公开(公告)号：US12149517B2

公开(公告)日：2024-11-19

申请号：US17485237

申请日：2021-09-24

Applicant: Micron Technology, Inc.

Inventor： Jeffrey Charles Shiner ,  Lance W. Dover ,  Olivier Duval

IPC: H04L9/40 ,  G06F21/72 ,  H04L9/08 ,  H04W12/48

Abstract: A server system stores data associating a secret of the memory device configured in an endpoint, a first identification, and device information of the endpoint. After receiving a request to bind a second identification to the endpoint, the server system can tie identity data of the endpoint to the second identification. For example, after receiving a validation request containing identity data generated by the memory device, the server system can verify a verification code in the identity data based at least in part on the secret of the memory device. The verification code is generated from a message presented in the identity data and a cryptographic key derived at least in part from the secret. Based on validating the identity data, the server system can provide a validation response to indicate that the identity data is generated by the endpoint having the second identification.

公开(公告)号：US20240070089A1

公开(公告)日：2024-02-29

申请号：US18351986

申请日：2023-07-13

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: G06F12/14 ,  H04L9/32

CPC classification number: G06F12/1408 ,  H04L9/3242 ,  G06F2212/1052

Abstract: Methods, systems, and devices for a measurement command for memory systems are described. A memory system and a host system may support a measure command to calculate a cryptographic value of data stored in a region of the memory system. In some cases, a region indicated by the measure command may correspond to a protected region of the memory system. In such cases, the measure command may include a cryptographic signature from the host system. Upon receiving the measure command, the memory system may perform a hashing operation on the data to generate the cryptographic value. In some cases, the memory system may transmit the digest to the host. Additionally or alternatively, the memory system may extend the digest into a register indicated by the command. Further, the measure command may be used to generate a key pair associated with the memory system.

公开(公告)号：US20230388129A1

公开(公告)日：2023-11-30

申请号：US18448815

申请日：2023-08-11

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3242 ,  H04L9/0861 ,  H04L9/3215

Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising receiving a request for an activation code database from a remote computing device, the request including at least one parameter; retrieving at least one pair based on the at least one parameter, the pair including a unique ID (UID) and secret key; generating an activation code for the UID; and returning the activation code to the remote computing device.

公开(公告)号：US20230370446A1

公开(公告)日：2023-11-16

申请号：US17745699

申请日：2022-05-16

Applicant: Micron Technology, Inc.

Inventor： Jeffrey Charles Shiner ,  Lance W. Dover

IPC: H04L9/40 ,  H04L9/14

CPC classification number: H04L63/083 ,  H04L9/14

Abstract: A security server to validate identity data of computing devices having secure memory devices and track activities of components in the computing devices. The server system is configured to store data representative of a unique device secret sealed in the memory device. The server system can generate a first cryptographic key independently from the memory device generating a second cryptographic key. The memory device uses the second cryptographic key to generate identity data including a message and a verification code generated via cryptographic operations combining the message and the second cryptographic key. The server system can use the first cryptographic key to determine whether the verification code is valid for the message. If so, the security server can generate an activity record associating the activity of the computing device with identifications of respective components of the computing device confirmed via validation of the identity data.

公开(公告)号：US11811743B2

公开(公告)日：2023-11-07

申请号：US17485204

申请日：2021-09-24

Applicant: Micron Technology, Inc.

Inventor： Jeffrey Charles Shiner ,  Lance W. Dover ,  Olivier Duval

IPC: H04L9/40 ,  G06F8/65 ,  G06F21/45 ,  H04L9/08 ,  G06F9/445

CPC classification number: H04L63/08 ,  G06F8/65 ,  G06F9/44505 ,  G06F21/45 ,  H04L9/0861 ,  H04L9/0894 ,  H04L63/06 ,  H04L63/123

Abstract: An online service store to configure services for endpoints in connection with validating authenticity of the endpoints. For example, a service can be ordered for an endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, a server system can determine, based on a secret of the memory device and other data stored about the endpoint, the validity of the identity data and thus the authenticity of the endpoint. Based on the service ordered for the endpoint, the server system causes the endpoint to be connected to a client server to receive the service. The server system can cause the firmware of the endpoint to be updated to enable the endpoint to receive the service from the client server.

公开(公告)号：US20230129728A1

公开(公告)日：2023-04-27

申请号：US17663123

申请日：2022-05-12

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/14

Abstract: Methods, systems, and devices for memory system security and authentication using asymmetric keys are described. In some examples, host systems and memory systems may be configured to implement techniques for the generation and distribution of asymmetric keys, which may support evaluating the authenticity of interfacing systems (e.g., system identities) in connection with exchanged signaling, such as access commands, requests, data, or other signaling. Such techniques may include implementing asymmetric cryptographic security directly in a memory system. For example, a memory system may be configured to be cryptographically identified by a public asymmetric key, and authenticity of the memory system may be proven by signing a challenge using an asymmetric private key of the memory system. Further, a host system may be identified by signing signaling with its asymmetric private key, and the signature may be verified by a memory system using an asymmetric public key of the host system.

公开(公告)号：US20230006827A1

公开(公告)日：2023-01-05

申请号：US17941442

申请日：2022-09-09

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/32 ,  H04L9/08

Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising storing a plurality of activation codes, each of the activation codes associated with a respective unique identifier (UID) of semiconductor device; receiving, over a network, a request to generate a new storage root key (SRK), the request including a response code and a requested UID; identifying a selected activation code from the plurality of activation codes based on the requested UID; generating the SHRSRK value using the response code and the selected activation code; associating the SHRSRK value with the requested UID and storing the SHRSRK value; and returning an acknowledgement in response to the request.

公开(公告)号：US20220221996A1

公开(公告)日：2022-07-14

申请号：US17710675

申请日：2022-03-31

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: G06F3/06

Abstract: The disclosed embodiments are related to securely updating a semiconductor device. In one embodiment, a method comprises receiving a command; generating, by the semiconductor device, a response code in response to the command; returning the response code to a processing device; receiving a command to replace a storage root key of the device; generating a replacement key based on the response code; and replacing an existing key with the replacement key.

公开(公告)号：US20220078022A1

公开(公告)日：2022-03-10

申请号：US17014206

申请日：2020-09-08

Applicant: Micron Technology, Inc.

Inventor： Lance W. Dover

IPC: H04L9/32 ,  H04L9/08

Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising receiving a request for an activation code database from a remote computing device, the request including at least one parameter; retrieving at least one pair based on the at least one parameter, the pair including a unique ID (UID) and secret key; generating an activation code for the UID; and returning the activation code to the remote computing device.

公开(公告)号：US20220058295A1

公开(公告)日：2022-02-24

申请号：US17396531

申请日：2021-08-06

Applicant: Micron Technology, Inc.

Inventor： Aaron P. Boehm ,  Lance W. Dover ,  Steffen Buch

IPC: G06F21/79 ,  G06F21/60 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: Methods, systems, and devices for safety and security for memory are described. In some examples, data associated with a memory device may be authenticated before an associated operation is executed. The data may be authenticated before it is executed at a volatile memory. The data may be associated with a hash (e.g., a first hash) and may be communicated from the memory device to a host device. At the host device, the data and the first hash may be written (e.g., stored) to temporary storage, such as a cache. Once stored to the cache, the host device may generate an additional hash (e.g., a second hash) related to the data using a key inaccessible to the memory device. If the first hash and second hash match, the data may be authenticated and one or more operations may be executed.