公开(公告)号：US20220196734A1

公开(公告)日：2022-06-23

申请号：US17127846

申请日：2020-12-18

Applicant: Arm Limited

Inventor： Richard Andrew Paterson ,  Rainer Herberholz ,  Peter Andrew Rees Williams ,  Oded Golombek ,  Einat Luko ,  Jeffrey Scott Boyer

IPC: G01R31/3177 ,  G01R31/317

Abstract: Disclosed are methods, systems and devices for implementing built-in self-test (BIST) to be performed by an untrusted party and/or in an unsecure testing environment. In an embodiment, a test access port (TAP) on a device may enable a party to initiate execution of one or more BIST procedures on the device. Additionally, such a TAP may enable loading of encrypted instructions to be executed by one or more processors formed on a device under test.

公开(公告)号：US11797714B2

公开(公告)日：2023-10-24

申请号：US16722459

申请日：2019-12-20

Applicant: Arm Limited

Inventor： Michael Weiner ,  Robert John Harrison ,  Oded Golombek ,  Yoav Asher Levy

IPC: G06F21/75 ,  G06F21/78 ,  G06F9/54 ,  G06F30/327 ,  G06F30/396 ,  G06F30/347

CPC classification number: G06F21/755 ,  G06F9/542 ,  G06F21/78 ,  G06F30/327 ,  G06F30/347 ,  G06F30/396

Abstract: Security measures for signal paths with tree structures can be implemented at design phase using an EDA software program or tool with security feature functionality that, when executed by a computing system, directs the computing system to: display a canvas through which components of a circuit are arranged; and provide a menu of commands, including an option to add components from a library to the canvas and an option to secure a tree. In response to receiving a selection of the option to secure the tree, the system can be directed to add a hardware countermeasure coupled to at least two lines or terminal nodes of a tree structure identified from components on the canvas or in a netlist corresponding to a circuit's design.

公开(公告)号：US11461505B2

公开(公告)日：2022-10-04

申请号：US16656362

申请日：2019-10-17

Applicant: Arm Limited

Inventor： Michael Weiner ,  Oded Golombek ,  David Yellin

IPC: G06F21/62 ,  H04L9/06 ,  G06F15/16 ,  G06F21/36 ,  G06F21/75 ,  G06F9/448 ,  G06F21/60

Abstract: A method for obfuscation of operations using minimal additional hardware is presented herein. The method can begin by executing a first iteration of a set of computations, the execution of the set of computations resulting in a first iteration output. The method can continue by executing a second iteration of the set of computations, wherein the second execution is distinct from the first iteration but should satisfy a matching condition. The distinction can be a rearrangement of sub-operations, insertion of dummy sub-operations, or a combination of the two. After the iterations are complete, the iteration outputs can be compared. If the comparison of the first iteration output and the second iteration output satisfy the matching condition, the process result can be output. If the matching condition is not satisfied, an error detected signal can be output.

公开(公告)号：US11456855B2

公开(公告)日：2022-09-27

申请号：US16656388

申请日：2019-10-17

Applicant: Arm Limited

Inventor： Michael Weiner ,  Oded Golombek ,  Harel Adani

IPC: H04L9/00 ,  G06F21/60 ,  G06F21/85 ,  G06F7/58

Abstract: A method for obfuscating data at-transit can include receiving a request for communicating data, determining a sequence of data at-transit for a window of time; and providing the sequence of the data at transit for performing communications across interconnect to another component. The described method can be carried out by an obfuscation engine implemented in an electronic system such as within a secure element. A secure element can include a processor and a memory. The obfuscation engine can be part of the processor, part of the memory, or a stand-alone component.

公开(公告)号：US11734009B2

公开(公告)日：2023-08-22

申请号：US15996843

申请日：2018-06-04

Applicant: ARM Limited

Inventor： Oded Golombek ,  Nimrod Diamant

IPC: G06F21/60 ,  G06F16/23 ,  G06F21/64 ,  G06F21/78 ,  G06F8/65 ,  G06F9/38

CPC classification number: G06F9/3802 ,  G06F16/2365 ,  G06F21/602 ,  G06F21/64 ,  G06F21/78 ,  G06F8/65

Abstract: A data processing system comprises fetch circuitry to fetch data as a sequence of blocks of data from a memory. Processing circuitry comprising a plurality of processing pipelines performs at least partially temporally overlapping processing by at least two processes so as to produce respective results for the combined sequence of blocks, i.e. the processing of the data is performed on a block-by-block process at least partially in parallel by the two processing pipelines. The processes performed may comprise a cryptographic hash processing operation performing verification of the data file and a AES MAC process serving to re-signature the data file.

