An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset. Responsive to authenticating the client, the application sends, to a second platform, a second request to determine whether the client has access to the secure data asset. Responsive to receiving an indication, from the second platform, that the client has access to the secure data asset, the application performs one or more operations to generate the secure data asset. The application sends, to the tester device, the generated secure data asset.
A system receives, from a first provisioning entity, a request for first secure device data related to a semiconductor device. The first secure device data is associated with one or more provisioning operations performed, on the semiconductor device, by a second provisioning entity. Based on determining that the first provisioning entity has permission to access the first secure device data, the first secure device data is provided to the first provisioning entity. Second secure device data associated with one or more provisioning operations performed by the first provisioning entity on the semiconductor device is received from the first provisioning entity.
Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
4.
PROTECTION OF HOMOMORPHIC ENCRYPTION COMPUTATIONS BY MASKING WITHOUT UNMASKING
Aspects and implementations are directed to systems and techniques for protecting cryptographic operations against side-channel attacks by masking a ciphertext data using one or more masks randomly sampled from a null space associated with a tensor representation of a secret data and generating a plaintext data using the masked ciphertext data.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
5.
RECONFIGURABLE PROCESSING UNITS FOR EFFICIENT SUPPORT OF MULTIPLE POST-QUANTUM CRYPTOGRAPHIC ALGORITHMS
Disclosed aspects and implementations are directed to devices and techniques for performing cryptographic operations using post-quantum algorithms. Reconfigurable processing devices supports multiple algorithms that deploy various integer and polynomial arithmetic operations including Number Theoretic Transforms, inverse Number Theoretic Transforms, pointwise polynomial multiplications, pairwise polynomial multiplications, pointwise-pairwise polynomial multiplications, Karatsuba multiplications, and/or other operations. The reconfigurable processing device(s) may be integrated into a streaming pipeline that includes a hash value generator and a sampler with matching throughputs for efficient utilization of computational and memory resources.
6.
FUNCTIONS WITH A PRE-CHARGE OPERATION AND AN EVALUATION OPERATION
An input data may be received. A portion of a cryptographic operation may be performed with the received input data at a first function component. During the performance of the cryptographic operation at the first function component, a pre-charge operation may be performed at a second function component. Furthermore, the second function component may be used to perform another portion of the cryptographic operation with a result of the portion of the cryptographic operation performed at the first function component.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
7.
LOW LATENCY METADATA DECRYPTION USING HASH AND PSEUDORANDOM FUNCTIONS
Systems and techniques for cryptographically protecting data in a computer memory are disclosed. The techniques include dividing the data into a first portion and a second portion, encrypting the first portion of the data to create a first stored form of the data, encrypting the second portion of the data, and storing, in the computer memory, the first stored form of the data and a second stored form of the data. The techniques include, to encrypt the second portion, calculating a hash based on the first stored form of the data, applying a first pseudorandom function to the hash to obtain a bit sequence, and combining the bit sequence with the second portion of the data to obtain the second stored form of the data.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
8.
MULTI-LANE CRYPTOGRAPHIC ENGINES WITH SYSTOLIC ARCHITECTURE AND OPERATIONS THEREOF
Aspects of the present disclosure involve a cryptographic processor that includes a systolic array having a plurality of processing lanes (PLs), each PL including a systolic sub-array of two or more processing elements (PEs), each PE being configured to multiply two numbers to obtain and store a multiplication product. The cryptographic processor is configured to efficiently perform a variety of operations, including multiplication of large numbers, modular reduction, Montgomery reduction, and the like.
G06F 7/544 - Méthodes ou dispositions pour effectuer des calculs en utilisant exclusivement une représentation numérique codée, p.ex. en utilisant une représentation binaire, ternaire, décimale utilisant des dispositifs non spécifiés pour l'évaluation de fonctions par calcul
G06F 5/06 - Procédés ou dispositions pour la conversion de données, sans modification de l'ordre ou du contenu des données maniées pour modifier la vitesse de débit des données, c. à d. régularisation de la vitesse
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
9.
PROVISIONING A VOLATILE SECURITY CONTEXT IN A ROOT OF TRUST
A first device receives, from a second device, a request to provision a security context for the second device. The first device transmits a nonce value to the second device and receives, from the second device, a data structure encoding the security context and a cryptographically signed digest of a combination of the data structure, the nonce value, and a public key. The first device determines a first digest using the nonce value and cryptographically signed digest, and a second digest using the data structure, the nonce value, and the public key. Responsive to determining that the first digest matches the second digest, the first device provisions the security context for the second device by storing the security context on the volatile memory.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Disclosed systems and techniques include a cryptographic processor for processing of both unprotected data and protected data using an unprotected data path. In one implementation, the cryptographic processor includes a processing unit, and a control unit to selectively cause the processing unit to operate in a public mode or a secure mode. In the public mode, the processing unit performs a computational operation to compute a nonlinear function of a public data. In the secure mode, the processing unit computes, over a plurality of iterations, a plurality of shares of the nonlinear function of a secure data. At each iteration, the processing unit performs multiple instances of the computational operation to compute a respective share of the nonlinear function of the secure data.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
11.
GENERATING A TARGET DATA BASED ON A FUNCTION ASSOCIATED WITH A PHYSICAL VARIATION OF A DEVICE
A value corresponding to a physical variation of a device may be received. Furthermore, helper data associated with the physical variation of the device may be received. A result data may be generated based on a combination of the value corresponding to the physical variation of the device and the helper data. An error correction operation may be performed on the result data to identify one or more code words associated with the error correction operation. Subsequently, a target data may be generated based on the one or more code words.
