公开(公告)号：WO2006137059A3

公开(公告)日：2007-06-28

申请号：PCT/IL2006000711

申请日：2006-06-20

Applicant: DISCRETIX TECHNOLOGIES LTD ,  BAR-EL HAGAI

Inventor： BAR-EL HAGAI

IPC: G06F15/16 ,  G06F17/30

CPC classification number: H04L63/0853 ,  G06F21/572 ,  G06F21/575

Abstract: Some demonstrative embodiments of the invention include a method, device and/or system to selectively operate a host connected to a token. The device may include, for example, a host processor to communicate with the token; and a secure module including a secure unit; and a controller to authenticate an identity of the token and, based on the identity, to selectively allow the secure unit to interact with another unit of the host. Other embodiments are described and claimed.

Abstract translation: 本发明的一些演示实施例包括选择性地操作连接到令牌的主机的方法，设备和/或系统。 设备可以包括例如主机处理器与令牌通信; 以及包括安全单元的安全模块; 以及控制器，用于认证令牌的身份，并且基于身份，选择性地允许安全单元与主机的另一个单元进行交互。 描述和要求保护其他实施例。

公开(公告)号：WO2006126191A3

公开(公告)日：2006-11-30

申请号：PCT/IL2006/000602

申请日：2006-05-22

Applicant: DISCRETIX TECHNOLOGIES LTD. ,  BAR-EL, Hagai ,  YERUCHAMI, Aviram ,  DEITCHER, David

Inventor： BAR-EL, Hagai ,  YERUCHAMI, Aviram ,  DEITCHER, David

IPC: H04N7/167

Abstract: Some demonstrative embodiments of the invention include a method, device and/or system to encrypt and/or decrypt data. In one demonstrative embodiment, the device may include, for example, a storage; and an encryption/decryption module to: receive externally-encrypted data to be stored in the storage, wherein the externally-encrypted data is encrypted using an external key; decrypt the externally-encrypted data using the external key to generate decrypted data; and encrypt the decrypted data using a securely maintained internal key to generate internally-encrypted data. Other embodiments are described and claimed.

公开(公告)号：WO2004070510A3

公开(公告)日：2004-10-21

申请号：PCT/IL2004000116

申请日：2004-02-05

Applicant: DISCRETIX TECHNOLOGIES LTD ,  GUERON SHAY ,  PARZANCHEVSKI ORI ,  ZUK OR

Inventor： GUERON SHAY ,  PARZANCHEVSKI ORI ,  ZUK OR

IPC: G06F20060101 ,  G06F7/00 ,  G06F7/72 ,  G06F12/14 ,  H04L9/00 ,  H04L9/06

CPC classification number: G06F7/00 ,  G06F7/724 ,  G06F2207/7209 ,  G06F2207/7219 ,  G06F2207/7233 ,  H04L9/003 ,  H04L9/0631 ,  H04L2209/046

Abstract: Embodiments of the invention provide a method and a device for manipulating data (108) by converting masked data in a first representation of a finite field into converted data in a second representation of the finite field (102), and manipulating the converted data (106) to obtain manipulated masked data.

Abstract translation: 本发明的实施例提供了一种用于通过将有限域的第一表示中的掩蔽数据转换为有限域（102）的第二表示中的转换数据并操纵转换的数据（106）来操纵数据（108）的方法和装置 ）以获得操纵的掩蔽数据。

公开(公告)号：WO2003023601A3

公开(公告)日：2003-03-20

申请号：PCT/IL2002/000317

申请日：2002-04-22

Applicant: DISCRETIX TECHNOLOGIES LTD ,  GUERON, Shay ,  HADAD, Isaac

Inventor： GUERON, Shay ,  HADAD, Isaac

IPC: G06F7/72

Abstract: A method for carrying out computations of modular exponentiation (M E mod N) by hardware involving Montgomery multiplication operations utilizing a non-reduced and extended Montgomery multiplication between a first (A) and a second (B) integer values, in which the number of iterations required is greater than the number of bits n of an odd modulus value N, and a pre-calculated auxiliary operand value M'=M*2 s mod N. The method comprises carrying out non-reduced and extended Montgomery multiplication (NRMM (s) ), by utilizing a first and a second multiplication units capable of storing the result of said multiplication. A pre-calculated auxiliary operand value M' is stored in the second multiplication unit and in a storage device. The following step are then performed: non-reduced and extended Montgomery multiplication is performed by the second multiplication unit, of its content by itself (NFMM (s) (M',M')), thereby obtaining non-reduced and extended Montgomery squaring of the content of said second multiplication unit; sequentially scanning the exponent bits E i (i=0,1, ) starting from its LSB, checking the state of each bit, and if the bit state is "1" and it is the first occurrence of exponent bit of state "1", the content of the second multiplication unit is stored in the first multiplication unit, otherwise, a non-reduced and extended Montgomery multiplication is performed by the first multiplication unit, of its content by the value stored in the storage device; storing the result of in the storage device; and repeating steps the above steps until all of the exponent bits are scanned. The modular exponentiation result is obtained by performing non-reduced and extend Montgomery multiplication, by the first multiplication unit, of its content, by 1.

