-
公开(公告)号:US09992031B2
公开(公告)日:2018-06-05
申请号:US14040337
申请日:2013-09-27
申请人: Intel Corporation
发明人: Kevin Gotze , Gregory Iovino , David Johnston , Patrick Koeberl , Jiangtao Li , Wei Wu
CPC分类号: H04L9/34 , G09C1/00 , H04L9/0866 , H04L9/3278 , H04L2209/12
摘要: Embodiments of an invention for using dark bits to reduce physically unclonable function (PUF) error rates are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and dark bit logic. The PUF cell array is to provide a raw PUF value. The dark bit logic is to select PUF cells to mark as dark bits and to generate a dark bit mask based on repeated testing of the PUF cell array.
-
公开(公告)号:US09390291B2
公开(公告)日:2016-07-12
申请号:US13730829
申请日:2012-12-29
申请人: Intel Corporation
发明人: George W. Cox , David Johnston , Jiangtao Li , Anand Rajan
CPC分类号: G06F21/72 , G06F21/52 , G06F21/73 , G09C1/00 , H04L9/0866 , H04L2209/12
摘要: A processor of an aspect includes root key generation logic to generate a root key. The root key generation logic includes a source of static and entropic bits. The processor also includes key derivation logic coupled with the root key generation logic. The key derivation logic is to derive one or more keys from the root key. The processor also includes cryptographic primitive logic coupled with the root key generation logic. The cryptographic primitive logic is to perform cryptographic operations. The processor also includes a security boundary containing the root key generation logic, the key derivation logic, and the cryptographic primitive logic. Other processors, methods, and systems are also disclosed.
摘要翻译: 一方面的处理器包括生成根密钥的根密钥生成逻辑。 根密钥生成逻辑包括静态和熵位的源。 处理器还包括与根密钥生成逻辑耦合的密钥导出逻辑。 密钥推导逻辑是从根密钥导出一个或多个密钥。 处理器还包括与根密钥生成逻辑耦合的加密原语逻辑。 加密原语逻辑是执行加密操作。 处理器还包括包含根密钥生成逻辑,密钥导出逻辑和密码原语逻辑的安全边界。 还公开了其他处理器,方法和系统。
-
公开(公告)号:US20140218067A1
公开(公告)日:2014-08-07
申请号:US13997268
申请日:2013-01-16
申请人: Intel Corporation
发明人: Jiangtao Li , Patrick Koeberl , Sanu K. Mathew , Wei Wu
IPC分类号: H03K19/177
CPC分类号: H03K19/17768 , G06F21/72 , H04L9/3247 , H04L9/3278
摘要: A physically unclonable function (PUF) includes a plurality of PUF elements to generate an N-bit PUF signature. For each bit in the N-bit PUF signature, a PUF group of K number of individual PUF elements indicating a single-bit PUF value is used to generate a group bit. The group bits are more repeatable than the individual PUF elements. The value K may be selected such that (K+1)/2 is an odd number.
摘要翻译: 物理上不可克隆的功能(PUF)包括多个PUF元件以产生N位PUF签名。 对于N位PUF签名中的每个比特,使用指示单位PUF值的K个个体PUF元素的PUF组来生成组比特。 组位比PUF单个元件更可重复。 可以选择值K使得(K + 1)/ 2是奇数。
-
公开(公告)号:US09742563B2
公开(公告)日:2017-08-22
申请号:US13631512
申请日:2012-09-28
申请人: Intel Corporation
发明人: Kevin C. Gotze , Gregory M. Iovino , Jiangtao Li
CPC分类号: H04L9/0866 , H04L9/3278
摘要: A method, of an aspect, includes challenging a set of Physically Unclonable Function (PUF) cells, of an integrated circuit device, and receiving a set of PUF bits from the PUF cells in response. A PUF key is generated based on the set of PUF bits. An encryption of the PUF key with an embedded key is output from the integrated circuit device. The integrated circuit device receives an encryption of a fuse key with the PUF key. Fuses of the integrated circuit device are programmed with at least one of the fuse key and the received encryption of the fuse key with the PUF key. Other methods, apparatus, and systems are also disclosed.
-
公开(公告)号:US09608825B2
公开(公告)日:2017-03-28
申请号:US14542491
申请日:2014-11-14
申请人: Intel Corporation
CPC分类号: H04L9/3234 , G06F21/57 , G06F21/64 , H04L9/0861 , H04L9/0866 , H04L9/14 , H04L9/3263 , H04L2209/127
摘要: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.