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p.ex. contrôle de parité, exclusion des 9 ou des 11
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A system limits the use (e.g., number of encryptions and/or decryptions using that key value) of cryptographic key values. When a key value's usage count exceeds the limit, that value is "retired", and a new key value is selected. Key identifiers and a key versions are associated with each encrypted data block. The key identifiers are also associated with current key values, a current version indicators, and usage indicators. Key identifiers may also be associated with one or more previous (i.e., 'retired') version indicators and corresponding previous key values. When an encrypted data block associated with a given key identifier is accessed, the key version indicator associated with that block, and the key version indicators associated with the current and previous keys, are used to select the proper key from either the current key value or one of the previous key values.
Technologies for generating an M-bit selection vector for a selector circuit that receives as input M binary values from a set of entropy-generation elements and outputs N binary values responsive to the M-bit selection vector are described. N bits in the M-bit selection vector are set to a first logic state, and M-N bits of the M-bit selection vector are set to a second logic state. A determination of which N bits in the M-bit selection vector are set to the first logic state is determined by a process. The process includes determining an accumulated Hamming weight value for M bit positions of the M-bit selection vector using K samples and identifying N bit positions in the M-bit selection vector using the accumulated Hamming weight values. The process sets the N bits corresponding to the N bit positions in the M-bit selection vector to the first logic state.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Technologies for providing an integrity tree architecture that reduces the number of memory accesses and verification operations needed to perform a read operation. One inline memory encryption (IME) engine performs operations that include receiving a read command for data stored at a data block. The operations further include obtaining a first authentication tag associated with the data block, a first counter value used to generate the first authentication tag; a root counter value, and an intermediate tag. The operations further include generating a second authentication tag based on the intermediate tag, the first counter value, the root counter value, and the data from the data block, and responsive to determining that a value of the first authentication tag matches a value of the second authentication tag, sending, to the host system, the data stored at the data block.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
A request to perform a memory operation addressed to a first address corresponding to a first logical unit of logical units of a memory is received. Address mask data that corresponds to the logical units is identified. Multiple transformed addresses are determined using the first address and the address mask data. The transformed addresses can include a target address corresponding to the first logical unit and additional addresses corresponding to other logical units. The memory operation is performed at the target address corresponding to the first logical unit and dummy memory operations are performed at the additional addresses corresponding to the additional logical units.
Systems and techniques for secure execution of a computing code and protection against code reuse attacks are disclosed. The techniques include fetching, by a processor, a first instruction of the computing code, determining a first verification value, wherein the first verification value is based, at least in part, on one or more attributes of the first instruction, accessing a first stored verification value, and evaluating, using the first verification value and the first stored verification value, execution integrity of the computing code.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
Technologies for protecting a secure context in a hardware root of trust (ROT) are described. One hardware ROT includes key generation logic and a cryptographic circuit. The key generation logic generates a first key from a value, corresponding to a physical variation of the hardware ROT, and first helper data associated with the physical variation of the hardware ROT. The key generation logic generates a second key from the value and second helper data associated with the physical variation of the hardware ROT. The cryptographic circuit receives a first encrypted secure context from off-chip storage and decrypts the first encrypted secure context using the first key to obtain a secure context. The cryptographic circuit encrypts the secure context using the second key to obtain a second encrypted secure context and stores the second encrypted secure context in the off-chip storage.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
18.
PERFORMING VERIFIED RESTORE OF DATA ASSETS IN A CRYPTOGRAPHIC DEVICE
A first platform receives a request to generate a verification package for restoring a backup image at a second platform. The first platform generates a first data asset. The first platform generates a second data asset based on the first data asset and an asset list associated with the backup image. The first platform generates a third data asset based on the asset list. The first platform sends a response that includes the verification package comprising the first data asset, the second data asset, and the third data asset.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Aspects and implementations include systems and techniques for efficient protection of secret data against replay attacks, including updating a unit of data of a plurality of units of data, updating an individual portion of a counter for the unit of data, the counter including an individual portion and a common portion, accessing a pointer value that distinguishes counters corresponding to a first epoch from counters corresponding to a second epoch, selecting, based on at least the pointer value and a value of the individual portion of the counter, an update value, and modifying the pointer value using the update value.
G06F 21/78 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données
20.
INTEGRITY-PROTECTION AUTHENTICATION THROUGH INTERMEDIATE STATES
Technologies for protecting data integrity of an authentication algorithm using intermediate states are described. One inline memory encryption (IME) engine performs an authentication algorithm that uses a hash function to compute an authentication tag. The IME engine includes integrity-protection logic to store an intermediate state of a tag computation and incoming data segments. In the event of an error in the computation, the integrity-protection logic can compute the intermediate state again using a last intermediate state and the last data segment.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 17/00 - TRAITEMENT ÉLECTRIQUE DE DONNÉES NUMÉRIQUES Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques
21.
PROTECTION OF POLYNOMIAL CRYPTOGRAPHIC OPERATIONS AGAINST SIDE-CHANNEL ATTACKS WITH CHANGE-OF-VARIABLE TRANSFORMATIONS
Disclosed aspects and implementations are directed to systems and techniques for protecting cryptographic operations using change-of-variable transformation, from a first variable to a second variable, of a first polynomial obtained using an input into a cryptographic operation and a second polynomial obtained using a cryptographic key for the cryptographic operation, performing a joint operation using the transformed first polynomial and the transformed second polynomial, and computing an output of the cryptographic operation using an output of the joint operation.
Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.
