-
公开(公告)号:US09054877B2
公开(公告)日:2015-06-09
申请号:US13578705
申请日:2010-09-21
申请人: Yaacov Belenky
发明人: Yaacov Belenky
CPC分类号: H04L9/3263 , H04L9/0897 , H04L9/3093
摘要: A method for computation is described, the method including configuring a processor to expand input seed values into respective output data values using an approximated expansion process such that the output data values are not guaranteed to satisfy a required output data criterion, selecting a seed value so that an output data value generated by the processor by application of the approximated expansion process to the selected seed value will yield an output data value that satisfies the required output data criterion, and storing the selected seed value in a non-volatile memory to be accessed by the processor. Related apparatus and systems are also described.
摘要翻译: 描述了一种用于计算的方法,所述方法包括配置处理器以使用近似扩展处理将输入种子值扩展为相应的输出数据值,使得输出数据值不能保证满足所需的输出数据准则,从而选择种子值 由处理器通过将所接近的扩展处理应用于选择的种子值而产生的输出数据值将产生满足所需输出数据准则的输出数据值,并将所选择的种子值存储在要访问的非易失性存储器中 由处理器。 还描述了相关装置和系统。
-
公开(公告)号:US08539596B2
公开(公告)日:2013-09-17
申请号:US12736564
申请日:2009-05-21
申请人: Chaim Shen-Orr , Zvi Shkedy , Reuven Elbaum , Yonatan Shlomovich , Yigal Shapiro , Yaacov Belenky , Yaakov (Jordan) Levy , Reuben Sumner , Itsik Mantin
发明人: Chaim Shen-Orr , Zvi Shkedy , Reuven Elbaum , Yonatan Shlomovich , Yigal Shapiro , Yaacov Belenky , Yaakov (Jordan) Levy , Reuben Sumner , Itsik Mantin
IPC分类号: G06F21/00
摘要: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described.
摘要翻译: 描述了阻止从存储单元中保存的秘密泄漏的信息的检测的方法,所述方法包括在接收到触发事件之后接收等待至少第一时间量的触发事件以通过,所述存储单元为 在所述至少第一时间量之后的至少第一时间量内处于非操作状态,改变所述存储器单元在其下操作的至少一个第一状态,从而使所述存储器单元进入操作状态 在改变至少一个第一条件之后等待第二时间量过去,并且在所述第二时间量之后改变所述存储器单元操作的至少一个第二状态,从而使所述存储器单元进入非 其中对秘密信息的访问仅在第二时间段期间被启用,并且在f期间有意无意地泄漏的秘密信息的检测受到限制 第一次的时间 还描述了相关装置和方法。
-
公开(公告)号:US08457309B2
公开(公告)日:2013-06-04
申请号:US13322211
申请日:2010-06-28
IPC分类号: H04L29/06
CPC分类号: H04L9/0869 , H04L9/302
摘要: Apparatus for ciphering, including a non-volatile memory, which stores a number from which a private cryptographic key, having a complementary public cryptographic key, is derivable, wherein the number is shorter than the private cryptographic key, and a processor, which is configured to receive an instruction indicating that the private cryptographic key is to be applied to data and, responsively to the instruction, to compute the private cryptographic key using the stored number and to perform a cryptographic operation on the data using the private cryptographic key. Related apparatus and methods are also described.
