公开(公告)号：US11757617B2

公开(公告)日：2023-09-12

申请号：US17122310

申请日：2020-12-15

Applicant: Cryptography Research, Inc.

Inventor： Sami James Saab ,  Pankaj Rohatgi ,  Craig E. Hampel

IPC: H04L9/00 ,  G06F21/55 ,  G06F9/30 ,  H04L9/08 ,  H04L9/06

CPC classification number: H04L9/002 ,  G06F9/30007 ,  G06F21/556 ,  H04L9/003 ,  H04L9/0822 ,  H04L9/0631 ,  H04L2209/12

Abstract: Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting a state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.

公开(公告)号：US20200021426A1

公开(公告)日：2020-01-16

申请号：US16519330

申请日：2019-07-23

Applicant: Cryptography Research, Inc.

Inventor： Sami James Saab ,  Pankaj Rohatgi ,  Craig E. Hampel

IPC: H04L9/00 ,  H04L9/08 ,  G06F9/30 ,  G06F21/55

Abstract: Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting a state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.

公开(公告)号：US20160315760A1

公开(公告)日：2016-10-27

申请号：US15135024

申请日：2016-04-21

Applicant: Cryptography Research, Inc.

Inventor： Christopher Gori ,  Pankaj Rohatgi

IPC: H04L9/00 ,  G06F21/75 ,  G06F21/72

CPC classification number: H04L9/003 ,  G06F21/755 ,  G09C1/00 ,  H04L2209/08

Abstract: Input signals may be received. Furthermore, a control signal controlling the implementation of a Differential Power Analysis (DPA) countermeasure may be received. One of the input signals may be transmitted as an output signal based on the control signal. A cryptographic operation may be performed based on the first output signal that is transmitted based on the control signal.

Abstract translation: 可以接收输入信号。 此外，可以接收控制差分功率分析（DPA）对策的实现的控制信号。 可以基于控制信号将输入信号之一作为输出信号发送。 可以基于基于控制信号发送的第一输出信号来执行加密操作。

公开(公告)号：US09367693B2

公开(公告)日：2016-06-14

申请号：US14752677

申请日：2015-06-26

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: H04L9/32 ,  G06F21/57 ,  G06F21/60 ,  H04L9/00 ,  H04L9/08 ,  G06F12/14 ,  H04L9/06 ,  H04L9/16 ,  G06F9/445 ,  G06F21/76 ,  G06F9/44 ,  H04L29/06

CPC classification number: G06F21/575 ,  G06F8/71 ,  G06F9/44505 ,  G06F12/1408 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F21/76 ,  G06F2212/402 ,  G06F2221/034 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2145 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/24 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2463/061

Abstract: A bitstream for configuration of a programmable logic device is received, the bitstream comprising a data segment and authentication data associated with the data segment. The programmable logic device computes a hash of the data segment. The programmable logic device compares the computed hash of the data segment with the authentication data. Configuration of the programmable logic device halts responsive to a determination that the computed hash of the data segment does not match the authentication data. Configuration of the programmable logic device using the data segment continues responsive to a determination that the computed hash of the data segment matches the authentication data.

Abstract translation: 接收用于配置可编程逻辑设备的比特流，所述比特流包括与所述数据段相关联的数据段和认证数据。 可编程逻辑器件计算数据段的散列。 可编程逻辑设备将计算出的数据段的散列与认证数据进行比较。 可编程逻辑设备的配置响应于所计算的数据段的散列与认证数据不匹配的确定停止。 使用数据段的可编程逻辑设备的配置继续响应于所计算的数据段的散列与认证数据匹配的确定。

公开(公告)号：US11797683B2

公开(公告)日：2023-10-24

申请号：US17382333

申请日：2021-07-21

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: G06F21/57 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32 ,  G06F21/55 ,  H04L9/00 ,  G06F12/14 ,  H04L9/06 ,  H04L9/16 ,  G06F9/445 ,  G06F21/76 ,  G06F8/71 ,  H04L9/40 ,  G06F21/75

CPC classification number: G06F21/575 ,  G06F8/71 ,  G06F9/44505 ,  G06F12/1408 ,  G06F21/556 ,  G06F21/602 ,  G06F21/76 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/085 ,  H04L9/088 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3271 ,  G06F21/755 ,  G06F2212/402 ,  G06F2221/034 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2145 ,  H04L9/50 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/24 ,  H04L2209/56 ,  H04L2463/061

Abstract: A method for performing a security chip protocol comprises receiving, by processing hardware of a security chip, a message from a first device as part of performing the security chip protocol. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware determines a path through a key tree based at least in part on the message. The processing hardware derives a validator at least in part from the secret value using a sequence of entropy redistribution operations associated with the path through the key tree. The processing hardware exchanges the validator between the security chip and the first device as part of the security chip protocol in order to authenticate at least one of the security chip or the first device.