Multiple helper data solutions (a.k.a., helper data blocks), and therefore multiple possible PUF output values, are generated for a given integrated circuit die. These helper data blocks are encrypted and stored in a nonvolatile memory on the integrated circuit die. Each helper data block is encrypted such that each helper data block can only be decrypted by a decryption key that is different from the other encrypted helper data blocks stored on that integrated circuit die. The keys to decrypt the multiple helper data blocks are released one at a time and spread over time. Because the helper data is encrypted, each PUF output value is only discoverable when its associated key is released. Accordingly, counterfeit systems or integrated circuits will need to be re-reverse engineered each time a new key is released.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Aspects of the present disclosure involve a method, a system and a computer readable memory to perform a secure update of a target device, including communicating an update instruction to the target device, generating one or more data values using the update instruction, generating a first authentication value using the data value(s), receiving a second authentication value from the target device, wherein the second authentication value is generated by the target device in response to the update instruction, and determining whether the secure update has been successful based on a comparison of the first authentication value and the second authentication value.
A request, from a tester device, to generate a secure data asset to be securely provisioned to a target device is received by an appliance cluster. The request includes an authorization token. Responsive to receiving the request, one or more verification operations to determine whether the tester device is authorized to request the generation of the secure data asset is performed based on the authorization token. Responsive to determining that the tester device is authorized to request the generation of the secure data asset, a generation of the secure data asset by a hardware security module (HSM) is caused. The generated secure data asset is sent to the tester device in response to the request to generate the secure data asset.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Aspects and implementations include systems and techniques for encryption and decryption of error-corrected codewords for combined protection against corruption of data and adversarial attacks, including obtaining a block of data that has a first plurality of symbols, generating, based on the first plurality of symbols, a second plurality of symbols, wherein the second plurality of symbols includes one or more error correction symbols for the first plurality of symbols, encrypting the second plurality of symbols using a set of symbol-level ciphers (SLCs) to obtain an encrypted plurality of symbols, and using the encrypted plurality of symbols in a computer operation.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
27.
Secure feature and key management in integrated circuits
A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A value corresponding to an input for a cryptographic operation may be received. The value may be masked by multiplying the value with a first number modulo a prime number. The cryptographic operation may subsequently be performed on the masked value.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
29.
Providing access to a hardware resource based on a canary value
A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 21/44 - Authentification de programme ou de dispositif
G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
30.
TECHNIQUES AND DEVICES FOR CONFIGURABLE MEMORY ENCRYPTION AND AUTHENTICATION
Disclosed systems and techniques involve flexible encryption, decryption, retrieval, and authentication of data. The systems may include a cryptographic processor that, in a first selectable mode of operation is configured to identify plaintext blocks, generate encrypted ciphertext blocks, process sequentially the ciphertext blocks to obtain an authentication value, encrypt the authentication value, and store the ciphertext blocks and an authentication tag, obtained based on the encrypted authentication value. In a second selectable mode, the cryptographic processor may perform ciphertext block encryption but forgo obtaining the authentication value.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 12/06 - Adressage d'un bloc physique de transfert, p.ex. par adresse de base, adressage de modules, extension de l'espace d'adresse, spécialisation de mémoire
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/16 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes qui sont changés pendant l'opération
31.
System and method to improve efficiency in multiplication_ladder-based cryptographic operations
Aspects of the present disclosure involve a method to perform a cryptographic operation using a plurality of iterations, each of the plurality of iterations comprising: loading a first number corresponding to a difference between a first component of a first input working point on an elliptic curve and a first component of a second input working point on the elliptic curve, loading a second number corresponding to a difference between the first component of the first input working point and a first component of a third input working point on the elliptic curve, and determining a third number corresponding to a difference between a first component of a first output working point on the elliptic curve and the first component of the second input working point, wherein determining the third number comprises squaring a product of the first number and a first function of the second number.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
32.
PROTECTION OF TRANSFORMATIONS BY INTERMEDIATE RANDOMIZATION IN CRYPTOGRAPHIC OPERATIONS
Aspects of the present disclosure involve a method and a system to perform a cryptographic operation that involves a number theoretic transformation of a first vector to a second vector by obtaining components of the first vector, performing a plurality of iterations that each include determining a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values, the input values into a first iteration being the components of the first vector and the output values of the last iteration being representative of components of the second vector, and wherein one or more of the output values of at least one iteration are randomized by multiplying at least one input value by a random number, and determining, based on the output values of the last of the plurality of iterations, the components of the second vector.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06F 17/14 - Transformations de Fourier, de Walsh ou transformations d'espace analogues
33.
MULTI-PLATFORM USE CASE IMPLEMENTATIONS TO SECURELY PROVISION A SECURE DATA ASSET TO A TARGET DEVICE
An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset to be securely provisioned to a target device. Responsive to receiving the first request, the application performs one or more operations related to the generation of the secure data asset. Subsequent to performing the one or more operations related to the generation of the secure data asset, the application sends, to a second secure platform, a second request to generate the secure data asset. The application receives, from the second secure platform, the generated secure data asset.
A computing system includes a host device and a root of trust (RoT) device for performing batch encryption and decryption operations facilitated by a direct memory access (DMA) engine. The host device generates a command table for batch processing of a set of address tables that each describe a set of data blocks of a file to be encrypted or decrypted. The DMA engine facilitates a DMA transfer of the command table from the host memory to an RoT memory of the RoT device. The RoT device then performs batch processing of the address tables referenced in the command table. For each address table, the DMA engine copies a set of data blocks from the host memory to the RoT memory, a cryptographic engine encrypts or decrypts the data blocks, and the DMA engine copies the transformed data blocks back to the host memory.
Technologies for detecting and classifying errors detected in pipelined hardware are described. One device includes a hardware pipeline with a set of pipeline stages. Error detection logic can detect an error in the hardware pipeline, and control logic can classify the error in one of the multiple categories based on a type of the error, a position of the first data in a data stream that triggered the error, and a position of a pipeline stage in which the error is detected. The control logic can perform an error-response action based on the error classification of the error.
