-
1.发明公开公开(公告)号:US20240267219A1
公开(公告)日:2024-08-08
申请号:US18431653
申请日:2024-02-02
发明人: Zhan Liu
CPC分类号: H04L9/30 , H04L9/088 , H04L9/3247
摘要: In some aspects, the techniques described herein relate to a system including: a Device Identity Composition Engine (DICE) configured to generate asymmetric key pairs for software layers of a computing system; and a secure element (SE), the secure element configured to receive requests for accessing the software layers and validating a request for a given software layer by: generating a nonce, providing the nonce and an identifier of the given software layer to the DICE, receiving a response from the DICE, and validating the response using a public key corresponding to the given software layer to allow access to the given software layer.
-
公开(公告)号:US11997212B2
公开(公告)日:2024-05-28
申请号:US16453909
申请日:2019-06-26
发明人: Zhan Liu
CPC分类号: H04L9/3247 , G06F3/0623 , G06F3/0659 , G06F3/0673 , H04L9/3242
摘要: Methods, systems, and devices for payload validation for a memory system are described. A payload receiver may be a device that includes an array of memory cells configured to store data, and a payload transmitter may be a host of a payload receiver (e.g., a host device) or another device that is in communication with the payload receiver. A payload receiver may be configured to receive an information payload and a signature associated with the information payload. The received signature may be based on the information payload and an identifier of the payload receiver previously provided to the payload transmitter. The payload receiver may generate a signature based on the information payload and the identifier of the payload receiver (e.g., as stored or cached at the payload receiver), and authenticate the information payload based on the received signature and the generated signature.
-
公开(公告)号:US20230393762A1
公开(公告)日:2023-12-07
申请号:US17831370
申请日:2022-06-02
发明人: Zhan Liu
CPC分类号: G06F3/0622 , G06F3/0655 , G06F3/0679 , H04L9/3013 , H04L9/3066
摘要: The disclosure relates to improvements in the delivery of cryptographic data to secure memory devices. In some aspects, the techniques described herein relate to a method including: receiving, by a memory device, a command, the command including a public key and a hash of a unique device secret (UDS); generating, by the memory device, a local UDS using the public key and a locally stored private key; generating, by the memory device, a local UDS hash by inputting the local UDS into a hashing algorithm; determining, by the memory device, whether the local UDS hash matches the hash included in the command; writing, by the memory device, the public key to a key storage area if the local UDS hash matches the hash included in the command; and returning, by the memory device, a failure response if the local UDS hash does not match the hash included in the command.
-
公开(公告)号:US20230046674A1
公开(公告)日:2023-02-16
申请号:US17399919
申请日:2021-08-11
发明人: Zhan Liu
摘要: The disclosed embodiments relate to securely booting firmware images. In one embodiment, a method is disclosed comprising receiving, by a memory device, a firmware update; validating, by the memory device, a signature associated with the firmware update; copying, by the memory device, an existing firmware image to an archive location, the archive location storing a plurality of firmware images sorted by version identifiers; booting, by the memory device, and executing the firmware update; and replacing, by the memory device, the firmware update with the existing firmware image stored in the archive location upon detecting an error while booting the firmware update.
-
公开(公告)号:US20220405391A1
公开(公告)日:2022-12-22
申请号:US17353497
申请日:2021-06-21
发明人: Zhan Liu
IPC分类号: G06F21/57
摘要: Systems, apparatuses, and methods to secure identity chaining between software/firmware components of trusted computing base. A memory device includes a secure memory region having access control based on cryptography. The secure memory region stores component information about a second component configured to be executed after a first component during booting. Prior to using a component identity of the second component to generate a compound identifier of the first component, health of the second component to be executed is verified based on the component information stored in the secure memory region.
-
公开(公告)号:US20240267233A1
公开(公告)日:2024-08-08
申请号:US18431415
申请日:2024-02-02
发明人: Zhan Liu
CPC分类号: H04L9/3263 , H04L9/0877 , H04L9/3247
摘要: In some aspects, the techniques described herein relate to a system including: a remote key management server (RKMS); and a computer network communicatively coupled to the RKMS, the computer network including: a first computing device a second computing device, and a local key management server (LKMS) communicatively coupled to the RKMS, the first computing device, and the second computing device, wherein the LKMS is configured to: writes a LKMS public key to the first computing device using a command signed by the RKMS, write a public key of the second computing device to the first computing device using a second command signed using a private key corresponding to the LKMS public key.
-
公开(公告)号:US12058251B2
公开(公告)日:2024-08-06
申请号:US17668698
申请日:2022-02-10
发明人: Zhan Liu
CPC分类号: H04L9/0861 , H04L9/3066 , H04L9/3268
摘要: The techniques described herein relate to a system including a simulator for instantiating a simulated device associated with a device public key and at least one generated device public key and generated device certificate. The system includes a server configured to receive the device public key, generate a server unique device secret (UDS) using the device public key and a server private key, generate at least one generated server key using the server UDS, generate at least one generated server certificate using the at least one generated server key, receive the at least one generated device key and at least one generated device certificate, and validate the at least one generated device key and generated device certificate by comparing the at least one generated device key and generated device certificate to the at least one generated server key and generated server certificate, respectively.
-
公开(公告)号:US12039049B2
公开(公告)日:2024-07-16
申请号:US17353497
申请日:2021-06-21
发明人: Zhan Liu
CPC分类号: G06F21/572 , G06F12/14 , G06F21/73 , G06F2221/033
摘要: Systems, apparatuses, and methods to secure identity chaining between software/firmware components of trusted computing base. A memory device includes a secure memory region having access control based on cryptography. The secure memory region stores component information about a second component configured to be executed after a first component during booting. Prior to using a component identity of the second component to generate a compound identifier of the first component, health of the second component to be executed is verified based on the component information stored in the secure memory region.
-
公开(公告)号:US11924638B2
公开(公告)日:2024-03-05
申请号:US17335933
申请日:2021-06-01
发明人: Zhan Liu
CPC分类号: H04W12/069 , H04L9/3247 , H04L9/3268 , H04L9/3278 , H04W12/08 , H04L2209/80 , H04W84/042
摘要: The disclosed embodiments relate to authenticating devices to a cellular network. In one embodiment, a method is disclosed comprising reading a mobile identifier from a storage area of a memory device, the mobile identifier comprising a value associated with a subscriber of a cellular network; signing the mobile identifier using a private key to generate a digital signature, the private key generated using a physically unclonable function (PUF); transmitting the digital signature and a public key to a cellular network, the public key associated with the private key; and receiving, from the cellular network, a confirmation of access to the cellular network, the confirmation generated based on the public key and the digital signature.
-
公开(公告)号:US20240073001A1
公开(公告)日:2024-02-29
申请号:US17899177
申请日:2022-08-30
发明人: Zhan Liu
CPC分类号: H04L9/0825 , H04L9/3247 , H04L9/3268
摘要: In some aspects, the techniques described herein relate to a method including: transmitting, by a user device, a public key of a client device to a key management server (KMS); generating, by the KMS, a digital certificate using the public key of the client device; storing the digital certificate in a storage device of a cloud service; generating, by the client device, a signed command to access the storage device, the signed command signed using a private key corresponding to the public key of the client device; and issuing the signed command to the storage device to access data stored by the storage device.
-
-
-
-
-
-
-
-
-
搜索结果
58 条记录 (耗时 0.019 秒)
