公开(公告)号：US20250131135A1

公开(公告)日：2025-04-24

申请号：US18788751

申请日：2024-07-30

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: G06F21/78 ,  G06F21/33 ,  G06F21/60

Abstract: In some implementations, the techniques described herein relate to a system including: an operating system; and a trusted execution environment including a controller and a write-protected storage area, wherein the controller is configured to: receive a command to modify access to trace functionality provided by the operating system, validate the command using a public key stored in the write-protected storage area, and update a register accessible by the operating system based on the command in response to validating the command, wherein the operating system is configured to allow or disallow access to trace functionality based on contents of the register.

公开(公告)号：US20250053498A1

公开(公告)日：2025-02-13

申请号：US18927669

申请日：2024-10-25

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: G06F11/36

Abstract: In some aspects, the techniques described herein relate to a device including: a debug port; a trusted execution environment (TEE), the TEE storing a public key; and a controller, the controller configured to: receive a command to access the debug port, the command including a signature generated using a private key corresponding to the public key; provide the command to the TEE, wherein the TEE validates the command by validating the signature using the public key to obtain a validation result; and modify access to the debug port based on the validation result.

公开(公告)号：US12225130B2

公开(公告)日：2025-02-11

申请号：US17576889

申请日：2022-01-14

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

Abstract: The disclosure relates to improvements in secure channel establishment. In some aspects, the techniques described herein relate to a method including: issuing, by a client device to a server, a request to establish a secure connection; receiving, by the client device, a response to the request to establish a secure connection from the server, the response including a digital certificate associated with a public key stored by the server, the public key used to establish a symmetric key; validating, by the client device, the digital certificate; and computing, by the client device, a shared secret using the public key stored by the server and a private key generated by the client device.

公开(公告)号：US12166876B2

公开(公告)日：2024-12-10

申请号：US17390049

申请日：2021-07-30

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: H04L9/08 ,  H04L9/32

Abstract: The disclosed embodiments relate to hardware security modules. In one embodiment, a method is disclosed comprising reading a random value from a physically unclonable function (PUF); generating a seed value from the random value; generating a cryptographic key using the seed value; and processing a cryptographic operation using the cryptographic key.

公开(公告)号：US20240406008A1

公开(公告)日：2024-12-05

申请号：US18807757

申请日：2024-08-16

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: H04L9/32 ,  G06F3/06 ,  G06F9/4401 ,  G06F21/57 ,  H04L9/30

Abstract: The example embodiments relate to improvements in managing boot code images. In an embodiment, a device is disclosed comprising a memory device, the memory device including a storage array, the storage array comprising a first partition and a second partition, wherein the first partition comprises a writeable partition and the second partition comprises a write-protected partition; and a processor configured to: load a golden boot image from the second partition, display a boot prompt after loading the golden boot image, receive an update boot image, the update boot image including a signature, read a public key from the second partition, validate the signature using the public key, and replace a current boot image stored in the first partition with the update boot image.

公开(公告)号：US20240267219A1

公开(公告)日：2024-08-08

申请号：US18431653

申请日：2024-02-02

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/30 ,  H04L9/088 ,  H04L9/3247

Abstract: In some aspects, the techniques described herein relate to a system including: a Device Identity Composition Engine (DICE) configured to generate asymmetric key pairs for software layers of a computing system; and a secure element (SE), the secure element configured to receive requests for accessing the software layers and validating a request for a given software layer by: generating a nonce, providing the nonce and an identifier of the given software layer to the DICE, receiving a response from the DICE, and validating the response using a public key corresponding to the given software layer to allow access to the given software layer.

公开(公告)号：US11997212B2

公开(公告)日：2024-05-28

申请号：US16453909

申请日：2019-06-26

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: H04L9/32 ,  G06F3/06

CPC classification number: H04L9/3247 ,  G06F3/0623 ,  G06F3/0659 ,  G06F3/0673 ,  H04L9/3242

Abstract: Methods, systems, and devices for payload validation for a memory system are described. A payload receiver may be a device that includes an array of memory cells configured to store data, and a payload transmitter may be a host of a payload receiver (e.g., a host device) or another device that is in communication with the payload receiver. A payload receiver may be configured to receive an information payload and a signature associated with the information payload. The received signature may be based on the information payload and an identifier of the payload receiver previously provided to the payload transmitter. The payload receiver may generate a signature based on the information payload and the identifier of the payload receiver (e.g., as stored or cached at the payload receiver), and authenticate the information payload based on the received signature and the generated signature.

公开(公告)号：US20230393762A1

公开(公告)日：2023-12-07

申请号：US17831370

申请日：2022-06-02

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: G06F3/06 ,  H04L9/30

CPC classification number: G06F3/0622 ,  G06F3/0655 ,  G06F3/0679 ,  H04L9/3013 ,  H04L9/3066

Abstract: The disclosure relates to improvements in the delivery of cryptographic data to secure memory devices. In some aspects, the techniques described herein relate to a method including: receiving, by a memory device, a command, the command including a public key and a hash of a unique device secret (UDS); generating, by the memory device, a local UDS using the public key and a locally stored private key; generating, by the memory device, a local UDS hash by inputting the local UDS into a hashing algorithm; determining, by the memory device, whether the local UDS hash matches the hash included in the command; writing, by the memory device, the public key to a key storage area if the local UDS hash matches the hash included in the command; and returning, by the memory device, a failure response if the local UDS hash does not match the hash included in the command.

公开(公告)号：US20230046674A1

公开(公告)日：2023-02-16

申请号：US17399919

申请日：2021-08-11

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: G06F21/57 ,  G06F8/65 ,  H04L9/32 ,  G06F8/71 ,  G06F9/4401 ,  G06F11/14

Abstract: The disclosed embodiments relate to securely booting firmware images. In one embodiment, a method is disclosed comprising receiving, by a memory device, a firmware update; validating, by the memory device, a signature associated with the firmware update; copying, by the memory device, an existing firmware image to an archive location, the archive location storing a plurality of firmware images sorted by version identifiers; booting, by the memory device, and executing the firmware update; and replacing, by the memory device, the firmware update with the existing firmware image stored in the archive location upon detecting an error while booting the firmware update.

公开(公告)号：US20220405391A1

公开(公告)日：2022-12-22

申请号：US17353497

申请日：2021-06-21

Applicant: Micron Technology, Inc.

Inventor： Zhan Liu

IPC: G06F21/57

Abstract: Systems, apparatuses, and methods to secure identity chaining between software/firmware components of trusted computing base. A memory device includes a secure memory region having access control based on cryptography. The secure memory region stores component information about a second component configured to be executed after a first component during booting. Prior to using a component identity of the second component to generate a compound identifier of the first component, health of the second component to be executed is verified based on the component information stored in the secure memory region.