-
公开(公告)号:US08332641B2
公开(公告)日:2012-12-11
申请号:US12363259
申请日:2009-01-30
申请人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
发明人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
IPC分类号: G06F9/00
CPC分类号: G06F11/3656 , H04L9/3247 , H04L9/3271
摘要: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.
摘要翻译: 在第一方的指导下,集成电路(IC)装置被配置为通过使用IC装置的密钥的询问/响应处理来暂时使能通过第一方的认证访问IC设备的调试接口,以及 在IC器件产生的挑战值。 第一方然后可以通过调试接口对IC设备进行软件评估。 响应于从软件评估中未能识别IC设备的问题,第一方可以在认证时永久地启用对调试接口的开放访问,并将IC设备提供给第二方。 在第二方的指导下,通过由第一方永久打开的调试接口进行IC设备的硬件评估。
-
公开(公告)号:US20100199077A1
公开(公告)日:2010-08-05
申请号:US12363259
申请日:2009-01-30
申请人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
发明人: Lawrence L. Case , Asaf Ashkenazi , Ruchir Chhabra , Carlin R. Covey , David H. Hartley , Troy E. Mackie , Alistair N. Muir , Mark D. Redman , Thomas E. Tkacik , John J. Vaglica , Rodney D. Ziolkowski
CPC分类号: G06F11/3656 , H04L9/3247 , H04L9/3271
摘要: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.
摘要翻译: 在第一方的指导下,集成电路(IC)装置被配置为通过使用IC装置的密钥的询问/响应处理来暂时使能通过第一方的认证访问IC设备的调试接口,以及 在IC器件产生的挑战值。 第一方然后可以通过调试接口对IC设备进行软件评估。 响应于从软件评估中未能识别IC设备的问题,第一方可以在认证时永久地启用对调试接口的打开访问,并将IC设备提供给第二方。 在第二方的指导下,通过由第一方永久打开的调试接口进行IC设备的硬件评估。
-
公开(公告)号:US20140164779A1
公开(公告)日:2014-06-12
申请号:US13971886
申请日:2013-08-21
申请人: DAVID H. HARTLEY , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
发明人: DAVID H. HARTLEY , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , G06F21/57 , H04L9/0861 , H04L9/0866 , H04L9/3271 , H04L63/12 , H04L2209/12
摘要: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit. The electronic circuit can authenticate itself to the OEM using the message signing key pair.
摘要翻译: 实施例包括用于安全地提供电子电路的副本的方法。 第一实体(例如,芯片制造商)将一个或多个秘密值嵌入到电子电路的副本中。 第二实体(例如,OEM):1)将信任锚放在电子电路的第一副本中; 2)使电子电路使用信任锚和嵌入的秘密值来生成消息签名密钥对; 3)使用代码签名私钥签署提供代码; 和4)将对应的代码签名公钥,信任锚和签名的供应代码发送到第三实体(例如,产品制造商)。 第三实体将信任锚嵌入电子电路的第二副本,并使电子电路:1)生成消息签名私钥; 2)使用代码签名公钥验证签署的供应代码的签名; 和3)在电子电路上启动供应代码。 电子电路可以使用消息签名密钥对对OEM进行认证。
-
公开(公告)号:US09129536B2
公开(公告)日:2015-09-08
申请号:US13601993
申请日:2012-08-31
申请人: Thomas E. Tkacik , Lawrence L. Case , Carlin R. Covey , David H. Hartley , Rodney D. Ziolkowski
发明人: Thomas E. Tkacik , Lawrence L. Case , Carlin R. Covey , David H. Hartley , Rodney D. Ziolkowski
CPC分类号: G09C1/00 , G06F21/57 , H04L9/0866 , H04L9/3247 , H04L2209/12
摘要: Embodiments of electronic circuits enable security of sensitive data in a design and manufacturing process that includes multiple parties. An embodiment of an electronic circuit can include a private key embedded within the electronic circuit that is derived from a plurality of components including at least one component known only to the electronic circuit and at least one immutable value cryptographically bound into messages and residing on the electronic circuit, public key generation logic that generates a public key to match the private key, and message signing logic that signs messages with the private key.