公开(公告)号：WO2006071725A3

公开(公告)日：2007-01-04

申请号：PCT/US2005046586

申请日：2005-12-21

Applicant: SANDISK CORP ,  DISCRETIX TECHNOLOGIES LTD ,  HOLTZMAN MICHAEL ,  COHEN BARUCH BORIS ,  DEITCHER DAVID ,  BAR-EL HAGAI ,  YERUCHAMI AVIRAM

Inventor： HOLTZMAN MICHAEL ,  COHEN BARUCH BORIS ,  DEITCHER DAVID ,  BAR-EL HAGAI ,  YERUCHAMI AVIRAM

IPC: G06F21/78

CPC classification number: G06F21/78

Abstract: The throughput of the memory system is improved where data in a data stream is cryptographically processed by a circuit without involving intimately any controller. The data stream is preferably controlled so that it has a selected data source among a plurality of sources and a selected destination among a plurality of destinations, all without involving the controller. The cryptographic circuit may preferably be configured to enable the processing of multiple pages, selection of one or more cryptographic algorithms among a plurality of algorithms to encryption and/or decryption without involving a controller, and to process data cryptographically in multiple successive stages without involvement of the controller. For a memory system cryptographically processing data from multiple data streams in an interleaved manner, when a session is interrupted, security configuration information may be lost so that it may become impossible to continue the process when the session is resumed. To retain the security configuration information, the controller preferably causes the security configuration information for the session to be stored before the interruption so that it is retrievable after the interruption.

Abstract translation: 在数据流中的数据由电路进行密码处理而不涉及任何控制器的情况下，存储器系统的吞吐量得到改善。 优选地控制数据流，使得其具有多个源中的选择的数据源和多个目的地中的所选择的目的地，全部不涉及控制器。 密码电路可以优选地被配置为能够处理多个页面，在多个算法之间选择一个或多个加密算法以加密和/或解密而不涉及控制器，并且在多个连续阶段以密码方式处理数据，而不涉及 控制器。 对于以交织方式从多个数据流加密处理数据的存储器系统，当会话被中断时，可能丢失安全配置信息，从而当会话被恢复时可能变得不可能继续该过程。 为了保持安全配置信息，控制器优选地在中断之前存储会话的安全配置信息，以便在中断之后可以检索会话的安全配置信息。

公开(公告)号：WO2006056988A3

公开(公告)日：2006-12-21

申请号：PCT/IL2005001251

申请日：2005-11-24

Applicant: DISCRETIX TECHNOLOGIES LTD ,  WEISS YOAV ,  YERUCHAMI AVIRAM

Inventor： WEISS YOAV ,  YERUCHAMI AVIRAM

IPC: G06F12/14 ,  H04L9/00

CPC classification number: G06F13/1668 ,  G06F12/1425 ,  G06F12/1441 ,  G06F12/1491 ,  G06F21/51 ,  G06F21/57 ,  G06F21/74

Abstract: Embodiments of the present invention provide a method, apparatus and system of securing an operating system. The apparatus, according to some demonstrative embodiments of the invention, may include a memory access controller to receive from a processor a program counter representing a requested address of a memory to be accessed by the processor during a kernel mode of operation, and to selectively enable the processor to access the requested address based on a comparison between the requested address and one or more allowable addresses. Other embodiments are described and claimed.