Disclosed are systems and techniques for enhanced protection of cryptographic key generation in cryptographic applications. In particular, described is a method and a system that performs the method of obtaining input numbers associated with a cryptographic application, generating masking matrix based on at least one random value, obtaining masked numbers using a matrix product of the MM and the input numbers, determining a greatest common divisor (GCD) of the masked numbers, identifying a GCD of the input numbers, and using the identified GCD to generate a cryptographic key.
Computing devices, methods, and systems for corrections to the “almost” binary extended GCD in a cryptographic operation of a cryptographic process are disclosed. Exemplary implementations may: receive, from a cryptographic process, a command to compute a binary extended greatest common denominator of a first input value and a second input value for a cryptographic operation; compute, by a binary extended GCD algorithm, the binary extended GCD using a multiplication with an inverse of two, instead of a division by two, to obtain a first output value; compute, by the binary extended GCD algorithm, a second output value and a third output value; and return, to the cryptographic process, the first output value, the second output value, and the third output value.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
G06F 7/38 - Méthodes ou dispositions pour effectuer des calculs en utilisant exclusivement une représentation numérique codée, p.ex. en utilisant une représentation binaire, ternaire, décimale
38.
DATA FLOW CONTROL MODULE FOR AUTONOMOUS FLOW CONTROL OF MULTIPLE DMA ENGINES
A DMA system includes two or more DMA engines that facilitate transfers of data through a shared memory. The DMA engines may operate independently of each other and with different throughputs. A data flow control module controls data flow through the shared memory by tracking status information of data blocks in the shared memory. The data flow control module updates the status information in response to read and write operations to indicate whether each block includes valid data that has not yet been read or if the block has been read and is available for writing. The data flow control module shares the status information with the DMA engines via a side-channel interface to enable the DMA engines to determine which block to write to or read from.
G06F 13/28 - Gestion de demandes d'interconnexion ou de transfert pour l'accès au bus d'entrée/sortie utilisant le transfert par rafale, p.ex. acces direct à la mémoire, vol de cycle
A multi-domain masked AND gate includes inner-domain calculations, re-sharing, register stage, cross-domain calculations, and compression. The inner-domain multiplication and the re-sharing are calculated prior to storing the re-shared variables in the register stage. Thus, the inputs to the cross-domain multiplication and the compression are performed on variables that have been refreshed by additional randomness. This AND gate does not need statistically independent inputs, is secure in the probing model even in the presence of glitches, also known as the robust probing model. A two-domain input and two domain output AND gate can be implemented using six (6) registers, four (4) two input logical AND gates, and eight (8) exclusive-OR (XOR) gates. The AND gate may also be used to implement an AES S-box that has two (2) register stages and takes two (2) clock cycles per computation.
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p.ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
G11C 19/00 - Mémoires numériques dans lesquelles l'information est déplacée par échelons, p.ex. registres à décalage
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
H04L 9/28 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant un algorithme de chiffrement particulier
Multiple helper data solutions (a.k.a., helper data images) are generated to produce preselected non-random values (a.k.a., "target values") from a physically unclonable function (PUF) circuit. Therefore, multiple preselected PUF output values may be generated for a given integrated circuit die, where each the output values are derived from a combination of the chip-unique PUF circuit and the chip-unique helper data solution. These helper data blocks are stored in a nonvolatile memory on the integrated circuit die. In an embodiment, the preselected non-random values may be used as secret encryption or decryption keys. In this manner, multiple secret values can be reliably stored within a chip, using a combination of the chip-unique PUF circuit and the multiple chip-unique helper data solution.
G06F 21/30 - Authentification, c. à d. détermination de l’identité ou de l’habilitation des responsables de la sécurité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p.ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
41.
Using cryptographic blinding for efficient use of montgomery multiplication
Aspects of the present disclosure involves receiving an input message, generating a first random value that is used to blind the input message to prevent a side-channel analysis (SCA) attack, computing a second random value using the first random value and a factor used to compute the Montgomery form of a blinded input message without performing an explicit Montgomery conversion of the input message, and computing a signature using Montgomery multiplication, of the first random value and the second random value, wherein the signature is resistant to the SCA attack.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
42.
EFFICIENT INTEGRITY MONITORING OF PROCESSING OPERATIONS WITH MULTIPLE MEMORY ARRAYS
Disclosed systems and techniques are directed to efficient integrity monitoring of computational operations using multiple memory arrays collectively representative of known events associated with the computational operations. Disclosed techniques include obtaining event identification value representative of a state of the computing device associated with execution of an operation on the computing device, obtaining memory pointers and selecting, based on the memory pointers, mapping values from multiple memory arrays, computing an event response value, and classifying the operation among a plurality of classes, based on the event response value.
Technologies for selectively distributing a same random number to multiple cryptographic circuits are described. One apparatus includes a plurality of cryptographic circuits. Each of the plurality of cryptographic circuits is to receive a random number for differential power analysis (DPA) protection of a cryptographic operation. At least two of the plurality of cryptographic circuits are configured to selectively use a same random number.
A prover chip uses a key multiplier value generated by a proof-of-work function from a challenge value, a random number, and elliptic curve cryptography (ECC) techniques to generate a one-time (or ephemeral) use private key. Similarly, a verifier chip uses the key multiplier value generated by an equivalent proof-of-work function, a public key received from the prover, and ECC techniques to derive a one-time use public key that corresponds to the ephemeral private key generated by the prover chip. The prover chip uses the ephemeral private key to sign the second challenge value and send this signed second challenge value to the verifier chip. The verifier verifies the value it receives using the one-time use public key and if the signature on the second challenge value is valid, authenticates the prover chip to a system.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
45.
