公开(公告)号：WO2023069464A1

公开(公告)日：2023-04-27

申请号：PCT/US2022/047056

申请日：2022-10-18

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： CHAMARAJ, Sangeetha ,  ORZEN, Matthew E. ,  POCHUEV, Denis Alexandrovich

IPC: G06F21/62 ,  G06F21/72 ,  H04W12/06 ,  G06F21/73 ,  H04W12/0431

Abstract: An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset. Responsive to authenticating the client, the application sends, to a second platform, a second request to determine whether the client has access to the secure data asset. Responsive to receiving an indication, from the second platform, that the client has access to the secure data asset, the application performs one or more operations to generate the secure data asset. The application sends, to the tester device, the generated secure data asset.

公开(公告)号：WO2023003737A2

公开(公告)日：2023-01-26

申请号：PCT/US2022/037024

申请日：2022-07-13

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： HAMBURG, Michael, Alexander ,  SINGH, Arvind ,  DE MEYER, Lauren

IPC: G06F7/53 ,  G06F7/505 ,  G06F7/72 ,  H04L9/14 ,  G06F7/544 ,  H04L9/30

Abstract: Aspects of the present disclosure involve a cryptographic processor that includes four or more multiplication circuits, two or more addition circuits, and two or more memory circuits. The cryptographic engine is configured to perform a variety of operations, including modular multiplication, modular inversion, matrix multiplication, Montgomery multiplication, computations of Jacobi symbols, and the like. The cryptographic engine support streaming computations where at least some of the multiplication circuits operate on multipliers and/or multiplicands that are also used during other cycles of computations.

公开(公告)号：WO2022140163A1

公开(公告)日：2022-06-30

申请号：PCT/US2021/063880

申请日：2021-12-16

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： MARSON, Mark Evan ,  HAMBURG, Michael Alexander ,  HANDSCHUH, Helena

IPC: G06F17/16 ,  G06F21/00 ,  G06F21/14 ,  G06N3/02 ,  G06N3/04

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

公开(公告)号：WO2021046420A1

公开(公告)日：2021-03-11

申请号：PCT/US2020/049505

申请日：2020-09-04

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： BEST, Scott, C. ,  RODGERS, Christopher, Leigh

IPC: H04L9/00

Abstract: A pattern detector circuit is provided in a security chip, wherein the pattern detector circuit monitors accesses of a plurality of configuration registers, each of the plurality of configuration registers having a corresponding address. In response to receiving from a host a predefined sequence of accesses of the plurality of configuration registers for one or more operations to the plurality of configuration registers, a processor in the pattern detector circuit determines a value indicative of a current version of a netlist for the security chip. The determined value is made available to be obtained by a read operation by the host at a specific configuration register address.

公开(公告)号：WO2017223509A1

公开(公告)日：2017-12-28

申请号：PCT/US2017/039107

申请日：2017-06-23

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： DE MULDER, Elke

IPC: G06F11/30

Abstract: Systems and methods for performing cryptographic data processing operations employing non-linear share encoding for protecting from external monitoring attacks. An example method may comprise: receiving a plurality of shares representing a secret value employed in a cryptographic operation, wherein plurality of shares comprises a first share represented by an un-encoded form and a second share represented by an encoded form; producing a transformed form of the second share; and performing the cryptographic operation using the transformed form of the second share.

Abstract translation: 系统和方法，用于执行使用非线性共享编码的密码数据处理操作以防止外部监视攻击。 示例方法可以包括：接收表示密码操作中使用的秘密值的多个份额，其中多个份额包括由未编码形式表示的第一份额和由编码形式表示的第二份额; 产生第二份额的变换形式; 并使用第二份额的变换形式执行密码操作。

公开(公告)号：WO2017087552A1

公开(公告)日：2017-05-26

申请号：PCT/US2016/062331

申请日：2016-11-16

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： WITTENAUER, Joel Patrick ,  BEST, Scott C. ,  KOCHER, Paul Carl

IPC: H04L9/28

CPC classification number: H04L9/3271

Abstract: A table key capable of decrypting a first table from a plurality of encrypted tables may be received. Each of the encrypted tables may include at least one pair of values corresponding to a challenge value and a response value. A request to authenticate a secondary device may be received and in response to the request to authenticate the secondary device, a challenge value obtained by using the table key to decrypt an entry in the first table may be transmitted to the secondary device. A second challenge value may be transmitted to the secondary device and a cryptographic proof may be received from the secondary device. The validity of the cryptographic proof received from the secondary device may be authenticated based on the second challenge value and the response value obtained by using the table key to decrypt the entry in the first table.

