公开(公告)号：US20110033041A1

公开(公告)日：2011-02-10

申请号：US12850693

申请日：2010-08-05

Applicant: Meng-Day Yu ,  Srinivas Devadas

Inventor： Meng-Day Yu ,  Srinivas Devadas

IPC: H04L9/28 ,  G06F11/07

CPC classification number: G06F11/10 ,  H04L9/0662 ,  H04L9/3278 ,  H04L2209/34

Abstract: Outputs from at least one pseudo-random source are used to encode hidden value. The hidden value is encoded using index based quantities, for example, based on numerically ordering a sequence of outputs from pseudo-random source(s). In some examples, the numerical ordering of re-generated device-specific quantities is used to re-generate the hidden value, without necessarily requiring additional error correction mechanisms. Information leak may be reduced by constructing system whose “syndrome” helper bits are random, as measured, for example, by NIST's Statistical Tests for Randomness In some examples, index based coding provides coding gain that exponentially reduces total error correction code complexity, resulting in efficiently realizable PRS-based key generation systems. In some examples, index based coding allows noisy PRS to be robust across conditions where conventional error correction code cannot error correct.

Abstract translation: 来自至少一个伪随机源的输出用于对隐藏值进行编码。 隐藏值使用基于索引的量来编码，例如，基于从伪随机源的输出序列的数值排序。 在一些示例中，重新生成的设备特定量的数值排序用于重新生成隐藏值，而不需要额外的纠错机制。 信息泄漏可以通过构建其“综合征”辅助位是随机的系统来减少，例如，通过NIST的随机统计测试来测量。在一些示例中，基于索引的编码提供指数地降低总纠错码复杂度的编码增益，导致 有效实现的基于PRS的密钥生成系统。 在一些示例中，基于索引的编码允许有噪声的PRS在常规纠错码不能正确错误的情况下是稳健的。

公开(公告)号：US08811615B2

公开(公告)日：2014-08-19

申请号：US12850693

申请日：2010-08-05

Applicant: Meng-Day Yu ,  Srinivas Devadas

Inventor： Meng-Day Yu ,  Srinivas Devadas

IPC: H04L9/00

CPC classification number: G06F11/10 ,  H04L9/0662 ,  H04L9/3278 ,  H04L2209/34

Abstract: Outputs from at least one pseudo-random source are used to encode hidden value. The hidden value is encoded using index based quantities, for example, based on numerically ordering a sequence of outputs from pseudo-random source(s). In some examples, the numerical ordering of re-generated device-specific quantities is used to re-generate the hidden value, without necessarily requiring additional error correction mechanisms. Information leak may be reduced by constructing system whose “syndrome” helper bits are random, as measured, for example, by NIST's Statistical Tests for Randomness In some examples, index based coding provides coding gain that exponentially reduces total error correction code complexity, resulting in efficiently realizable PRS-based key generation systems. In some examples, index based coding allows noisy PRS to be robust across conditions where conventional error correction code cannot error correct.

Abstract translation: 来自至少一个伪随机源的输出用于对隐藏值进行编码。 隐藏值使用基于索引的量来编码，例如，基于从伪随机源的输出序列的数值排序。 在一些示例中，重新生成的设备特定量的数值排序用于重新生成隐藏值，而不需要额外的纠错机制。 信息泄漏可以通过构建其“综合征”辅助位是随机的系统来减少，例如，通过NIST的随机统计测试来测量。在一些示例中，基于索引的编码提供指数地降低总纠错码复杂度的编码增益，导致 有效实现的基于PRS的密钥生成系统。 在一些示例中，基于索引的编码允许有噪声的PRS在常规纠错码不能正确错误的情况下是稳健的。

公开(公告)号：US08762723B2

公开(公告)日：2014-06-24

申请号：US13543295

申请日：2012-07-06

Applicant: Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

Inventor： Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

IPC: G06F21/00

CPC classification number: H04L9/3278 ,  H04L9/0844 ,  H04L9/0866

Abstract: An approach to cryptographic security uses a “fuzzy” credential, in contrast to a “hard” credential, to eliminate cryptographic algorithmic repeatability on a device that may be subject to physical attacks. By eliminating repeatability performed at an algorithmic (e.g., gate or software) level, a device inherently lacks one of the fundamental setup assumptions associated with certain classes of side channel, fault injection, timing, and related attacks, thus helps to protect the system against such attacks while preserving the cryptographic security of the system.