PACKAGING TECHNIQUES FOR BACKSIDE MESH CONNECTIVITY
The embodiments herein are directed to technologies for backside security meshes of semiconductor packages. One package includes a substrate having a first interconnect terminal of a first type and a second interconnect terminal of a second type. The package also includes a first security mesh structure disposed on a first side of an integrated circuit die and a conductive path coupled between the first interconnect terminal and the second interconnect terminal. The first security mesh structure is coupled to the first interconnect terminal and the second interconnect terminal being coupled to a terminal on a second side of the integrated circuit die.
H01L 23/00 - DISPOSITIFS À SEMI-CONDUCTEURS NON COUVERTS PAR LA CLASSE - Détails de dispositifs à semi-conducteurs ou d'autres dispositifs à l'état solide
G06F 21/87 - Boîtiers fiables ou inviolables par encapsulation, p.ex. de circuits intégrés
An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset. Responsive to authenticating the client, the application sends, to a second platform, a second request to determine whether the client has access to the secure data asset. Responsive to receiving an indication, from the second platform, that the client has access to the secure data asset, the application performs one or more operations to generate the secure data asset. The application sends, to the tester device, the generated secure data asset.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p.ex. numéros de série
H04W 12/0431 - Distribution ou pré-distribution de clés; Mise en accord de clés
47.
LOW-LATENCY MULTI-KEY ENCRYPTION AND DECRYPTION ENGINE AND TECHNIQUES
Disclosed systems and techniques involve low-latency multi-key encryption processing in which block keys are precomputed based on multiple cryptographic keys, stored, and then selected for encryption or decryption of data during run-time cryptographic operations. The block keys may be precomputed, for each cryptographic key, in such quantities that allow uninterrupted flow of encryption or decryption operations. Replacement block keys may be concurrently generated to replace the blocks being consumed and authentication values may be computed or updated. Various described techniques allow parallel processing for efficient low-latency block key generation and cryptographic operations.
Aspects of the present disclosure involve a method and a system to perform the method to obtain a cryptographic output of a plurality of rounds of a cipher, by performing a plurality of modified rounds of the cipher, each of the modified rounds computing an unmasking transform, an operation of a respective round of the cipher, and a masking transform, the unmasking transform being an inverse of the masking transform of a previous round of the cipher.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
A first device transmits a first message to a second device as part of a challenge-response protocol in order to authenticate the second device. A power limited power supply coupled to the second device limits power consumption by the second device during the second device's challenge-response protocol calculations. The first device measures a response time of the second device during the challenge-response protocol. The authentication of the second device is based on the response time of the second device while it has limited power consumption.
A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.
G06F 3/06 - Entrée numérique à partir de, ou sortie numérique vers des supports d'enregistrement
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p.ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
G11C 17/16 - Mémoires mortes programmables une seule fois; Mémoires semi-permanentes, p.ex. cartes d'information pouvant être replacées à la main dans lesquelles le contenu est déterminé en établissant, en rompant ou en modifiant sélectivement les liaisons de connexion par une modification définitive de l'état des éléments de couplage, p.ex. mémoires PROM utilisant des liaisons électriquement fusibles
G11C 17/18 - Circuits auxiliaires, p.ex. pour l'écriture dans la mémoire
51.
SIGN-EFFICIENT ADDITION AND SUBTRACTION FOR STREAMINGCOMPUTATIONS IN CRYPTOGRAPHIC ENGINES
Aspects of the present disclosure involve techniques and cryptographic processors configured to perform the techniques that include sign-efficient addition and subtraction operations that use Montgomery reduction and are capable of facilitating fast streaming operations. The techniques involve receiving a first number and a second number, where the first number and second number are within a target interval, and performing a modular operation to obtain a third number, the third number being within the same target interval and representing a sum or a difference of a rescaled first number and a rescaled second number, and wherein the modular operation includes a Montgomery reduction.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
Aspects of the present disclosure involve a cryptographic processor that includes four or more multiplication circuits, two or more addition circuits, and two or more memory circuits. The cryptographic engine is configured to perform a variety of operations, including modular multiplication, modular inversion, matrix multiplication, Montgomery multiplication, computations of Jacobi symbols, and the like. The cryptographic engine support streaming computations where at least some of the multiplication circuits operate on multipliers and/or multiplicands that are also used during other cycles of computations.
G06F 7/53 - Multiplication uniquement en mode parallèle-parallèle, c. à d. les deux opérandes étant introduits en parallèle
G06F 7/505 - Addition; Soustraction en mode parallèle binaire, c. à d. ayant un circuit de maniement de chiffre différent pour chaque position
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
53.
MULTI-LANE CRYPTOGRAPHIC ENGINES WITH SYSTOLIC ARCHITECTURE AND OPERATIONS THEREOF
Aspects of the present disclosure involve a cryptographic processor that includes a systolic array having a plurality of processing lanes (PLs), each PL including a systolic subarray of two or more processing elements (PEs), each PE being configured to multiply two numbers to obtain and store a multiplication product. The cryptographic processor is configured to efficiently perform a variety of operations, including multiplication of large numbers, modular reduction, Montgomery reduction, and the like.
G06F 15/80 - Architectures de calculateurs universels à programmes enregistrés comprenant un ensemble d'unités de traitement à commande commune, p.ex. plusieurs processeurs de données à instruction unique
G06F 7/53 - Multiplication uniquement en mode parallèle-parallèle, c. à d. les deux opérandes étant introduits en parallèle
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
54.
SHARE DOMAIN ARRANGEMENTS FOR MASKED HARDWARE IMPLEMENTATIONS
Hardware masking may be used as a countermeasure to make power analysis attacks more difficult. Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values. One method of masking probabilistically splits each bit of a computation into multiple shares. Mask-share domains (i.e., the wires and gates that perform a computation on a share) are physically spaced to reduce coupling between mask-share domains. The mask-share domains may be connected to the same power supply network. The physical distance between mask-share domains along the power-supply network may be selected to reduce coupling between mask-share domains that may occur via the power supply network. The mask-share domains may each be connected to different on-chip power supply networks.