摘要翻译: 用于加密的装置,包括非易失性存储器,其存储具有补充公共密码密钥的专用密钥的数量,其中所述数量比所述专用加密密钥短;以及处理器,其被配置 接收指示将私有密码密钥应用于数据的指令,并且响应于该指令,使用所存储的号码计算专用密码密钥,并使用专用密码密钥对数据执行密码操作。 还描述了相关装置和方法。
-
公开(公告)号:US20130129090A1
公开(公告)日:2013-05-23
申请号:US13699912
申请日:2010-12-14
申请人: Aviad Kipnis , Yaron Sella , Yaacov Belenky
发明人: Aviad Kipnis , Yaron Sella , Yaacov Belenky
IPC分类号: H04L9/30
CPC分类号: H04L9/30 , H04L9/0813 , H04L9/0819 , H04L9/0822 , H04L9/0825 , H04L9/0838 , H04L9/3073 , H04L9/3093 , H04L9/3247 , H04L2209/12
摘要: A cryptographic method and apparatus, including providing a public key that defines a multivariate polynomial mapping Q( ) over a finite field F, extracting a first vector Y of verification values from a message, computing over the first vector, using a processor, a digital signature X including a second vector of signature values such that application of the mapping to the digital signature gives a third vector Q(X) of output values such that each output value is equal to a corresponding element of a vector sum Y+aYSHIFT over F, wherein YSHIFT is a shifted version of Y, and aεF, and conveying the message with the digital signature to a recipient for authentication using the public key. Related methods, systems, and apparatus are also described.
摘要翻译: 一种加密方法和装置,包括提供公共密钥,其在有限域F上定义多变量多项式映射Q(),从消息中提取验证值的第一向量Y,使用处理器,数字 包括签名值的第二向量的签名X,使得映射到数字签名的应用给出输出值的第三向量Q(X),使得每个输出值等于F上的向量和Y + aYSHIFT的对应元素 其中,YSHIFT是Y的移位版本,和aepsilon,并且使用公钥将具有数字签名的消息传送给接收者进行认证。 还描述了相关方法,系统和装置。
-
公开(公告)号:US20080137851A1
公开(公告)日:2008-06-12
申请号:US11918110
申请日:2006-03-22
IPC分类号: H04N7/167
CPC分类号: H04L63/0428 , H04N21/23476 , H04N21/434 , H04N21/44055
摘要: A system for scrambling/descrambling packets of a stream of content, each packet having a must stay clear (MSC) section, the system including an input handler including a receiving module to receive the stream, a characteristic analyzer to analyze the stream in order to determine a data independent characteristic of each packet, and a scrambling /descrambling device operationally associated with the input handler, the scrambling/descrambling device including a receiving module to receive the data independent characteristic for each packet from the input handler, and an Initial Value module to determine an Initial Value for each packet as a function of the data independent characteristic of one of the packets being processed, wherein the scrambling/descrambling device is adapted to scramble and/or descramble the packets based on the Initial Value and a Control Word. Related apparatus and methods are included.
摘要翻译: 一种用于对内容流进行加扰/解扰的分组的系统,每个分组具有必须保持清晰(MSC)部分,所述系统包括包括接收模块的输入处理器以接收流;特征分析器,用于分析流,以便 确定每个分组的数据独立特性,以及与输入处理器操作地相关联的加扰/解扰设备,加扰/解扰设备包括接收模块,用于从输入处理器接收每个分组的数据独立特性,以及初始值模块 根据所处理的一个分组的数据独立特性来确定每个分组的初始值,其中所述加扰/解扰设备适于基于初始值和控制字对分组进行加扰和/或解扰。 包括相关的装置和方法。
-
公开(公告)号:US20070300070A1
公开(公告)日:2007-12-27
申请号:US11629435
申请日:2005-05-11
CPC分类号: H04L63/0823 , G06F21/33 , G06F2221/2103 , G06F2221/2111 , G06F2221/2129 , H04L63/0428 , H04L63/06 , H04W12/02 , H04W12/04 , H04W12/06 , H04W24/00
摘要: A method for determining proximity between a first device and a second device, the method comprising providing a first device storing a first device private key, the first device having an associated secure first device certificate storing secured information, the secured information comprising a first device public key corresponding to the first device private key, providing a second device storing a second device private key, the second device having an associated secure second device certificate storing secured information, the secured information comprising a second device public key corresponding to the second device private key, and a second device processing delay, providing a copy of the second device certificate to the first device, establishing a secure authenticated channel between the first device and the second device, sending a proximity challenge from the first device to the second device, the proximity challenge including a numeric challenge value, receiving the proximity challenge at the second device, processing the proximity challenge at the second device to produce the response to the proximity challenge, and sending the response to the proximity challenge from the second device to the first device, receiving the response to the proximity challenge at the first device, and performing the following at the first device verifying, at the first device, that the response to the proximity challenge is legitimate, determining a gross time between sending the proximity challenge and receiving the response to the proximity challenge, subtracting the second device processing delay from the gross time to produce a net response time, and comparing the net response time to a first threshold and determining whether the first device and the second device are in proximity based on a result of the comparing. Related methods and apparatus are also described.
