-
1.发明授权Decryption systems and related methods for on-the-fly decryption within integrated circuits 有权解密系统及相关方法用于集成电路内的即时解密公开(公告)号:US09418246B2
公开(公告)日:2016-08-16
申请号:US14570706
申请日:2014-12-15
CPC分类号: G06F21/72 , G09C1/00 , H04L9/0637
摘要: Methods and systems are disclosed for on-the-fly decryption within an integrated circuit that adds zero additional cycles of latency within the overall decryption system performance. A decryption system within a processing system integrated circuit generates an encrypted counter value using an address while encrypted code associated with an encrypted software image is being obtained from an external memory using the address. The decryption system then uses the encrypted counter value to decrypt the encrypted code and to output decrypted code that can be further processed. A secret key and an encryption engine can be used to generate the encrypted counter value, and an exclusive-OR logic block can process the encrypted counter value and the encrypted code to generate the decrypted code. By pre-generating the encrypted counter value, additional cycle latency is avoided. Other similar data independent encryption/decryption techniques can also be used such as output feedback encryption/decryption modes.
摘要翻译: 公开了用于集成电路内的即时解密的方法和系统,其在整个解密系统性能中增加零个额外的延迟周期。 处理系统集成电路内的解密系统使用地址生成加密的计数器值,而使用该地址从外部存储器获得与加密的软件映像相关联的加密代码。 解密系统然后使用加密的计数器值来解密加密的代码并输出可进一步处理的解密代码。 可以使用秘密密钥和加密引擎来生成加密的计数器值,并且异或逻辑块可以处理加密的计数器值和加密的代码以生成解密的代码。 通过预生成加密的计数器值,避免了额外的周期延迟。 还可以使用其他类似的数据独立加密/解密技术,例如输出反馈加密/解密模式。
-
2.发明申请公开(公告)号:US20160173282A1
公开(公告)日:2016-06-16
申请号:US14570611
申请日:2014-12-15
CPC分类号: H04L9/0894 , H04L9/0822 , H04L2209/12
摘要: Methods and systems are disclosed for key management for on-the-fly hardware decryption within an integrated circuit. Encrypted information is received from an external memory and stored in an input buffer within the integrated circuit. The encrypted information includes one or more encrypted key blobs. The encrypted key blobs include one or more secret keys for encrypted code associated with one or more encrypted software images stored within the external memory. A key-encryption key (KEK) code for the encrypted key blobs is received from an internal data storage medium within the integrated circuit, and the KEK code is used to generate one or more key-encryption keys (KEKs). A decryption system then decrypts the encrypted key blobs using the KEKs to obtain the secret keys, and the decryption system decrypts the encrypted code using the secret keys. The resulting decrypted software code is then available for further processing.
摘要翻译: 公开了用于集成电路内的即时硬件解密的密钥管理的方法和系统。 从外部存储器接收加密信息并存储在集成电路内的输入缓冲器中。 加密的信息包括一个或多个加密的密钥块。 加密的密钥块包括用于与存储在外部存储器中的一个或多个加密软件图像相关联的加密代码的一个或多个秘密密钥。 从集成电路内的内部数据存储介质接收加密密钥块的密钥加密密钥(KEK)代码,并且使用KEK码生成一个或多个密钥加密密钥(KEK)。 然后,解密系统使用KEK解密加密的密钥块以获得秘密密钥,并且解密系统使用密钥对加密的密码进行解密。 所得到的解密的软件代码然后可用于进一步处理。
-
3.发明申请公开(公告)号:US20160171249A1
公开(公告)日:2016-06-16
申请号:US14570706
申请日:2014-12-15
CPC分类号: G06F21/72 , G09C1/00 , H04L9/0637
摘要: Methods and systems are disclosed for on-the-fly decryption within an integrated circuit that adds zero additional cycles of latency within the overall decryption system performance. A decryption system within a processing system integrated circuit generates an encrypted counter value using an address while encrypted code associated with an encrypted software image is being obtained from an external memory using the address. The decryption system then uses the encrypted counter value to decrypt the encrypted code and to output decrypted code that can be further processed. A secret key and an encryption engine can be used to generate the encrypted counter value, and an exclusive-OR logic block can process the encrypted counter value and the encrypted code to generate the decrypted code. By pre-generating the encrypted counter value, additional cycle latency is avoided. Other similar data independent encryption/decryption techniques can also be used such as output feedback encryption/decryption modes.