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
55.
Masked gate logic for resistance to power analysis
A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
56.
PROTECTING CRYPTOGRAPHIC KEYS STORED IN NON-VOLATILE MEMORY
Systems and methods for protecting cryptographic keys stored in a non-volatile memory. An example method may comprise: storing a device root key in a non-volatile memory; storing a volatile key in a volatile memory; storing a masked cryptographic key in the non-volatile memory, wherein the masked cryptographic key is produced by combining a cryptographic key and the device root key; storing a masked device root key in the non-volatile memory, wherein the masked root key is produced by combining the device root key and the volatile key; and erasing the device root key from the non-volatile memory.
G06F 1/24 - Moyens pour la remise à l'état initial
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 21/79 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données dans les supports de stockage à semi-conducteurs, p.ex. les mémoires adressables directement
Described are implementations directed to protecting secret data against adversarial attacks by obfuscating the secret data during storage and communication. Obfuscation techniques include, among other things, splitting secret data into a plurality of portions, performing rotation of secret data, splitting secret data into a plurality of shares, modifying shares of secret data in view of the values of the shares, and various other protection mechanisms.
A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
G06F 21/44 - Authentification de programme ou de dispositif
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
59.
Anti-tamper shield based on strings of series resistors
A resistor mesh with distributed sensing points is provided in a security chip as an anti-tamper shield. An analog multiplexing circuit is configured to receive a pair of digital selection values created by an algorithm processing circuit, and produce a respective differential voltage formed by a pair of voltages obtained at a pair of selected sensing points within the resistor mesh corresponding to the pair of digital selection values. Each differential voltage is converted into a corresponding digital output value. An algorithm processing circuit is configured to receive a respective digital output value associated with each pair of digital selection values and derive a binary value based on a subset of the digital output values, wherein the binary value is unique to the security chip.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/87 - Boîtiers fiables ou inviolables par encapsulation, p.ex. de circuits intégrés
The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/73 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par création ou détermination de l’identification de la machine, p.ex. numéros de série
G06F 21/33 - Authentification de l’utilisateur par certificats
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
H04W 12/0431 - Distribution ou pré-distribution de clés; Mise en accord de clés
H04L 67/60 - Ordonnancement ou organisation du service des demandes d'application, p.ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises
A pattern detector circuit is provided in a security chip, wherein the pattern detector circuit monitors accesses of a plurality of configuration registers, each of the plurality of configuration registers having a corresponding address. In response to receiving from a host a predefined sequence of accesses of the plurality of configuration registers for one or more operations to the plurality of configuration registers, a processor in the pattern detector circuit determines a value indicative of a current version of a netlist for the security chip. The determined value is made available to be obtained by a read operation by the host at a specific configuration register address.
G06F 21/40 - Authentification de l’utilisateur sous réserve d’un quorum, c. à d. avec l’intervention nécessaire d’au moins deux responsables de la sécurité
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p.ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
62.
ANTI-COUNTERFEITING APPLICATIONS FOR ADVANCED MEMORIES
A block of data is provided from a verifier module to an authenticator module, the size of the block being correlated with one or more desired characteristics of the authenticator module. The verifier module receives a response from the authenticator module, the response comprising data result derived from a calculation involving the challenge value and the block of data. The verifier module verifies whether the response is indicative of the one or more desired characteristics of the authenticator module.
Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
65.
Protection of neural networks by obfuscation of neural network architecture
Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.
An input data may be received. A portion of a cryptographic operation may be performed with the received input data at a first function component. During the performance of the cryptographic operation at the first function component, a pre-charge operation may be performed at a second function component. Furthermore, the second function component may be used to perform another portion of the cryptographic operation with a result of the portion of the cryptographic operation performed at the first function component.
H04L 29/00 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
67.
Efficient side-channel-attack-resistant memory encryptor based on key update
Disclosed are memory encryption systems and methods that rotate encryption keys for robust resistance against side-channel-analysis (SCA)-based attacks on communication paths between an encryption engine within a trust boundary and an external memory component. A key data structure has a plurality of keys that are used to encrypt a plurality of memory blocks in the external memory. The memory blocks encrypted with the oldest key of the key data structure are identified. Encrypted data is read from the identified memory blocks. The encrypted data is decrypted from the identified memory blocks. The data is then re-encrypted using the selected key that is newer than the oldest key, and re-written to the identified memory blocks.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/16 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes qui sont changés pendant l'opération
Aspects of the present disclosure involve a method and a system to support execution of the method to obtain a first N cryptographic key, receive a key diversification information comprising a first plurality of bits, obtain an expanded key diversification information (EKDI) comprising a second plurality of bits, wherein a number of bits in the second plurality of bits is greater than a number of bits in the first plurality of bits, and wherein a value of each bit of the second plurality of bits is deterministically obtained in view of values of the first plurality of bits, and apply, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
Aspects of the present disclosure involve a method, a system and a computer readable memory to perform a cryptographic operation that includes identifying a first set of mutually coprime numbers, obtaining a second set of input numbers coprime with a corresponding one of the first set of mutually coprime numbers, obtaining an output number that is a weighted sum of the second set of input numbers, each of the second set of input numbers being taken with a weight comprising a product of all of the first set of mutually coprime numbers except the corresponding one of the first set of mutually coprime numbers, and performing the cryptographic operation using the output number.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
Aspects of the present disclosure calculate masked data shares dynamically inside the CPU boundary, and use a plurality of memory channels to write the masked data shares to an external memory location and/or to read the data shares from that external memory location. Each dynamically generated mask value is uniquely associated with a corresponding memory channel during writing data to the external memory. The modified masked data is unmasked or remasked during a subsequent read operation.