摘要翻译: 电子电路的实施例使得敏感数据在包括多方的设计和制造过程中的安全性。 电子电路的实施例可以包括嵌入在电子电路内的私钥,其从多个部件导出,所述多个部件包括仅电子电路已知的至少一个部件,以及加密地绑定到消息中且驻留在电子电路上的至少一个不可变值 生成公钥以匹配私钥的电路,公钥生成逻辑,以及用私钥对消息进行签名的消息签名逻辑。
-
公开(公告)号:US09100189B2
公开(公告)日:2015-08-04
申请号:US13971886
申请日:2013-08-21
申请人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
发明人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
CPC分类号: H04L9/3247 , G06F21/57 , H04L9/0861 , H04L9/0866 , H04L9/3271 , H04L63/12 , H04L2209/12
摘要: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity embeds one or more secret values into copies of the circuit. A second entity: 1) embeds a trust anchor in a first copy of the circuit; 2) causes the circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity. The third entity embeds the trust anchor in a second copy of the circuit and causes the circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the circuit.
摘要翻译: 实施例包括用于安全地提供电子电路的副本的方法。 第一实体将一个或多个秘密值嵌入到电路的副本中。 第二实体:1)将信任锚放在电路的第一副本中; 2)使得电路使用信任锚和嵌入的秘密值来生成消息签名密钥对; 3)使用代码签名私钥签署提供代码; 和4)将对应的代码签名公钥,信任锚和签名的提供代码发送到第三实体。 第三实体将信任锚放在电路的第二副本中,并使电路:1)生成消息签名私钥; 2)使用代码签名公钥验证签署的供应代码的签名; 和3)在电路上启动供应代码。
-
公开(公告)号:US09094205B2
公开(公告)日:2015-07-28
申请号:US13601987
申请日:2012-08-31
申请人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
发明人: David H. Hartley , Thomas E. Tkacik , Carlin R. Covey , Lawrence L. Case , Rodney D. Ziolkowski
CPC分类号: H04L9/30 , H04L9/0866 , H04L9/0877 , H04L9/0897 , H04L9/3247
摘要: Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key.
摘要翻译: 提供电子电路的方法的实施例在包括多方的设计和制造过程中实现敏感数据的安全性。 在说明性实施例中,提供电子电路的方法包括生成至少一个秘密值,将至少一个秘密值嵌入到电子电路中,向电子电路编程私钥导出函数,该私钥导出函数从该 至少一个秘密值和信任锚,并且将电子电路编程为产生与私钥匹配的公钥的公开密钥生成功能。 该方法还可以包括接收执行信任锚定认证的逻辑,该逻辑与多个不同参与者的预定演员接触,并与预定的演员通信,该消息用私钥签名。
-
7.发明申请Computing Device with Entry Authentication into Trusted Execution Environment and Method Therefor 有权具有进入认证的计算设备到可信执行环境及其方法公开(公告)号:US20090240923A1
公开(公告)日:2009-09-24
申请号:US12053502
申请日:2008-03-21
IPC分类号: G06F9/30
CPC分类号: G06F21/52 , G06F9/30076 , G06F2221/2105
摘要: A computing device (10) includes a trusted execution environment (TEE) manager (40) that manages a switchover from non-trusted software (116) to trusted software (118). The TEE manager (40) includes memory (90) configured to store password-bearing, immediate-operand instructions (54). At the point of switching between the non-trusted software (116) and the trusted software (118) the memory (90) may be accessed as instruction fetches, and its contents fetched into a CPU core (24) as instructions. Immediate-operand portions (60) of the immediate-operand instructions (54) provide passwords, which are written back into guess registers (80) within the TEE manager (40). When a predetermined relationship between the instructions (54) and guesses in guess registers (80) is identified, actual execution of the immediate-operand instructions (54) is verified, the TEE mode of operation is signaled, and security-sensitive hardware (44) is enabled for use by a privileged routine (42) portion of the trusted software (118).
