-
公开(公告)号:US09727722B2
公开(公告)日:2017-08-08
申请号:US14628854
申请日:2015-02-23
Applicant: Cisco Technology, Inc.
Inventor: Anthony H. Grieco , Chirag Shroff
IPC: G06F21/45 , G01R31/3185
CPC classification number: G06F21/45 , G01R31/318588
Abstract: A technique for detecting unauthorized manipulation of a circuit. In one embodiment, a test data channel of a boundary scan system of a circuit is monitored while the circuit is in operation. By monitoring the test data channel, a monitoring module determines the presence of a signal on the test data channel. During operation, activity on this channel may represent a potential unauthorized manipulation attempt. An alarm condition may therefore be created if a signal is detected.
-
公开(公告)号:US20140344581A1
公开(公告)日:2014-11-20
申请号:US13895552
申请日:2013-05-16
Applicant: Cisco Technology, Inc.
Inventor: Anthony H. Grieco , Chirag Shroff
CPC classification number: H04L9/14 , G09C1/00 , H04L9/06 , H04L9/30 , H04L9/3247
Abstract: Techniques are provided for securely upgrading a field programmable circuit, e.g., a Field Programmable Gate Array (FPGA), in a device that has been deployed to a customer site. A plurality of keys is stored in the device, e.g., public, private, and/or symmetric keys. The keys are used to authenticate and decrypt a newly received FPGA software image upgrade. The image upgrade is re-encrypted using one of the stored keys and stored in the computing device. The device is booted and the encrypted image upgrade is loaded into the field programmable circuit. The encrypted image upgrade is decrypted to obtain the image upgrade for execution on the field programmable circuit.
Abstract translation: 提供了技术,用于将已部署到客户现场的设备中的现场可编程电路(例如现场可编程门阵列(FPGA))安全地升级。 多个密钥存储在设备中,例如公共,私有和/或对称密钥。 密钥用于验证和解密新接收的FPGA软件映像升级。 图像升级使用存储的一个密钥重新加密并存储在计算设备中。 启动设备,将加密的映像升级加载到现场可编程电路中。 加密的图像升级被解密以获得图像升级以便在现场可编程电路上执行。
-
公开(公告)号:US20240184890A1
公开(公告)日:2024-06-06
申请号:US18239607
申请日:2023-08-29
Applicant: Cisco Technology, Inc.
Inventor: Sachin Agarwal , Srirajkumar Sundararaman , Aviran Kadosh , Samir Valjibhai Rajgor , Chirag Shroff , Kevin Shyh-Kang Chang , Dylan Walker
CPC classification number: G06F21/575 , G06F21/44
Abstract: A method of operating a system-on-chip (SOC) including decrypting, by isolated Root of Trust (RoT) code, a Stock Keeping Unit (SKU) license code from a host during bootup of a device. Then validating, by the isolated RoT code, the SKU license code with firmware and at least one built-in key of a plurality of built-in keys from secure storage. Finally, enabling or disabling, by the isolated RoT code, at least one feature set of a plurality of feature sets comprising resources configured at the SOC based on at least one SKU license code which has been decrypted by isolated RoT code using at least one built-in key and authenticated by firmware.
-
公开(公告)号:US20220385462A1
公开(公告)日:2022-12-01
申请号:US17335194
申请日:2021-06-01
Applicant: Cisco Technology, Inc.
Inventor: Chirag Shroff , David McGrew
Abstract: According to certain embodiments, a method comprises receiving an encrypted value from a trust anchor. The encrypted value is received by a hardware component, and the encrypted value is associated with a posture assessment in which the trust anchor determines whether the hardware component is authorized to run on a product. The method further comprises obtaining a random value (K) based on decrypting the encrypted value. The decrypting uses a long-term key associated with the hardware component. The method further comprises communicating an encrypted response to the trust anchor. The encrypted response is encrypted using the random value (K). The encrypted response enables the trust anchor to determine whether the hardware component is authorized to run on the product.
-
公开(公告)号:US10659234B2
公开(公告)日:2020-05-19
申请号:US15386120
申请日:2016-12-21
Applicant: Cisco Technology, Inc.