A method for performing a security chip protocol comprises receiving, by processing hardware of a security chip, a message from a first device as part of performing the security chip protocol. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware determines a path through a key tree based at least in part on the message. The processing hardware derives a validator at least in part from the secret value using a sequence of entropy redistribution operations associated with the path through the key tree. The processing hardware exchanges the validator between the security chip and the first device as part of the security chip protocol in order to authenticate at least one of the security chip or the first device.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/16 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes qui sont changés pendant l'opération
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p.ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
G06F 8/71 - Gestion de versions ; Gestion de configuration
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
72.
SYSTEM AND METHOD TO GENERATE PRIME NUMBERS IN CRYPTOGRAPHIC APPLICATIONS
Aspects of the present disclosure involve a method, a system and a computer readable memory to generate and use prime numbers in cryptographic operations by determining one or more polynomial functions that have no roots modulo each of a predefined set of prime numbers, selecting one or more input numbers, generating a candidate number by applying one or more instances of the one or more polynomial functions to the one or more input numbers, determining that the candidate number is a prime number, and using the determined prime number to decrypt an input into the cryptographic operation.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
73.
SYSTEM AND METHOD TO OPTIMIZE DECRYPTION OPERATIONS IN CRYPTOGRAPHIC APPLICATIONS
Aspects of the present disclosure involve a method, a system and a computer readable memory to optimize performance of cryptographic operations by avoiding computations of inverse values during decryption of encrypted messages.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
74.
Protection of cryptographic operations by intermediate randomization
Aspects of the present disclosure involve a method and a system to support execution of the method to perform a cryptographic operation involving a first vector and a second vector, by projectively scaling the first vector, performing a first operation involving the scaled first vector and the second vector to obtain a third vector, generating a random number, storing the third vector in a first location, responsive to the random number having a first value, or in a second location, responsive to the random number having a second value, and performing a second operation involving a first input and a second input, wherein, based on the random number having the first value or the second value, the first input is the third vector stored in the first location or the second location and the second input is a fourth vector stored in the second location or the first location.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/78 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données
75.
Efficient squaring with loop equalization in arithmetic logic units
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 7/57 - Unités arithmétiques et logiques [UAL], c. à d. dispositions ou dispositifs pour accomplir plusieurs des opérations couvertes par les groupes ou pour accomplir des opérations logiques
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p.ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un systèm
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
76.
Maintaining secure session state with failover during endpoint provisioning
The embodiments described herein describe technologies to maintaining a secure session state with failover during endpoint provisioning. A cluster of hardware devices can be used for provisioning endpoint devices with secrecy, integrity, access controller, high availability, minimal transaction time, and interactive transactions with multiple requests and response within a session. The embodiments are directed to a first computing device being elected as a leader and sharing context information of a session with other computing devices as followers in the cluster such that a follower can resume the session if the leader fails.
G06F 11/20 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel en utilisant un masquage actif du défaut, p.ex. en déconnectant les éléments défaillants ou en insérant des éléments de rechange
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/44 - Authentification de programme ou de dispositif
77.
SIGN-BASED PARTIAL REDUCTION OF MODULAR OPERATIONS IN ARITHMETIC LOGIC UNITS
Aspects of the present disclosure involve a method and a system to execute the method to perform a cryptographic operation involving a modulo N computation, the method comprising loading a first integer number and a second integer number, wherein the first integer number and the second integer number are within an interval of 2N integer numbers, and performing an arithmetic operation involving the first integer number and the second integer number, wherein the arithmetic operation is to produce a third integer number, and wherein the arithmetic operation comprises a shifting operation to ensure that the third integer number is inside the interval of 2N integer numbers.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04W 12/02 - Protection de la confidentialité ou de l'anonymat, p.ex. protection des informations personnellement identifiables [PII]
H04W 12/63 - Sécurité dépendant du contexte dépendant de la proximité
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p.ex. communication véhicule-piétons
H04W 4/46 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p.ex. communication véhicule-piétons pour la communication de véhicule à véhicule
79.
Diversifying a base symmetric key based on a public key
A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
An indication of a key generation function may be received from a server. A random value may be received based on a volatile memory of a device. A cryptographic key may be generated based on the key generation function from the server and the random value that is based on the volatile memory of the device. The cryptographic key may be stored at a non-volatile memory of the device.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
A first arithmetic input share and a second arithmetic input share of an initial arithmetically-masked cryptographic value are received. A sequence of operations using the arithmetic input shares and a randomly generated number is performed, where a current operation in the sequence of operations generates a corresponding intermediate value that is used in a subsequent operation. At the end of the sequence of operations, a first Boolean output share and a second Boolean output share are generated. The arithmetic-to-Boolean mask conversion is independent of the input bit length.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
83.
PROTECTION OF TRANSFORMATIONS BY INTERMEDIATE RANDOMIZATION IN CRYPTOGRAPHIC OPERATIONS
Aspects of the present disclosure involve a method and a system to perform a cryptographic operation that involves a number theoretic transformation of a first vector to a second vector by obtaining components of the first vector, performing a plurality of iterations that each include determining a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values, the input values into a first iteration being the components of the first vector and the output values of the last iteration being representative of components of the second vector, and wherein one or more of the output values of at least one iteration are randomized by multiplying at least one input value by a random number, and determining, based on the output values of the last of the plurality of iterations, the components of the second vector.
A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.