摘要翻译: 一种用于确定第一设备和第二设备之间的接近度的方法,所述方法包括提供存储第一设备私钥的第一设备,所述第一设备具有存储安全信息的相关联的安全第一设备证书,所述安全信息包括第一设备公共 密钥对应于第一设备专用密钥,提供存储第二设备专用密钥的第二设备,第二设备具有存储安全信息的相关联的安全第二设备证书,所述安全信息包括与第二设备专用密钥对应的第二设备公钥 以及第二设备处理延迟,将第二设备证书的副本提供给第一设备,在第一设备和第二设备之间建立安全认证信道,从第一设备向第二设备发送接近质询,接近度 挑战包括数字挑战价值,接受近似 处理在第二设备处的接近度挑战,以产生对接近度挑战的响应,以及将响应发送到从第二设备到第一设备的接近挑战,接收对接近挑战的响应 第一设备,并且在第一设备处,在第一设备处,验证对接近度挑战的响应是合法的,确定发送邻近度挑战和接收到接近质疑的响应之间的总时间,然后减去第二设备 处理从总时间的延迟以产生净响应时间,以及将净响应时间与第一阈值进行比较,并且基于比较的结果来确定第一设备和第二设备是否处于接近状态。 还描述了相关方法和装置。
-
公开(公告)号:US20190286853A1
公开(公告)日:2019-09-19
申请号:US16431153
申请日:2019-06-04
申请人: Yaacov Belenky , Gyora Benedek , Reuven Elbaum , David Novick , Elad Peer , Chaim Shen-Orr , Yonatan Shlomovich
发明人: Yaacov Belenky , Gyora Benedek , Reuven Elbaum , David Novick , Elad Peer , Chaim Shen-Orr , Yonatan Shlomovich
摘要: The present disclosure is directed to systems and methods to protect against SCA and fault injection attacks through the use of a temporary or ephemeral key to cryptographically alter input data portions. Universal resistant block (URB) circuitry receives a seed data value and a at least one secret key data value and generates an ephemeral key output data value. Cryptographic circuitry uses the ephemeral key data value to transform an input data portion to produce an transformed output data portion. The use of an SCA or fault injection attack on the transformed output data portion will reveal only the ephemeral key data value and not the at least one secret key data value. Further, where a unique ephemeral key data value is used to transform each input data portion, an attacker cannot discover the ephemeral key in a piecemeal manner and must instead discover the complete ephemeral key data value—significantly increasing the difficulty of performing a successful SCA or fault injection attack.
-
公开(公告)号:US20150358160A1
公开(公告)日:2015-12-10
申请号:US14759417
申请日:2013-07-10
申请人: Michael KARA-IVANOV , Aviad KIPNIS , Tzachy REINMAN , Efraim MANGELL , Erez WAISBARD , Yaacov BELENKY , Cisco Technology, Inc.
发明人: Michael KARA-IVANOV , Aviad KIPNIS , Tzachy REINMAN , Efraim MANGELL , Erez WAISBARD , Yaacov BELENKY
IPC分类号: H04L9/08
CPC分类号: H04L9/0861 , H04L9/0869
摘要: A method, system and apparatus for deriving a secondary secret from a root secret are described, the method, system and apparatus including reserving a memory buffer included in an integrated circuit, the memory buffer being large enough to contain all of the bits which will include the secondary secret, receiving a plurality of bits from a root secret, the root secret being stored in a secure memory of the integrated circuit, inputting the plurality of bits from the root secret and at least one control bit into a permutation network, and thereby producing a multiplicity of output bits, the at least one control bit including one of one bit of a value g, and one bit an output of a function which receives g as an input, receiving the multiplicity of output bits from the permutation network, inputting the multiplicity of output bits from the permutation network into a plurality of logic gates, thereby combining the multiplicity of output bits, wherein a fixed number of bits is output from the logic gates, inputting the fixed number of bits output by the logic gates into an error correcting code module, the fixed number of bits output by the logic gates including a first group of intermediate output bits and a second group of intermediate output bits and receiving output bits from the error correcting code module, the output bits of the error correcting code module including the first group of intermediate output bits as changed by the error correcting code module, where the change depends on the second group of intermediate output bits, filling non-filled registers in the reserved memory buffer with the first group of intermediate output bits as changed by the error correcting code module, and repeating the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” until the entire secondary secret is derived, wherein the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” are performed in a single clock cycle of the integrated circuit. Related apparatus, methods and systems are also described.