摘要翻译: 公开了用于集成电路内的即时解密的方法和系统,其在整个解密系统性能中增加零个额外的延迟周期。 处理系统集成电路内的解密系统使用地址生成加密的计数器值,而使用该地址从外部存储器获得与加密的软件映像相关联的加密代码。 解密系统然后使用加密的计数器值来解密加密的代码并输出可进一步处理的解密代码。 可以使用秘密密钥和加密引擎来生成加密的计数器值,并且异或逻辑块可以处理加密的计数器值和加密的代码以生成解密的代码。 通过预生成加密的计数器值,避免了额外的周期延迟。 还可以使用其他类似的数据独立加密/解密技术,例如输出反馈加密/解密模式。
-
公开(公告)号:US09729319B2
公开(公告)日:2017-08-08
申请号:US14570611
申请日:2014-12-15
CPC分类号: H04L9/0894 , H04L9/0822 , H04L2209/12
摘要: Methods and systems are disclosed for key management for on-the-fly hardware decryption within an integrated circuit. Encrypted information is received from an external memory and stored in an input buffer within the integrated circuit. The encrypted information includes one or more encrypted key blobs. The encrypted key blobs include one or more secret keys for encrypted code associated with one or more encrypted software images stored within the external memory. A key-encryption key (KEK) code for the encrypted key blobs is received from an internal data storage medium within the integrated circuit, and the KEK code is used to generate one or more key-encryption keys (KEKs). A decryption system then decrypts the encrypted key blobs using the KEKs to obtain the secret keys, and the decryption system decrypts the encrypted code using the secret keys. The resulting decrypted software code is then available for further processing.
-
公开(公告)号:US20140164779A1
公开(公告)日:2014-06-12
申请号:US13971886
申请日:2013-08-21
申请人: DAVID H. HARTLEY , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
发明人: DAVID H. HARTLEY , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , G06F21/57 , H04L9/0861 , H04L9/0866 , H04L9/3271 , H04L63/12 , H04L2209/12
摘要: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit. The electronic circuit can authenticate itself to the OEM using the message signing key pair.
摘要翻译: 实施例包括用于安全地提供电子电路的副本的方法。 第一实体(例如,芯片制造商)将一个或多个秘密值嵌入到电子电路的副本中。 第二实体(例如,OEM):1)将信任锚放在电子电路的第一副本中; 2)使电子电路使用信任锚和嵌入的秘密值来生成消息签名密钥对; 3)使用代码签名私钥签署提供代码; 和4)将对应的代码签名公钥,信任锚和签名的供应代码发送到第三实体(例如,产品制造商)。 第三实体将信任锚嵌入电子电路的第二副本,并使电子电路:1)生成消息签名私钥; 2)使用代码签名公钥验证签署的供应代码的签名; 和3)在电子电路上启动供应代码。 电子电路可以使用消息签名密钥对对OEM进行认证。
-
公开(公告)号:US09129536B2
公开(公告)日:2015-09-08
申请号:US13601993
申请日:2012-08-31
申请人: Thomas E. Tkacik , Lawrence L. Case , Carlin R. Covey , David H. Hartley , Rodney D. Ziolkowski
发明人: Thomas E. Tkacik , Lawrence L. Case , Carlin R. Covey , David H. Hartley , Rodney D. Ziolkowski
CPC分类号: G09C1/00 , G06F21/57 , H04L9/0866 , H04L9/3247 , H04L2209/12
摘要: Embodiments of electronic circuits enable security of sensitive data in a design and manufacturing process that includes multiple parties. An embodiment of an electronic circuit can include a private key embedded within the electronic circuit that is derived from a plurality of components including at least one component known only to the electronic circuit and at least one immutable value cryptographically bound into messages and residing on the electronic circuit, public key generation logic that generates a public key to match the private key, and message signing logic that signs messages with the private key.