公开(公告)号：US10382193B2

公开(公告)日：2019-08-13

申请号：US15311741

申请日：2015-05-15

Applicant: Cryptography Research, Inc.

Inventor： Sami James Saab ,  Pankaj Rohatgi ,  Craig E. Hampel

IPC: G06F9/30 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  G06F21/55

Abstract: Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting an internal state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.

公开(公告)号：US10262141B2

公开(公告)日：2019-04-16

申请号：US15395809

申请日：2016-12-30

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: G06F8/71 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/16 ,  H04L9/32 ,  G06F12/14 ,  G06F21/55 ,  G06F21/57 ,  G06F21/60 ,  G06F21/75 ,  G06F21/76 ,  G06F9/445 ,  H04L29/06

Abstract: A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

公开(公告)号：US09940463B2

公开(公告)日：2018-04-10

申请号：US15691601

申请日：2017-08-30

Applicant: Cryptography Research, Inc.

Inventor： Paul Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: H04L9/32 ,  G06F21/57 ,  G06F9/445 ,  H04L9/16 ,  H04L9/08 ,  G06F12/14 ,  H04L9/00 ,  G06F21/60 ,  G06F21/76 ,  H04L9/06 ,  G06F9/44 ,  H04L29/06 ,  G06F21/75

CPC classification number: G06F21/575 ,  G06F8/71 ,  G06F9/44505 ,  G06F12/1408 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F21/76 ,  G06F2212/402 ,  G06F2221/034 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2145 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/24 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2463/061

Abstract: A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

公开(公告)号：US09569623B2

公开(公告)日：2017-02-14

申请号：US14617437

申请日：2015-02-09

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: H04L9/00 ,  G06F21/57 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32 ,  G06F12/14 ,  H04L9/06 ,  H04L9/16 ,  G06F9/445 ,  G06F21/76 ,  G06F9/44 ,  G06F21/55 ,  H04L29/06

CPC classification number: G06F21/575 ,  G06F8/71 ,  G06F9/44505 ,  G06F12/1408 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F21/76 ,  G06F2212/402 ,  G06F2221/034 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2145 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/24 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2463/061

Abstract: A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

Abstract translation: 计算设备包括用于存储秘密值的安全存储硬件和包括高速缓存或存储器中的至少一个的处理硬件。 在安全引导过程期间，处理硬件将不可信数据加载到处理硬件的高速缓存或存储器中的至少一个中，不可信数据包括加密数据段和验证器，从安全存储硬件检索秘密值， 至少部分地基于与加密数据段和秘密值相关联的标识符的初始密钥，使用验证器来验证加密数据段是否已经被修改，并且使用从第一解密密钥导出的第一解密密钥来解密加密数据段 响应于验证加密的数据段未被修改来产生解密的数据段的初始密钥。

公开(公告)号：US08977864B2

公开(公告)日：2015-03-10

申请号：US14201539

申请日：2014-03-07

Applicant: Cryptography Research, Inc.

Inventor： Paul C. Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: H04L9/32 ,  H04L9/00 ,  H04L9/08 ,  G06F21/60 ,  G06F12/14 ,  H04L29/06

CPC classification number: G06F21/575 ,  G06F8/71 ,  G06F9/44505 ,  G06F12/1408 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F21/76 ,  G06F2212/402 ,  G06F2221/034 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2145 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/24 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2463/061

Abstract: Techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments.

Abstract translation: 技术可以由设备加密和解密敏感数据，以提供安全性从外部监视攻击。 加密设备可以访问解密设备也是已知的基本密钥加密值（密钥）。 敏感数据被分解为段，并且每个段用来自基本密钥的单独的加密密钥和消息标识符加密，以创建一组加密的段。 加密设备使用基本秘密加密值来创建验证器，证明该消息标识符的加密段由具有访问基本密钥的设备创建。 解密装置在接收到加密的段和验证器时，使用验证器来验证消息标识符，并且加密段未被修改，然后使用从基本密钥和消息标识符导出的加密密钥来解密段。