-
公开(公告)号:US08930435B2
公开(公告)日:2015-01-06
申请号:US13515560
申请日:2010-09-21
申请人: Yaacov Belenky , Zeev Geyzel
发明人: Yaacov Belenky , Zeev Geyzel
CPC分类号: G06F7/723 , G06F7/725 , G06F2207/7261 , G06F2207/7271
摘要: A method for computation, including defining a sequence of n bits that encodes an exponent d, such that no more than a specified number of successive bits in the sequence are the same, initializing first and second registers using a value of a base x that is to be exponentiated, whereby the first and second registers hold respective first and second values, which are successively updated during the computation, successively, for each bit in the sequence computing a product of the first and second values, depending on whether the bit is one or zero, selecting one of the first and second registers, and storing the product in the selected one of the registers, whereby the first and second registers hold respective first and second final values upon completion of the sequence, and returning xd based on the first and second final values. Related apparatus and methods are also described.
摘要翻译: 一种用于计算的方法,包括定义编码指数d的n位序列,使得序列中不超过指定数量的连续位相同,使用基本x的值初始化第一和第二寄存器,其为 由此第一和第二寄存器保持相应的第一和第二值,其在计算期间连续地依次计算第一和第二值的乘积中的每个位,取决于该位是否为一个 或零,选择第一和第二寄存器之一,并将产品存储在所选择的一个寄存器中,由此第一和第二寄存器在序列完成时保持相应的第一和第二最终值,并且基于第一和第二寄存器返回xd 和第二个最终值。 还描述了相关装置和方法。
-
公开(公告)号:US08364947B2
公开(公告)日:2013-01-29
申请号:US12087037
申请日:2007-01-22
申请人: Yaacov Belenky
发明人: Yaacov Belenky
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , H04L9/0822 , H04L9/14
摘要: A method for securing encryption keys includes providing two device, each including secure and insecure hardware, generating in each secure hardware at least two period keys stored in the secure hardware, generating in each secure hardware a plurality of session keys stored in either secure or insecure hardware on the generating device, for each secure hardware, encrypting at least one of the generated plurality of session keys according to a first of the two period keys included in each secure hardware, encrypting at least one of the plurality of session keys generated in each device according to a second of the two period keys included in each secure hardware, when a session is established between the two devices, decrypting one encrypted session key in each device, and establishing an encrypted session between both devices, where the period keys included in both devices are periodically regenerated.
摘要翻译: 一种用于确保加密密钥的方法包括提供两个设备,每个设备包括安全和不安全的硬件,在每个安全硬件中产生存储在安全硬件中的至少两个周期密钥,在每个安全硬件中产生以安全或不安全的方式存储的多个会话密钥 对于每个安全硬件,生成装置上的硬件根据包括在每个安全硬件中的两个周期密钥中的第一个密钥来加密生成的多个会话密钥中的至少一个,对每个安全硬件中生成的多个会话密钥中的至少一个会话密钥进行加密, 当在两个设备之间建立会话时,根据包括在每个安全硬件中的两个周期密钥中的第二个密钥的设备,解密每个设备中的一个加密的会话密钥,以及在两个设备之间建立加密会话,其中包括 两个设备都被定期再生。
-
-
-
-
-
-
-
-
-
搜索结果
43 条记录 (耗时 0.016 秒)
