公开(公告)号：US12206756B2

公开(公告)日：2025-01-21

申请号：US17082790

申请日：2020-10-28

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Younsung Chu ,  Junho Huh

IPC: H04L9/00 ,  H04L9/06 ,  H04L9/32

Abstract: An electronic device of a first domain, which is a blockchain-based public key infrastructure (PKI) domain, includes: an interface configured to receive, from a first entity belonging to a second domain which is a certification authority (CA)-based PKI domain, a first certificate of the first entity and a second certificate of a second entity, wherein the second entity is an upper node of the first entity and is a node of a blockchain; a memory configured to store the first certificate and the second certificate; and a processor configured to look up a transaction corresponding to the second entity at a distributed ledger of the first domain based on an identifier of the second entity, verify the second certificate based on the transaction, and verify the first certificate based on the second certificate.

公开(公告)号：US11863664B2

公开(公告)日：2024-01-02

申请号：US17326718

申请日：2021-05-21

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Younsung Chu

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/083 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0869 ,  H04L9/3247 ,  H04L9/3263

Abstract: A method for performing key exchange for a security operation in a storage device includes generating, by a trusted third party (TTP), a first certificate based on a first user ID and first public key and generating a second certificate based on a second user ID and second public key. While the storage device is accessed by the first user ID, a first verification is performed on the second certificate based on a third certificate. When the first verification is successfully completed, a ciphering key is derived based on a first private key and the second public key. While the storage device is accessed by the second user ID, a second verification is performed on the first certificate based on the third certificate. When the second verification is successfully completed, the ciphering key is derived based on a second private key and the first public key.

公开(公告)号：US12124710B2

公开(公告)日：2024-10-22

申请号：US18217736

申请日：2023-07-03

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Hyunsook Hong ,  Jisoo Kim ,  Yongsuk Lee ,  Younsung Chu ,  Hyungsup Kim

IPC: G06F3/06 ,  G06F21/78 ,  G06F7/58

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/0659 ,  G06F3/0673 ,  G06F21/78 ,  G06F7/588

Abstract: A method of writing data to a protected region in response to a request from a host includes receiving a first write request including a first host message authentication code and a first random number from the host, verifying the first write request based on a write count, the first random number, and the first host message authentication code, updating the write count based on a result of verifying the first write request, generating a first device message authentication code based on the updated write count and the first random number, and providing the host with a first response including the first device message authentication code and a result of the verifying of the first write request.

公开(公告)号：US20230145936A1

公开(公告)日：2023-05-11

申请号：US17817785

申请日：2022-08-05

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Minho Kim ,  Younsung Chu

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3263 ,  H04L9/3247 ,  H04L9/0825

Abstract: Storage systems including a host device, a switch device, and storage devices connected to the host device through the switch device are described. Moreover, techniques for operating a host device, a switch device, and/or one or more storage devices are also described. One or more aspects of the present disclosure may provide for improved storage devices and systems via implementation of blockchain networks. In some cases, a storage device itself may be a node of a blockchain network, or a system including a storage device may be a node of a blockchain network. One or more aspects of the present disclosure provide for attestation of firmware (e.g., qualification verification to identify whether the firmware is operating normally) performed using the blockchain. Further, one or more aspects of the present disclosure describe techniques for performing device authentication between devices, for performing qualification verification for firmware, for performing firmware updates, etc.

公开(公告)号：US20240078315A1

公开(公告)日：2024-03-07

申请号：US18205829

申请日：2023-06-05

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Younsung Chu ,  Jisoo Kim ,  Sungho Yoon

IPC: G06F21/57 ,  H04L9/32

CPC classification number: G06F21/575 ,  H04L9/3247 ,  G06F2221/034

Abstract: A booting system includes a firmware release server, an electronic device configured to execute a boot loader and first firmware distributed from the firmware release server, the electronic device including at least one processor, a first storage unit configured to store a secret value shared with the firmware release server, a read-only memory (ROM) configured to store a ROM code executable in booting, a second storage unit configured to store the boot loader and the first firmware, where the ROM code, when executed, causes the at least one processor to perform a verification operation on the boot loader based on the secret value and a first endorsement image received from the firmware release server, and where the boot loader is configured to perform a verification operation on the first firmware based on a second endorsement image received from the firmware release server.

公开(公告)号：US11722316B2

公开(公告)日：2023-08-08

申请号：US16923521

申请日：2020-07-08

Applicant: Samsung Electronics Co., Ltd.

Inventor： Younsung Chu ,  Junho Huh

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/00

CPC classification number: H04L9/3263 ,  H04L9/0643 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/50

Abstract: A cryptographic communication system includes an electronic device configured to output a certificate and a transaction including a first hash value in which a certificate is hashed certificate, and a node configured to first determine whether the electronic device generated the transaction based on the transaction and the certificate, to second determine whether information included in the transaction and information included in the certificate coincide, and to third add a block to a distributed ledger depending on the result of the first determining and the second determining. The block includes the transaction, and the electronic device is configured to generate the certificate such that the certificate includes an ID of the electronic device and a public key of the electronic device.

公开(公告)号：US11714561B2

公开(公告)日：2023-08-01

申请号：US17358367

申请日：2021-06-25

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Hyunsook Hong ,  Jisoo Kim ,  Yongsuk Lee ,  Younsung Chu ,  Hyungsup Kim

IPC: G06F3/06 ,  G06F21/78 ,  G06F7/58

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/0659 ,  G06F3/0673 ,  G06F21/78 ,  G06F7/588

Abstract: A method of writing data to a protected region in response to a request from a host includes receiving a first write request including a first host message authentication code and a first random number from the host, verifying the first write request based on a write count, the first random number, and the first host message authentication code, updating the write count based on a result of verifying the first write request, generating a first device message authentication code based on the updated write count and the first random number, and providing the host with a first response including the first device message authentication code and a result of the verifying of the first write request.