-
公开(公告)号:US09407435B2
公开(公告)日:2016-08-02
申请号:US14126469
申请日:2013-09-30
申请人: Intel Corporation
发明人: Jiangtao Li , Jesse Walker
CPC分类号: H04L9/0866 , G06F21/60
摘要: In an embodiment, an apparatus includes a processor including a first core. The first core includes multi-biometric logic to output first biometric data wi (i=1 to n, n≧2), each wi determined based on a corresponding one of first biometric input Mi (i=1 to n, n≧2) received during a first time period. The apparatus also includes setup logic to transform a cryptographic key k via a transformation that uses the first biometric data wi, where transformation of the cryptographic key k results in output of helper data hi (i=1 to n). Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,一种装置包括包括第一核的处理器。 第一核心包括用于输出第一生物特征数据wi(i = 1至n,n≥2)的多生物统计学逻辑,每个wi基于第一生物特征输入Mi(i = 1至n,n≥2)中相应的一个确定, 在第一时期收到。 该装置还包括通过使用第一生物特征数据wi的变换来加密密钥k的设置逻辑,其中密码密钥k的变换导致帮助数据hi(i = 1至n)的输出。 描述和要求保护其他实施例。
-
7.发明授权Method of anonymous entity authentication using group-based anonymous signatures 有权使用基于组的匿名签名的匿名实体身份验证方法公开(公告)号:US09344284B2
公开(公告)日:2016-05-17
申请号:US14077772
申请日:2013-11-12
申请人: Intel Corporation
发明人: Jesse Walker , Jiangtao Li
CPC分类号: H04L9/3273 , H04L9/0838 , H04L9/0844 , H04L9/3247 , H04L9/3255 , H04L9/3268 , H04L2209/42
摘要: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).
摘要翻译: 提出匿名认证和密钥交换的方法。 在一个实施例中,一种方法包括在第一实体和第二实体之间发起双向相互认证。 执行验证后,第一个实体对第二个实体保持匿名。 该方法还包括建立相互共享的会话密钥,用于实体之间的安全通信,其中启动和建立结合直接匿名认证(DAA)。
-
公开(公告)号:US09043604B2
公开(公告)日:2015-05-26
申请号:US13987807
申请日:2013-09-05
申请人: Intel Corporation
发明人: Ernest F. Brickell , Shay Gueron , Jiangtao Li , Carlos V. Rozas , Daniel Nemiroff , Vincent R. Scarlata , Uday R. Savagaonkar , Simon P. Johnson
CPC分类号: H04L9/0816 , G06F21/572 , G06F21/73
摘要: Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.
摘要翻译: 用于在平台中提供安全性的键控材料可以安全地在线和离线地配置到远程平台中的设备。 密钥材料的安全配置基于安装在平台中的固件的修订版本。
-
9.发明授权Device authentication using a physically unclonable functions based key generation system 有权使用物理上不可克隆的功能的密钥生成系统进行设备认证公开(公告)号:US08938792B2
公开(公告)日:2015-01-20
申请号:US13730469
申请日:2012-12-28
申请人: Intel Corporation
发明人: Patrick Koeberl , Jiangtao Li
CPC分类号: G06F21/70 , G06F21/44 , G06F21/73 , G09C1/00 , H04L9/0866 , H04L2209/12
摘要: At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails.
摘要翻译: 提供了至少一个具有存储在其上用于认证硬件设备的指令的机器可访问介质。 当处理器执行时,指令使处理器从硬件设备上的物理不可克隆功能(PUF)接收两个或多个设备密钥,从两个或多个设备密钥生成设备标识符,从硬件获得设备证书 设备,执行设备标识符的验证,并提供设备标识符验证的结果。 在更具体的实施例中,指令使处理器执行设备证书中的数字签名的验证并提供数字签名验证的结果。 如果设备标识符验证和数字签名验证中的至少一个失败,则硬件设备可能被拒绝。
-
10.发明授权Fuse attestation to secure the provisioning of secret keys during integrated circuit manufacturing 有权保险丝证明在集成电路制造期间确保秘密密钥的供应公开(公告)号:US08885819B2
公开(公告)日:2014-11-11
申请号:US13728375
申请日:2012-12-27
申请人: Intel Corporation
发明人: Kevin C. Gotze , Jiangtao Li , Gregory M. Iovino
CPC分类号: G06F21/73 , G06F21/44 , G09C1/00 , H04L9/0861 , H04L9/0866 , H04L9/3278
摘要: Embodiments of an invention for fuse attestation to secure the provisioning of secret keys during integrated circuit manufacturing are disclosed. In one embodiment, an apparatus includes a storage location, a physically unclonable function (PUF) circuit, a PUF key generator, an encryption unit, and a plurality of fuses. The storage location is to store a configuration fuse value. The PUF circuit is to provide a PUF value. The PUF key generator is to generate a PUF key based on the PUF value. The encryption unit is to encrypt the configuration fuse value using the PUF key. The PUF key and the configuration fuse value are to be provided to a key server. The key server is to determine that the configuration fuse value indicates that the apparatus is a production component, and, in response, provide a fuse key to be stored in the plurality of fuses.
摘要翻译: 公开了用于在集成电路制造期间确保秘密密钥供应的熔丝证明的发明的实施例。 在一个实施例中,一种装置包括存储位置,物理上不可克隆功能(PUF)电路,PUF密钥发生器,加密单元和多个保险丝。 存储位置是存储配置熔丝值。 PUF电路提供PUF值。 PUF密钥生成器基于PUF值生成PUF密钥。 加密单元使用PUF密钥加密配置熔丝值。 PUF键和配置保险丝值将提供给密钥服务器。 密钥服务器是确定配置熔丝值表示该设备是生产部件,并且作为响应,提供要存储在多个保险丝中的熔丝钥匙。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.025 秒)
