公开(公告)号：US20210124818A1

公开(公告)日：2021-04-29

申请号：US16661856

申请日：2019-10-23

Applicant: QUALCOMM Incorporated

Inventor： Baranidharan MUTHUKUMARAN ,  Satish ANAND ,  Mahadevamurty NEMANI ,  Ivan MCLEAN ,  Miguel BALLESTEROS

IPC: G06F21/45 ,  H04L9/08 ,  H04L9/14

Abstract: In illustrative examples described herein, a hardware-based mechanism is provided to prevent brute force attacks on user credentials. In some examples, a throttling policy is added to a hardware key manager to provide timer-based throttling using a secure hardware timer. A register or slot in hardware is used to maintain throttling policy attributes or parameters for tracking a throttle count and a timeout value to be enforced. During a cryptographic wrap operation, a user key is associated with, or bound to, the slot or register. During a subsequent unwrap operation, the hardware key manager then enforces any needed timeouts by throttling user access in response to any incorrect entries based on the throttling policy attributes or parameters maintained in the slot or register. Examples exploiting an always-on battery-backed processing island are also provided. In some examples, throttling is implemented without the use of any secure storage.

公开(公告)号：US20200082088A1

公开(公告)日：2020-03-12

申请号：US16127730

申请日：2018-09-11

Applicant: QUALCOMM Incorporated

Inventor： Baranidharan MUTHUKUMARAN ,  Ivan MCLEAN ,  Bollapragada V.J. MANOHAR ,  Vincent Pierre LE ROY ,  Ashish GROVER

IPC: G06F21/57 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32

Abstract: Various embodiments include methods and devices for implementing protection of data by preventing non-authorized firmware modification on a computing device. Embodiments may include measuring, by a software program, an image of a firmware update producing a measurement of the image of the firmware update, modifying a version identifier of a prior installed firmware producing a version identifier of the firmware update, applying a root key generation algorithm to the measurement of the image of the firmware update, the version identifier of the firmware update, and an enroll identity credential, generating an enroll encryption root key as an output of the root key generation algorithm, applying a seed key encryption algorithm to the enroll encryption root key and an enroll encryption seed key, and generating a sealed encryption seed key as an output of the seed key encryption algorithm.