公开(公告)号：US09940463B2

公开(公告)日：2018-04-10

申请号：US15691601

申请日：2017-08-30

Applicant: Cryptography Research, Inc.

Inventor： Paul Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: H04L9/32 ,  G06F21/57 ,  G06F9/445 ,  H04L9/16 ,  H04L9/08 ,  G06F12/14 ,  H04L9/00 ,  G06F21/60 ,  G06F21/76 ,  H04L9/06 ,  G06F9/44 ,  H04L29/06 ,  G06F21/75

CPC classification number: G06F21/575 ,  G06F8/71 ,  G06F9/44505 ,  G06F12/1408 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F21/76 ,  G06F2212/402 ,  G06F2221/034 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2145 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/24 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2463/061

Abstract: A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

公开(公告)号：US12050719B2

公开(公告)日：2024-07-30

申请号：US17321089

申请日：2021-05-14

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael Alexander Hamburg ,  Paul Kocher

IPC: G06F21/62 ,  G06F9/4401 ,  G06F21/44 ,  G06F21/45 ,  G06F21/52 ,  G06F21/57 ,  G06F21/60

CPC classification number: G06F21/6281 ,  G06F9/4418 ,  G06F21/44 ,  G06F21/45 ,  G06F21/52 ,  G06F21/57 ,  G06F21/602

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US20210357532A1

公开(公告)日：2021-11-18

申请号：US17321089

申请日：2021-05-14

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael Alexander Hamburg ,  Paul Kocher

IPC: G06F21/62 ,  G06F21/45 ,  G06F21/60 ,  G06F9/4401 ,  G06F21/52 ,  G06F21/44 ,  G06F21/57

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US10417453B2

公开(公告)日：2019-09-17

申请号：US15372307

申请日：2016-12-07

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael Alexander Hamburg ,  Paul Kocher

IPC: G06F9/4401 ,  G06F21/62 ,  G06F21/45 ,  G06F21/60 ,  G06F21/52

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US11010494B2

公开(公告)日：2021-05-18

申请号：US16566391

申请日：2019-09-10

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael Alexander Hamburg ,  Paul Kocher

IPC: G06F21/52 ,  G06F21/62 ,  G06F21/45 ,  G06F21/60 ,  G06F9/4401 ,  G06F21/44 ,  G06F21/57

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US20180004957A1

公开(公告)日：2018-01-04

申请号：US15691601

申请日：2017-08-30

Applicant: Cryptography Research, Inc.

Inventor： Paul Kocher ,  Pankaj Rohatgi ,  Joshua M. Jaffe

IPC: G06F21/57 ,  G06F9/44 ,  G06F9/445 ,  G06F12/14 ,  G06F21/60 ,  H04L9/00 ,  H04L9/06 ,  H04L9/32 ,  H04L9/16 ,  H04L9/08 ,  G06F21/76 ,  H04L29/06 ,  G06F21/75

CPC classification number: G06F21/575 ,  G06F8/71 ,  G06F9/44505 ,  G06F12/1408 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F21/76 ,  G06F2212/402 ,  G06F2221/034 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2145 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0869 ,  H04L2209/24 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2463/061

Abstract: A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.