Abstract translation: 加密安全性的方法使用“模糊”凭据，与“硬”证书相反，以消除可能遭受物理攻击的设备上的加密算法重复性。 通过消除在算法（例如门或软件）级别执行的重复性，设备固有地缺乏与某些类别的侧信道，故障注入，定时和相关攻击相关联的基本设置假设之一，从而有助于保护系统免受 这种攻击同时保留了系统的加密安全性。

公开(公告)号：US20130010957A1

公开(公告)日：2013-01-10

申请号：US13543295

申请日：2012-07-06

Applicant: Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

Inventor： Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

IPC: H04L9/00

CPC classification number: H04L9/3278 ,  H04L9/0844 ,  H04L9/0866

Abstract: An approach to cryptographic security uses a “fuzzy” credential, in contrast to a “hard” credential, to eliminate cryptographic algorithmic repeatability on a device that may be subject to physical attacks. By eliminating repeatability performed at an algorithmic (e.g., gate or software) level, a device inherently lacks one of the fundamental setup assumptions associated with certain classes of side channel, fault injection, timing, and related attacks, thus helps to protect the system against such attacks while preserving the cryptographic security of the system.

Abstract translation: 加密安全性的方法使用与硬凭证相反的模糊凭证来消除可能遭受物理攻击的设备上的加密算法重复性。 通过消除在算法（例如门或软件）级别执行的重复性，设备固有地缺乏与某些类别的侧信道，故障注入，定时和相关攻击相关联的基本设置假设之一，从而有助于保护系统免受 这种攻击同时保留了系统的加密安全性。

公开(公告)号：US07818569B2

公开(公告)日：2010-10-19

申请号：US11421582

申请日：2006-06-01

Applicant: Srinivas Devadas ,  Blaise Gassend

Inventor： Srinivas Devadas ,  Blaise Gassend

IPC: G08B29/00 ,  G06F21/02 ,  H01L23/58

CPC classification number: G06F21/31 ,  G06F21/72 ,  G06F21/73 ,  G06F21/77 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2103 ,  G06F2221/2121 ,  G06F2221/2129 ,  G06F2221/2153 ,  G06Q20/3674 ,  G09C1/00 ,  H01L23/544 ,  H01L23/576 ,  H01L2223/54433 ,  H01L2223/5444 ,  H01L2223/54473 ,  H01L2924/0002 ,  H04L9/0897 ,  H04L9/3278 ,  H04L2209/34 ,  H04L2209/42 ,  H01L2924/00

Abstract: A digital value is generated in an integrated circuit such that the generated value substantially depends on circuit parameters that vary among like devices. The generated digital value is then used, for example, to access protected information in the device or to perform a cryptographic function in the integrated circuit.

Abstract translation: 在集成电路中产生数字值，使得所产生的值基本上取决于在类似的装置之间变化的电路参数。 所产生的数字值例如用于访问设备中的受保护信息或在集成电路中执行加密功能。

公开(公告)号：US07724760B2

公开(公告)日：2010-05-25

申请号：US10639269

申请日：2003-08-12

Applicant: Hari Balakrishnan ,  Srinivas Devadas ,  Arvind Mithal

Inventor： Hari Balakrishnan ,  Srinivas Devadas ,  Arvind Mithal

IPC: H04L12/56

CPC classification number: H04L47/10 ,  H04L47/24 ,  H04L47/39 ,  H04L47/50 ,  H04L47/52 ,  H04L47/6215 ,  H04L47/6255 ,  H04L49/101 ,  H04L49/254 ,  H04L49/30 ,  H04L49/3045

Abstract: A method for selecting a queue for service across a shared link. The method includes classifying each queue from a group of queues within a plurality of ingresses into one tier of a number “N” of tiers. The number “N” is greater than or equal to 2. Information about allocated bandwidth is used to classify at least some of the queues into the tiers. Each tier is assigned a different priority. The method also includes matching queues to available egresses by matching queues classified within tiers with higher priorities before matching queues classified within tiers with lower priorities.

Abstract translation: 一种用于通过共享链路选择服务队列的方法。 该方法包括将来自多个入口内的一组队列中的每个队列分成层数“N”的一层。 数字“N”大于或等于2.关于分配的带宽的信息用于将至少一些队列分类到层级中。 每个层都有不同的优先级。 该方法还包括通过匹配在具有较低优先级的层级中分类的队列之前匹配在具有较高优先级的层级中分类的队列来匹配队列到可用出口。

公开(公告)号：US07681103B2

公开(公告)日：2010-03-16

申请号：US11421588

申请日：2006-06-01

Applicant: Srinivas Devadas ,  Blaise Gassend

Inventor： Srinivas Devadas ,  Blaise Gassend

IPC: G06F11/00

CPC classification number: G06F21/31 ,  G06F21/72 ,  G06F21/73 ,  G06F21/77 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2103 ,  G06F2221/2121 ,  G06F2221/2129 ,  G06F2221/2153 ,  G06Q20/3674 ,  G09C1/00 ,  H01L23/544 ,  H01L23/576 ,  H01L2223/54433 ,  H01L2223/5444 ,  H01L2223/54473 ,  H01L2924/0002 ,  H04L9/0897 ,  H04L9/3278 ,  H04L2209/34 ,  H04L2209/42 ,  H01L2924/00

Abstract: A device-specific value is reliably generated in a device. In a first component of the device, a first digital value is generated that is substantially dependent fabrication variation among like device. Redundancy information is computed based on the first digital value. A subsequent digital value is later generated in the first component of the device. The first digital value is then determined in a second component of the device from the subsequent digital value and the redundancy information.