公开(公告)号：US11550733B2

公开(公告)日：2023-01-10

申请号：US16918938

申请日：2020-07-01

Applicant: Arm Limited

Inventor： Richard Andrew Paterson ,  Rainer Herberholz ,  Peter Andrew Rees Williams ,  Oded Golombek ,  Einat Luko

IPC: G06F12/14 ,  G06F21/53 ,  G06F21/56 ,  G06F21/75 ,  G06F21/76

Abstract: Disclosed are methods, systems and devices for storing states in a memory in support of applications residing in a trusted execution environment (TEE). In an implementation, one or more memory devices accessible by a memory controller may be shared between and/or among processes in an untrusted execution environment (UEE) and a TEE.

公开(公告)号：US11030065B2

公开(公告)日：2021-06-08

申请号：US16190335

申请日：2018-11-14

Applicant: Arm Limited

Inventor： Kar-Lik Kasim Wong ,  Alessandro Renzi ,  Michael Weiner ,  Avi Shif ,  Oded Golombek

IPC: G06F11/277 ,  G06F7/58 ,  H04L9/00

Abstract: Aspects of the present disclosure relate to an apparatus comprising analogue circuitry comprising an entropy source, the entropy source being configured to provide a random output. The apparatus comprises first digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, and second digital circuitry to receive the output of the entropy source and, based on said output, generate random numbers, the second digital circuitry being a duplicate of the first digital circuitry. The apparatus comprises difference detection circuitry to determine a difference of operation between the first digital circuitry and the second digital circuitry. Each of the first digital circuitry and the second digital circuitry comprises entropy checking circuitry to check the entropy of the output of the entropy source.

公开(公告)号：US12229324B2

公开(公告)日：2025-02-18

申请号：US18371045

申请日：2023-09-21

Applicant: Arm Limited

Inventor： Michael Weiner ,  Robert John Harrison ,  Oded Golombek ,  Yoav Asher Levy

IPC: G06F21/75 ,  G06F9/54 ,  G06F21/78 ,  G06F30/327 ,  G06F30/347 ,  G06F30/396

Abstract: Security measures for signal paths with tree structures can be implemented at design phase using an EDA software program or tool with security feature functionality that, when executed by a computing system, directs the computing system to: display a canvas through which components of a circuit are arranged; and provide a menu of commands, including an option to add components from a library to the canvas and an option to secure a tree. In response to receiving a selection of the option to secure the tree, the system can be directed to add a hardware countermeasure coupled to at least two lines or terminal nodes of a tree structure identified from components on the canvas or in a netlist corresponding to a circuit's design.

公开(公告)号：US12099593B2

公开(公告)日：2024-09-24

申请号：US17245371

申请日：2021-04-30

Applicant: Arm Limited

Inventor： Oded Golombek ,  Einat Luko

IPC: G06F21/00 ,  G06F21/44 ,  G06F21/62

CPC classification number: G06F21/44 ,  G06F21/6209

Abstract: A method for authenticating an integrated circuit is provided. At an intellectual property facility, a random encryption key and a number of random input vectors are generated. For each input vector, the input vector is encrypted, based on the encryption key, to generate a corresponding output vector, and the input vector and the corresponding output vector are formed into an authentication vector pair. The encryption key is embedded into hardware description language instructions that define an integrated circuit that includes a cryptography engine. A number of authentication vector pairs is transmitted, via a secure communication link, to a semiconductor assembly and test facility. An input vector of an authentication vector pair is presented to the integrated circuit, which encrypts the input vector using the embedded encryption key. If the result matches the output vector of the authentication vector pair, the integrated circuit is determined to be authentic.

公开(公告)号：US20220350875A1

公开(公告)日：2022-11-03

申请号：US17245371

申请日：2021-04-30

Applicant: Arm Limited

Inventor： Oded Golombek ,  Einat Luko

IPC: G06F21/44 ,  G06F21/62

Abstract: A method for authenticating an integrated circuit is provided. At an intellectual property facility, a random encryption key and a number of random input vectors are generated. For each input vector, the input vector is encrypted, based on the encryption key, to generate a corresponding output vector, and the input vector and the corresponding output vector are formed into an authentication vector pair. The encryption key is embedded into hardware description language instructions that define an integrated circuit that includes a cryptography engine. A number of authentication vector pairs is transmitted, via a secure communication link, to a semiconductor assembly and test facility. An input vector of an authentication vector pair is presented to the integrated circuit, which encrypts the input vector using the embedded encryption key. If the result matches the output vector of the authentication vector pair, the integrated circuit is determined to be authentic.