摘要翻译: 电子电路的实施例使得敏感数据在包括多方的设计和制造过程中的安全性。 电子电路的实施例可以包括嵌入在电子电路内的私钥,其从多个部件导出,所述多个部件包括仅电子电路已知的至少一个部件,以及加密地绑定到消息中且驻留在电子电路上的至少一个不可变值 生成公钥以匹配私钥的电路,公钥生成逻辑,以及用私钥对消息进行签名的消息签名逻辑。
-
公开(公告)号:US09100189B2
公开(公告)日:2015-08-04
申请号:US13971886
申请日:2013-08-21
申请人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
发明人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
CPC分类号: H04L9/3247 , G06F21/57 , H04L9/0861 , H04L9/0866 , H04L9/3271 , H04L63/12 , H04L2209/12
摘要: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity embeds one or more secret values into copies of the circuit. A second entity: 1) embeds a trust anchor in a first copy of the circuit; 2) causes the circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity. The third entity embeds the trust anchor in a second copy of the circuit and causes the circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the circuit.
摘要翻译: 实施例包括用于安全地提供电子电路的副本的方法。 第一实体将一个或多个秘密值嵌入到电路的副本中。 第二实体:1)将信任锚放在电路的第一副本中; 2)使得电路使用信任锚和嵌入的秘密值来生成消息签名密钥对; 3)使用代码签名私钥签署提供代码; 和4)将对应的代码签名公钥,信任锚和签名的提供代码发送到第三实体。 第三实体将信任锚放在电路的第二副本中,并使电路:1)生成消息签名私钥; 2)使用代码签名公钥验证签署的供应代码的签名; 和3)在电路上启动供应代码。
-
公开(公告)号:US09094205B2
公开(公告)日:2015-07-28
申请号:US13601987
申请日:2012-08-31
申请人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
发明人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
CPC分类号: H04L9/30 , H04L9/0866 , H04L9/0877 , H04L9/0897 , H04L9/3247
摘要: Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key.
摘要翻译: 提供电子电路的方法的实施例在包括多方的设计和制造过程中实现敏感数据的安全性。 在说明性实施例中,提供电子电路的方法包括生成至少一个秘密值,将至少一个秘密值嵌入到电子电路中,向电子电路编程私钥导出函数,该私钥导出函数从该 至少一个秘密值和信任锚,并且将电子电路编程为产生与私钥匹配的公钥的公开密钥生成功能。 该方法还可以包括接收执行信任锚定认证的逻辑,该逻辑与多个不同参与者的预定演员接触,并与预定的演员通信,该消息用私钥签名。
-
公开(公告)号:US08332641B2
公开(公告)日:2012-12-11
申请号:US12363259
申请日:2009-01-30
申请人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
发明人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
IPC分类号: G06F9/00
CPC分类号: G06F11/3656 , H04L9/3247 , H04L9/3271
摘要: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.
摘要翻译: 在第一方的指导下,集成电路(IC)装置被配置为通过使用IC装置的密钥的询问/响应处理来暂时使能通过第一方的认证访问IC设备的调试接口,以及 在IC器件产生的挑战值。 第一方然后可以通过调试接口对IC设备进行软件评估。 响应于从软件评估中未能识别IC设备的问题,第一方可以在认证时永久地启用对调试接口的开放访问,并将IC设备提供给第二方。 在第二方的指导下,通过由第一方永久打开的调试接口进行IC设备的硬件评估。
-
公开(公告)号:US20100199077A1
公开(公告)日:2010-08-05
申请号:US12363259
申请日:2009-01-30
申请人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
发明人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
CPC分类号: G06F11/3656 , H04L9/3247 , H04L9/3271
摘要: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.
摘要翻译: 在第一方的指导下,集成电路(IC)装置被配置为通过使用IC装置的密钥的询问/响应处理来暂时使能通过第一方的认证访问IC设备的调试接口,以及 在IC器件产生的挑战值。 第一方然后可以通过调试接口对IC设备进行软件评估。 响应于从软件评估中未能识别IC设备的问题,第一方可以在认证时永久地启用对调试接口的打开访问,并将IC设备提供给第二方。 在第二方的指导下,通过由第一方永久打开的调试接口进行IC设备的硬件评估。
-
-
-
-
-
-
-
-
-
搜索结果
24 条记录 (耗时 0.039 秒)