Abstract translation: 设备特定的值在设备中可靠地生成。 在器件的第一部件中，产生第一数字值，其基本上依赖于相似器件之间的制造变化。 基于第一数字值计算冗余信息。 稍后在设备的第一个组件中生成后续的数字值。 然后，在随后的数字值和冗余信息中，在设备的第二分量中确定第一数字值。

公开(公告)号：US20090222672A1

公开(公告)日：2009-09-03

申请号：US12361811

申请日：2009-01-29

Applicant: Dwaine Clarke ,  Blaise Gassend ,  Marten Van Dijk ,  Srinivas Devadas

Inventor： Dwaine Clarke ,  Blaise Gassend ,  Marten Van Dijk ,  Srinivas Devadas

IPC: G06F12/14 ,  G06F19/00 ,  H04L9/32 ,  H03K19/00

CPC classification number: G06F21/31 ,  G06F21/72 ,  G06F21/73 ,  G06F21/77 ,  G06F21/79 ,  G06F21/86 ,  G06F2221/2103 ,  G06F2221/2121 ,  G06F2221/2129 ,  G06F2221/2153 ,  G06Q20/3674 ,  G09C1/00 ,  H01L23/544 ,  H01L23/576 ,  H01L2223/54433 ,  H01L2223/5444 ,  H01L2223/54473 ,  H01L2924/0002 ,  H04L9/0897 ,  H04L9/3278 ,  H04L2209/34 ,  H04L2209/42 ,  H01L2924/00

Abstract: An integrated circuit has a first component that has a dynamic characteristic that varies among like integrated circuits, for example, among integrated circuits fabricated using the same lithography mask. Operating the first component produces an output that is dependent on the dynamic characteristic of the first component. A digital value associated with the integrated circuit is generated using the output of the first component, and then the generated digital value is used in operation of the integrated circuit.

Abstract translation: 集成电路具有第一部件，其具有在类似的集成电路之间变化的动态特性，例如在使用相同的光刻掩模制造的集成电路中。 操作第一组件产生取决于第一组件的动态特性的输出。 使用第一分量的输出产生与集成电路相关联的数字值，然后在集成电路的操作中使用所生成的数字值。

公开(公告)号：US07415477B2

公开(公告)日：2008-08-19

申请号：US10482864

申请日：2001-07-05

Applicant: Srinivas Devadas ,  Hari Balakrishnan ,  Daniel Rosenband

Inventor： Srinivas Devadas ,  Hari Balakrishnan ,  Daniel Rosenband

IPC: G06F15/16 ,  G06F15/173 ,  G06F17/00

CPC classification number: H04L47/10 ,  H04L47/2433 ,  H04L47/2458 ,  H04L47/30 ,  H04L47/39 ,  H04L47/50 ,  H04L47/521 ,  H04L47/6215 ,  H04L49/30 ,  H04L49/90 ,  Y10S707/99942

Abstract: A method and apparatus for selecting a queue for service across a shared link. The method includes determining a priority for each queue (202) within a plurality of ingresses (102), wherein the priority is instantaneous for a given timeslot for data transfer, selecting a queue having a first priority for each group of queues within each ingress (104) having packets destined for a particular egress (104), selecting a queue having a second priority for each subset of queues having first priorities and having packets destined for the particular egress (104), and selecting the queue having the second priority for service across the shared link in the given timeslot.

Abstract translation: 一种用于通过共享链路选择用于服务的队列的方法和装置。 该方法包括确定多个入口（102）内的每个队列（202）的优先级，其中优先级对于给定的时隙用于数据传输是瞬时的，为每个入口内的每组队列选择具有第一优先级的队列（ 104），具有去往特定出口（104）的分组，为具有第一优先级的队列的每个子集选择具有第二优先级的队列并且具有去往特定出口（104）的分组，以及选择具有服务的第二优先级的队列 跨越给定时间段的共享链路。

公开(公告)号：US20060210082A1

公开(公告)日：2006-09-21

申请号：US11273920

申请日：2005-11-14

Applicant: Srinivas Devadas ,  Thomas Ziola

Inventor： Srinivas Devadas ,  Thomas Ziola

IPC: H04L9/00

CPC classification number: H04L9/3278 ,  G06F21/31 ,  G06F21/445 ,  G06F21/602 ,  G06F21/76 ,  G06F2221/2129 ,  G11C7/24 ,  G11C16/20 ,  G11C16/22 ,  G11C2029/4402 ,  G11C2029/5002 ,  H04L9/0838 ,  H04L9/0877 ,  H04L9/304 ,  H04L2209/56 ,  H04L2209/603 ,  H04L2209/805

Abstract: A key is determined from a volatile response using circuitry on the device. The volatile response depend on process variation in fabrication of the device. Error control data that depends on the first volatile response can be computed, stored externally to the device, and then used to generate the key using a volatile response using the circuit. Applications of volatile keys include authentication and rights management for content and software.