Abstract translation: 本发明的实施例提供了保护操作系统的方法，装置和系统。 根据本发明的一些说明性实施例，该设备可以包括存储器访问控制器，用于从处理器接收表示在内核操作模式期间要由处理器访问的存储器的请求地址的程序计数器，并且选择性地启用 处理器基于所请求的地址与一个或多个可允许地址之间的比较来访问所请求的地址。 描述并要求保护其他实施例。

公开(公告)号：WO2006056988A2

公开(公告)日：2006-06-01

申请号：PCT/IL2005/001251

申请日：2005-11-24

Applicant: DISCRETIX TECHNOLOGIES LTD. ,  WEISS, Yoav ,  YERUCHAMI, Aviram

Inventor： WEISS, Yoav ,  YERUCHAMI, Aviram

IPC: G06F13/00

CPC classification number: G06F13/1668 ,  G06F12/1425 ,  G06F12/1441 ,  G06F12/1491 ,  G06F21/51 ,  G06F21/57 ,  G06F21/74

Abstract: Embodiments of the present invention provide a method, apparatus and system of securing an operating system. The apparatus, according to some demonstrative embodiments of the invention, may include a memory access controller to receive from a processor a program counter representing a requested address of a memory to be accessed by the processor during a kernel mode of operation, and to selectively enable the processor to access the requested address based on a comparison between the requested address and one or more allowable addresses. Other embodiments are described and claimed.

Abstract translation: 本发明的实施例提供了一种固定操作系统的方法，装置和系统。 根据本发明的一些演示实施例，该装置可以包括存储器访问控制器，用于在内核操作模式期间从处理器接收表示要由处理器访问的存储器的请求地址的程序计数器，并且选择性地启用 所述处理器基于所请求的地址与一个或多个允许地址之间的比较来访问所请求的地址。 描述和要求保护其他实施例。

公开(公告)号：WO2006051522A2

公开(公告)日：2006-05-18

申请号：PCT/IL2005/001156

申请日：2005-11-03

Applicant: DISCRETIX TECHNOLOGIES LTD. ,  BAR-EL, Hagai

Inventor： BAR-EL, Hagai

IPC: H04L9/00

CPC classification number: G11B20/00246 ,  G06F21/79 ,  G11B20/00086 ,  G11B20/0021 ,  G11B20/00753 ,  H04L9/0637 ,  H04L9/0897 ,  H04L9/3242

Abstract: Some demonstrative embodiments of the invention include a method, device an/or system of securely storing data, for example, by preventing unauthorized disclosure of the stored data, and/or ensuring the integrity of the stored data. An apparatus able to securely store data may include, according to some demonstrative embodiments of the invention, a secure control configuration, which may include a secure memory to securely store a key; an encryption module to generate an encrypted record by encrypting a data record to be stored using the key; and a controller to generate authentication information for authenticating the integrity of the encrypted record based on the key. The apparatus may also include a storage for storing the encrypted record and the authentication information. Other embodiments are described and claimed.

Abstract translation: 本发明的一些说明性实施例包括安全地存储数据的方法，设备和/或系统，例如通过防止对存储的数据的未经授权的公开，和/或确保所存储的数据的完整性 。 根据本发明的一些说明性实施例，能够安全地存储数据的设备可以包括安全控制配置，其可以包括安全存储器以安全地存储密钥; 加密模块，用于通过使用密钥加密要存储的数据记录来生成加密记录; 以及控制器，用于基于密钥生成用于认证加密记录的完整性的认证信息。 该装置还可以包括用于存储加密记录和认证信息的存储装置。 描述并要求保护其他实施例。

公开(公告)号：WO2004014016A1

公开(公告)日：2004-02-12

申请号：PCT/IL2003/000647

申请日：2003-08-06

Applicant: DISCRETIX TECHNOLOGIES LTD. ,  GUERON, Shay ,  ZUK, Or

Inventor： GUERON, Shay ,  ZUK, Or

IPC: H04L9/00

CPC classification number: G06F7/724 ,  G06F2207/7209 ,  H04L9/0631 ,  H04L9/0637 ,  H04L2209/12

Abstract: Embodiments of the invention provide a method and a device for manipulating data provided in a GF(2 2s ) representation, e.g., for implementing at least some AES encryption and/or decryption operations on data provided in a GF(2 2s ) representation, by converting the GF(2 2s ) into a GF((2 s ) 2 ) representation (102) and performing GF(2 2s ) equivalent operations in the GF((2 s ) 2 ) representation (104).

Abstract translation: 本发明的实施例提供了一种用于操纵以GF（2 <2s>）表示提供的数据的方法和装置，例如用于对GF（2 <2s>）表示中提供的数据进行至少一些AES加密和/或解密操作。 ）表示，通过将GF（2 <2s>）转换为GF（（2））2）表示（102）并且在GF中执行GF（2 <2s>）等效操作（（2 ）<2>）表示（104）。