433 ,  H01L2223/5444 ,  H01L2223/54473 ,  H01L2924/0002 ,  H04L9/0897 ,  H04L9/3278 ,  H04L2209/34 ,  H04L2209/42 ,  H01L2924/00

Abstract: A digital value is generated in an integrated circuit such that the generated value substantially depends on circuit parameters that vary among like devices. The generated digital value is then used, for example, to access protected information in the device or to perform a cryptographic function in the integrated circuit.

Abstract translation: 在集成电路中产生数字值，使得所产生的值基本上取决于在类似的装置之间变化的电路参数。 所产生的数字值例如用于访问设备中的受保护信息或在集成电路中执行加密功能。

公开(公告)号：US07724760B2

公开(公告)日：2010-05-25

申请号：US10639269

申请日：2003-08-12

Applicant: Hari Balakrishnan ,  Srinivas Devadas ,  Arvind Mithal

Inventor： Hari Balakrishnan ,  Srinivas Devadas ,  Arvind Mithal

IPC: H04L12/56

CPC classification number: H04L47/10 ,  H04L47/24 ,  H04L47/39 ,  H04L47/50 ,  H04L47/52 ,  H04L47/6215 ,  H04L47/6255 ,  H04L49/101 ,  H04L49/254 ,  H04L49/30 ,  H04L49/3045

Abstract: A method for selecting a queue for service across a shared link. The method includes classifying each queue from a group of queues within a plurality of ingresses into one tier of a number “N” of tiers. The number “N” is greater than or equal to 2. Information about allocated bandwidth is used to classify at least some of the queues into the tiers. Each tier is assigned a different priority. The method also includes matching queues to available egresses by matching queues classified within tiers with higher priorities before matching queues classified within tiers with lower priorities.

Abstract translation: 一种用于通过共享链路选择服务队列的方法。 该方法包括将来自多个入口内的一组队列中的每个队列分成层数“N”的一层。 数字“N”大于或等于2.关于分配的带宽的信息用于将至少一些队列分类到层级中。 每个层都有不同的优先级。 该方法还包括通过匹配在具有较低优先级的层级中分类的队列之前匹配在具有较高优先级的层级中分类的队列来匹配队列到可用出口。