摘要:
A method and system capable of implicitly authenticating users based on information gathered from one or more sensors, which may be located in one or more devices, and an authentication model trained via a machine learning technique. Data is collected, manipulated, and assessed with the authentication model in order to determine if the user is authentic. A wide variety of sensors may be utilized, including sensors in smartphones, smartwatches, other wearable devices, and other sensors accessible via an internet of things (IoT) system. The method and system can include continuously testing the user's behavior patterns and environment characteristics, and allowing authentication without interrupting the user's other interactions with a given device or requiring explicit user input. The method and system may also involve the authentication model being retrained, or adaptively updated to include temporal changes in the user's patterns.
摘要:
A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value. Secure module interactions are provided, as well as the generation of a power-on key which can be used to protect memory in the event of a re-boot event. Lightweight, run-time attestation reports are generated which include selected information about software modules executed by the processors, for use in determining whether the processor is trusted to provide secure services.
摘要:
A functional unit for a microprocessor is provided, which allows for fast, parallel data read, write, and manipulation operations in the microprocessor that are useful for a number of software applications, such as cryptography. The functional unit includes first and second source registers for receiving first and second data items to be processed by the functional unit, first and second banks of memory tables, a combinational logic circuit, and a decoder. The first and second banks of memory tables are in communication with the first source register, and each of the tables is indexed by an index comprising a portion of the first data item received by the first source register. Each index points to a lookup result in a respective one of the memory tables. The combinational logic circuit is in communication with the first and second banks of memory tables and the second source register, receives the lookup results, and processes the lookup results and the second data item in the second source register to produce a result data item. The decoder circuit is in communication with the combinational logic circuit, and extracts an operational code from an instruction supplied to the functional unit, decodes the operational code, and controls the combinational logic circuit in accordance with the operational code.
摘要:
Parallel table lookups are implemented using variable Mux instructions to reorder data. Table data can be represented in a “table” register, while the desired ordering can be represented in an “Index” register. A direct variable Mux instruction can specify the table register and the index register as arguments, along with a result register. The instruction writes at least some of the data from the table register into the result register as specified in the index register. If the entire table cannot fit within a single register, entries can be divided between two or more table registers. An indirect variable Mux instruction can specify both a table-register-select register and a subword-location-select register. Both the direct and indirect Mux instructions can be used with entry data that is divided in accordance with significance between registers. In that case, plural Mux instructions are used with UnPack instructions that concatenate portions of the table entries.
摘要:
The present invention provides permutation instructions which can be used in software executed in a programmable processor for solving permutation problems in cryptography, multimedia and other applications. The permute instructions are based on a Benes network comprising two butterfly networks of the same size connected back-to-back. Intermediate sequences of bits are defined that an initial sequence of bits from a source register are transformed into. Each intermediate sequence of bits is used as input to a subsequent permutation instruction. Permutation instructions are determined for permitting the initial source sequence of bits into one or more intermediate sequence of bits until a desired sequence is obtained. The intermediate sequences of bits are determined by configuration bits. The permutation instructions form a permutation instruction sequence of at least one instruction. At most 21 gr/m permutation instructions are used in the permutation instruction sequence, where r is the number of k-bit subwords to be permuted, and m is the number of network stages executed in one instruction. The permutation instructions can be used to permute k-bit subwords packed into an n-bit word, where k can be 1, 2, . . . , or n bits, and k*r=n.
摘要:
An apparatus for operating on the contents of an input register to generate the contents of an output register which contains a permutation, with or without repetitions, or a combination of the contents of the input register. The apparatus partitions the input register into a plurality of sub-words, each sub-word being characterized by a location in the input register and a length greater than one bit. In response to an instruction specifying a rearrangement of the input register, the present invention directs at least one of the sub-words in the input register to a location in the output register that differs from the location occupied by the sub-word in the input register. The ordering of the sub-words in the output register differ from the order obtainable by a single shift instruction. In the preferred embodiment of the present invention, the invention is implemented by modifying a conventional shifter comprising a plurality of layers of multiplexers. The modification comprises independently setting the control signals for at least one of the multiplexers in at least one of the layers.
摘要:
A computer instruction set is presented in accordance with the preferred embodiment of the present invention. Some instructions within the instruction set have immediate fields which are allowed to vary in length and fill up all unused bit positions in the instructions. A sign bit is in a fixed location for instructions within the instruction set. For example, the sign bit may be right justified with respect to the immediate field, that is the sign bit is put in the least significant (rightmost) bit position. This allows time-critical suboperations to proceed without waiting for the value of the sign bit to be located and decoded.
摘要:
A trust system and method is disclosed for use in computing devices, particularly portable devices, in which a central Authority shares secrets and sensitive data with users of the respective devices. The central Authority maintains control over how and when shared secrets and data are used. In one embodiment, the secrets and data are protected by hardware-rooted encryption and cryptographic hashing, and can be stored securely in untrusted storage. The problem of transient trust and revocation of data is reduced to that of secure key management and keeping a runtime check of the integrity of the secure storage areas containing these keys (and other secrets). These hardware-protected keys and other secrets can further protect the confidentiality and/or integrity of any amount of other information of arbitrary size (e.g., files, programs, data) by the use of strong encryption and/or keyed-hashing, respectively. In addition to secrets the Authority owns, the system provides access to third party secrets from the computing devices. In one embodiment, the hardware-rooted encryption and hashing each use a single hardware register fabricated as part of the computing device's processor or System-on-Chip (SoC) and protected from external probing. The secret data is protected while in the device even during operating system malfunctions and becomes non-accessible from storage according to various rules, one of the rules being the passage of a certain time period. The use of the keys (or other secrets) can be bound to security policies that cannot be separated from the keys (or other secrets). The Authority is also able to establish remote trust and secure communications to the devices after deployment in the field using a special tamper-resistant hardware register in the device, to enable, disable or update the keys or secrets stored securely by the device.
摘要:
The method and system provides a set of permutation primitives for current and future 2-D multimedia programs which are based on decomposing images and objects into atomic units, then finding the permutations desired for the atomic units. The subword permutation instructions for these 2-D building blocks are also defined for larger subword sizes at successively higher hierarchical levels. The atomic unit can be a 2×2 matrix and four triangles contained within the 2×2 matrix. Each of the elements in the matrix can represent a subword of one or more bits. The permutations provide vertical, horizontal, diagonal, rotational, and other rearrangements of the elements in the atomic unit.
摘要:
A N-bit by N-bit multiplication apparatus having the ability to select a part of the multiplication result for storage into a result register N-bits wide. A first embodiment of the invention allows a sequence of n-bits from the N-bit by N-bit multiply result to be stored into an N-bit wide register. N+1 to 1 multiplexors are utilized to select which of the multiply result bits are stored into the result register in response to a computer instruction. The second preferred embodiment utilizes multiplexors having fewer than N+1 inputs to select discrete subsets of the multiply result bits for storage into the N-bit wide result register. In this manner, less complex multiplexors are required which take less chip area to implement. The third preferred embodiment utilizes multiple sets of multiplexors to select multiple subresults generated by a parallel multiplication operation. The multiple subresults are stored in a single result register. By allowing subresults to be selected and stored as part of the multiply operation, a multiply apparatus according to the present invention is more time and instruction efficient than prior art devices.