摘要翻译: 计算设备(10)包括管理从不可信软件(116)到可信软件(118)的切换的可信执行环境(TEE)管理器(40)。 TEE管理器(40)包括被配置为存储密码,即时操作数指令(54)的存储器(90)。 在非信任软件(116)和可信软件(118)之间的切换点,存储器(90)可作为指令获取被访问,其内容作为指令被提取到CPU核心(24)中。 立即操作数指令(54)的立即操作数部分(60)提供密码,这些密码被写回到TEE管理器(40)内的猜测寄存器(80)中。 当指示(54)和猜测寄存器(80)中的猜测之间的预定关系被识别时,验证了立即操作数指令(54)的实际执行,发出TEE操作模式和安全敏感硬件(44 )被允许由可信软件(118)的特权例程(42)部分使用。
-
8.发明授权Computing device with entry authentication into trusted execution environment and method therefor 有权具有进入认证的可信任执行环境的计算设备及其方法公开(公告)号:US08117642B2
公开(公告)日:2012-02-14
申请号:US12053502
申请日:2008-03-21
CPC分类号: G06F21/52 , G06F9/30076 , G06F2221/2105
摘要: A computing device (10) includes a trusted execution environment (TEE) manager (40) that manages a switchover from non-trusted software (116) to trusted software (118). The TEE manager (40) includes memory (90) configured to store password-bearing, immediate-operand instructions (54). At the point of switching between the non-trusted software (116) and the trusted software (118) the memory (90) may be accessed as instruction fetches, and its contents fetched into a CPU core (24) as instructions. Immediate-operand portions (60) of the immediate-operand instructions (54) provide passwords, which are written back into guess registers (80) within the TEE manager (40). When a predetermined relationship between the instructions (54) and guesses in guess registers (80) is identified, actual execution of the immediate-operand instructions (54) is verified, the TEE mode of operation is signaled, and security-sensitive hardware (44) is enabled for use by a privileged routine (42) portion of the trusted software (118).
摘要翻译: 计算设备(10)包括管理从不可信软件(116)到可信软件(118)的切换的可信执行环境(TEE)管理器(40)。 TEE管理器(40)包括被配置为存储密码,即时操作数指令(54)的存储器(90)。 在非信任软件(116)和可信软件(118)之间的切换点,存储器(90)可作为指令获取被访问,其内容作为指令被提取到CPU核心(24)中。 立即操作数指令(54)的立即操作数部分(60)提供密码,这些密码被写回到TEE管理器(40)内的猜测寄存器(80)中。 当指示(54)和猜测寄存器(80)中的猜测之间的预定关系被识别时,验证了立即操作数指令(54)的实际执行,发出TEE操作模式和安全敏感硬件(44 )被允许由可信软件(118)的特权例程(42)部分使用。
-
公开(公告)号:US08826391B2
公开(公告)日:2014-09-02
申请号:US13540606
申请日:2012-07-02
IPC分类号: G06F21/00
CPC分类号: G06F21/53 , G06F9/45558 , G06F21/57
摘要: Embodiments of information processing systems and associated components can include logic operable to perform operations in a virtualized system including a plurality of guest operating systems using descriptors. The descriptors specify a set of commands defining the operations in a plurality of security domains and specify permission to a plurality of resources selectively for the plurality of guest operating systems.
摘要翻译: 信息处理系统和相关组件的实施例可以包括可操作以在包括使用描述符的多个客户操作系统的虚拟化系统中执行操作的逻辑。 描述符指定定义多个安全域中的操作的一组命令,并且为多个客户操作系统选择性地指定对多个资源的许可。
-
公开(公告)号:US09384153B2
公开(公告)日:2016-07-05
申请号:US13601973
申请日:2012-08-31
申请人: Thomas E. Tkacik , Charles E. Cannon , Carlin R. Covey , David H. Hartley , Rodney D. Ziolowski
发明人: Thomas E. Tkacik , Charles E. Cannon , Carlin R. Covey , David H. Hartley , Rodney D. Ziolowski
CPC分类号: G06F13/1694
摘要: Embodiments of electronic circuits, computer systems, and associated methods include a module that accesses memory using virtual addressing, the memory including local memory that is local to the module and nonlocal memory that is accessible via a system bus coupled to the module, the module including logic coupled to the local memory via a local bus. The logic is configured to receive a memory access specified to a virtual address, determine whether the virtual address is within the local memory, and direct the memory access either to the local memory via the local bus or to the nonlocal memory via the system bus based on the determination.
摘要翻译: 电子电路,计算机系统和相关方法的实施例包括使用虚拟寻址访问存储器的模块,所述存储器包括对模块本地的本地存储器以及可经由耦合到模块的系统总线访问的非本地存储器,模块包括 通过本地总线耦合到本地存储器的逻辑。 逻辑被配置为接收对虚拟地址指定的存储器访问,确定虚拟地址是否在本地存储器内,并且经由本地总线或通过基于系统总线的本地存储器将存储器访问定向到本地存储器 决心。
-
-
-
-
-
-
-
-
-
搜索结果
46 条记录 (耗时 0.049 秒)