Inventor: Kannan Varadhan , Chirag Shroff , Rakesh Chopra
Abstract: In one embodiment, a computing device receives an image that has been signed with a first key, wherein the image includes a first computational value associated with it. A second computational value associated with the image is determined and the image is signed with a second key to produce a signed image that includes both the first and second computational values. Prior to loading the dual-signed image, the computing device attempts to authenticate the dual-signed image using both the first and second computational values, and, if successful, loads and installs the dual-signed image.
-
Patent Agency Ranking
公开(公告)号:US09934119B2
公开(公告)日:2018-04-03
申请号:US14060048
申请日:2013-10-22
Applicant: Cisco Technology, Inc.
Inventor: Anthony H. Grieco , Chirag Shroff
CPC classification number: G06F11/3062 , G06F11/3031 , G06F11/3093 , G06F21/575 , G06F21/81
Abstract: Techniques are provided for monitoring power consumption for individual systems or devices as a way to detect illicit or rogue hardware, e.g., addition of an unauthorized integrated circuit (IC), which may have been added to an existing system. Techniques include monitoring a power on sequence of a system, the power on sequence including one or more distinct stages, determining for each stage of the one or more distinct stages of the power on sequence, whether an observed power load of any distinct stage has deviated from an expected power load according to a power profile for the system, and when the observed power load of a given distinct stage has deviated from the expected power load, performing an action indicating that a deviation from the expected power load has occurred. The power profile specifies expected power characteristics of the system for each stage of a power on sequence.
-
公开(公告)号:US12254123B2
公开(公告)日:2025-03-18
申请号:US17335245
申请日:2021-06-01
Applicant: Cisco Technology, Inc.
Inventor: Chirag Shroff , David McGrew
Abstract: According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and receiving, from the hardware component, a message encrypted using the random value (K). The message comprises an identifier associated with the hardware component. Performing the posture assessment further comprises determining whether the hardware component is authorized to run on the product based at least in part on the identifier associated with the hardware component. The method further comprises performing an action that depends on whether the hardware component is authorized to run on the product.
-
公开(公告)号:US11816219B2
公开(公告)日:2023-11-14
申请号:US17335156
申请日:2021-06-01
Applicant: Cisco Technology, Inc.
Inventor: Chirag Shroff , David McGrew
CPC classification number: G06F21/57 , H04L9/0869 , G06F2221/034
Abstract: According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.
-
公开(公告)号:US20200320200A1
公开(公告)日:2020-10-08
申请号:US16378068
申请日:2019-04-08
Applicant: Cisco Technology, Inc.
Inventor: Chandan Singh , Chandrashekar Sodankoor , Chirag Shroff , Gregory James Waldschmidt
IPC: G06F21/57 , G06F8/65 , G06F9/4401
Abstract: Presented herein are methodologies for securing BIOS/bootloader function including booting a computer system from a BIOS image stored in a first boot flash device, detecting an indication of a pending BIOS upgrade, in response to detecting the indication of a pending BIOS upgrade, accessing an upgraded BIOS image stored on a second boot flash device, validating a version of the upgraded BIOS image, authenticating the upgraded BIOS image using a signature stored in a first region of the second boot flash device, when the version of the upgraded BIOS image is validated, and the upgraded BIOS image is authenticated, writing the signature to a second region of the second boot flash device that is different from the first region, locking the second region of the second boot flash device, and rebooting the computer system from the second boot flash device.
-
公开(公告)号:US20180157572A1
公开(公告)日:2018-06-07
申请号:US15891868
申请日:2018-02-08
Applicant: Cisco Technology, Inc.
Inventor: Anthony H. Grieco , Chirag Shroff
CPC classification number: G06F11/3062 , G06F11/3031 , G06F11/3093 , G06F21/575 , G06F21/81
Abstract: Techniques are provided for monitoring power consumption for individual systems or devices as a way to detect illicit or rogue hardware, e.g., addition of an unauthorized integrated circuit (IC), which may have been added to an existing system. Techniques include monitoring a power on sequence of a system, the power on sequence including one or more distinct stages, determining for each stage of the one or more distinct stages of the power on sequence, whether an observed power load of any distinct stage has deviated from an expected power load according to a power profile for the system, and when the observed power load of a given distinct stage has deviated from the expected power load, performing an action indicating that a deviation from the expected power load has occurred. The power profile specifies expected power characteristics of the system for each stage of a power on sequence.
-
-
-
-
-
-
-
-
-
Search Results
27
records
(took 0.016 seconds)