Abstract translation: 可以接收能够从多个加密表格中解密第一表格的表格密钥。 每个加密表可以包括对应于挑战值和响应值的至少一对值。 可以接收认证次级设备的请求，并且响应于认证次级设备的请求，可以将通过使用表密钥解密第一表中的条目而获得的质询值发送到次级设备。 第二挑战值可以被发送到辅助设备并且可以从辅助设备接收密码证据。 可以基于第二挑战值和通过使用表密钥来解密第一表中的条目而获得的响应值来认证从次设备接收的密码证明的有效性。

公开(公告)号：WO2016032975A1

公开(公告)日：2016-03-03

申请号：PCT/US2015/046592

申请日：2015-08-24

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： MARTINEAU, Philippe Alain ,  KUMAR, Ambuj ,  RAWLINGS, William Craig

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L63/061 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/3271 ,  H04L63/0853 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06

Abstract: A base key that is stored at a device may be received. A network identification may further be received. A device identification key may be generated based on a combination of the network identification and the base key. Furthermore, the device identification key may be used to authenticate the device with a network that corresponds to the network identification.

Abstract translation: 可以接收存储在设备处的基本密钥。 可以进一步接收网络标识。 可以基于网络标识和基本密钥的组合来生成设备标识密钥。 此外，设备识别密钥可以用于使用与网络标识对应的网络来认证设备。

公开(公告)号：WO2015191239A1

公开(公告)日：2015-12-17

申请号：PCT/US2015/031203

申请日：2015-05-15

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： SAAB, Sami James ,  ROHATGI, Pankaj ,  HAMPEL, Craig E.

IPC: H04L9/00 ,  G06F21/75 ,  H04L9/06

CPC classification number: H04L9/002 ,  G06F9/30007 ,  G06F21/556 ,  H04L9/003 ,  H04L9/0631 ,  H04L9/0822 ,  H04L2209/12

Abstract: Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting an internal state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.

Abstract translation: 用于以抵御外部监视攻击的方式执行加密数据处理操作的系统和方法。 示例性方法可以包括：由处理设备执行影响处理设备的内部状态的第一数据操作指令，第一数据操作指令; 执行第二数据操作指令，所述第二数据操作指令与所述内部状态交互; 以及通过使用不可预测的数据项执行第三数据操作指令来破坏第一数据操作指令和第二数据操作指令的可检测的交互。

公开(公告)号：WO2015171511A1

公开(公告)日：2015-11-12

申请号：PCT/US2015/029081

申请日：2015-05-04

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： HAMBURG, Michael ,  JUN, Benjamin Che-Ming ,  KOCHER, Paul C. ,  O'LOUGHLIN, Daniel ,  POCHUEV, Denis Alexandrovich ,  KUMAR, Ambuj

IPC: G06F21/73 ,  G06F21/72

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/06

Abstract: Described herein are technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance or sequential issuance of target device parameters. One implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

Abstract translation: 这里描述了用于消费和提供数据资产（例如预先计算（PCD））资产的票务系统的技术。 票可以是数字文件或数据，其能够实现使用计数限制和唯一性发布或连续发布目标设备参数。 一个实现包括加密管理器（CM）系统的设备设备，其从服务设备接收网络上的模块和故障单。 该模块是在目标设备的制造生命周期的操作阶段中将数据资产安全地提供给目标设备的应用程序。 该票是允许电器设备执行模块的数字数据。 电器设备验证机票以执行模块。 该模块在执行时会导致一系列操作的安全构造，以将数据资产安全地提供给目标设备。

公开(公告)号：WO2015171470A1

公开(公告)日：2015-11-12

申请号：PCT/US2015/028944

申请日：2015-05-01

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： POCHUEV, Denis Alexandrovich ,  SWAMI, Yogesh ,  O'LOUGHLIN, Daniel

IPC: G06F21/57 ,  H04L12/24 ,  H04W12/04

CPC classification number: H04L63/0442 ,  G06F21/57 ,  H04L9/14 ,  H04L41/0806 ,  H04L2209/24 ,  H04W12/04

Abstract: Described herein are technologies for a device definition process to establish a unique identity and a root of trust of a cryptographic manager (CM) device, the CM device to be deployed in a CM system. The device definition process can take place in a device definition phase of a manufacturing lifecycle of the CM device. One implementation of a CM device, an initialization application generates a device definition request to establish the unique identity and the root of trust. In response to the device definition request, the initialization application obtains device identity and device credentials of the CM device and stores the device definition request in storage space of a removable storage device. The initialization application imports a device definition response containing provisioning information generated by a provisioning device of a cryptographic manager system in response to the device definition request.

Abstract translation: 这里描述的是用于建立密码管理器（CM）设备（CM部署在CM系统中的CM设备）的唯一身份和信任根的设备定义过程的技术。 设备定义过程可以在CM设备的制造生命周期的设备定义阶段中进行。 CM设备的一个实现，初始化应用程序生成设备定义请求，以建立唯一身份和信任根。 响应于设备定义请求，初始化应用获得CM设备的设备身份和设备凭证，并将设备定义请求存储在可移动存储设备的存储空间中。 初始化应用程序响应于设备定义请求导入包含由加密管理器系统的供应设备生成的供应信息的设备定义响应。