G06F 21/44 - Authentification de programme ou de dispositif
G06F 21/45 - Structures ou outils d’administration de l’authentification
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G06F 21/44 - Authentification de programme ou de dispositif
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Described are technologies of all-digital camouflage circuits. The camouflage circuit can include a first chain of inverters, synthesized with a first standard cell with a first transistor threshold, and a second chain of inverters, synthesized with a second standard cell with a second transistor threshold that is different than the first transistor threshold. A first flip-flop receives a first output of the first chain as a data input and a second output of the second chain as a clock input. A second flip-flop receives the second output as a data input and the first output of the first chain as a clock input. Given the different transistor thresholds, one flip-flop always outputs an active signal that corresponds to an input signal applied to the first chain and the second chain. The other flip-flop always output a constant signal, such an always low signal.
G06F 30/327 - Synthèse logique; Synthèse de comportement, p.ex. logique de correspondance, langage de description de matériel [HDL] à liste d’interconnections [Netlist], langage de haut niveau à langage de transfert entre registres [RTL] ou liste d’interconnections [Netlist]
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
H03K 19/20 - Circuits logiques, c. à d. ayant au moins deux entrées agissant sur une sortie; Circuits d'inversion caractérisés par la fonction logique, p.ex. circuits ET, OU, NI, NON
87.
Generating a device identification key from a base key for authentication with a network
A base key that is stored at a device may be received. A network identification may further be received. A device identification key may be generated based on a combination of the network identification and the base key. Furthermore, the device identification key may be used to authenticate the device with a network that corresponds to the network identification.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Aspects of the present disclosure involve a method to perform a cryptographic operation using a plurality of iterations, each of the plurality of iterations comprising: loading a first number corresponding to a difference between a first component of a first input working point on an elliptic curve and a first component of a second input working point on the elliptic curve, loading a second number corresponding to a difference between the first component of the first input working point and a first component of a third input working point on the elliptic curve, and determining a third number corresponding to a difference between a first component of a first output working point on the elliptic curve and the first component of the second input working point, wherein determining the third number comprises squaring a product of the first number and a first function of the second number.
A prover chip uses a key multiplier value generated by a proof-of-work function from a challenge value, a random number, and elliptic curve cryptography (ECC) techniques to generate a one-time (or ephemeral) use private key. Similarly, a verifier chip uses the key multiplier value generated by an equivalent proof-of-work function, a public key received from the prover, and ECC techniques to derive a one-time use public key that corresponds to the ephemeral private key generated by the prover chip. The prover chip uses the ephemeral private key to sign the second challenge value and send this signed second challenge value to the verifier chip. The verifier verifies the value it receives using the one-time use public key and if the signature on the second challenge value is valid, authenticates the prover chip to a system.
A first address bus may be located in an upper layer of an integrated circuit that is associated with a memory and a memory controller. The first address bus may receive a first portion of a memory address. A second address bus may be located in a lower layer of the integrated circuit where the second address bus is to receive a second portion of the memory address. Furthermore, a data bus may be located in an intermediate layer where the data bus is to receive data corresponding to the memory address from the memory and may transmit the data to the memory controller. The intermediate layer may be between the upper layer and the lower layer. A layout of the signals of the data bus may vertically overlap with a layout of signals of the first address bus and a layout of signals of the second address bus.
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p.ex. les dispositifs connectés à un bus ou les dispositifs en ligne
G06F 7/58 - Générateurs de nombres aléatoires ou pseudo-aléatoires
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p.ex. contrôle de parité, exclusion des 9 ou des 11
G06F 21/45 - Structures ou outils d’administration de l’authentification
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
91.
Generating a target data based on a function associated with a physical variation of a device
A value corresponding to a physical variation of a device may be received. Furthermore, helper data associated with the physical variation of the device may be received. A result data may be generated based on a combination of the value corresponding to the physical variation of the device and the helper data. An error correction operation may be performed on the result data to identify one or more code words associated with the error correction operation. Subsequently, a target data may be generated based on the one or more code words.
G06F 11/10 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p.ex. en utilisant des codes de contrôle en ajoutant des chiffres binaires ou des symboles particuliers aux données exprimées suivant un code, p.ex. contrôle de parité, exclusion des 9 ou des 11
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
92.
PROTECTING PARALLEL MULTIPLICATION OPERATIONS FROM EXTERNAL MONITORING ATTACKS
Systems and methods for protecting from external monitoring attacks cryptographic data processing operations involving universal polynomial hash functions computation. An example method may comprise: receiving an input data block and an iteration result value; performing a first field multiplication operation to produce a new iteration result value, by iteratively processing, starting from a first bit position, bits of a combination of the input data block and the iteration result value, wherein the first bit position is represented by one of: a least-significant bit and a most-significant bit; performing a second field multiplication operation to produce a new mask correction value, by iteratively processing operand bits starting from a second bit position, wherein the second bit position is represented by one of: a least-significant bit and a most-significant bit, and wherein the second bit position is different from the first bit position; applying the new mask correction value to the new iteration result value; and producing, based on the new iteration result value, a value of a cryptographic hash function to be utilized by at least one of: an authenticated encryption operation or an authenticated decryption operation.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
A first device transmits a first message to a second device as part of a challenge-response protocol in order to authenticate the second device. A power limited power supply coupled to the second device limits power consumption by the second device during the second device's challenge-response protocol calculations. The first device measures a response time of the second device during the challenge-response protocol. The authentication of the second device is based on the response time of the second device while it has limited power consumption.
Computing devices, methods, and systems for corrections to the "almost" binary extended GCD in a cryptographic operation of a cryptographic process are disclosed. Exemplary implementations may: receive, from a cryptographic process, a command to compute a binary extended greatest common denominator of a first input value and a second input value for a cryptographic operation; compute, by a binary extended GCD algorithm, the binary extended GCD using a multiplication with an inverse of two, instead of a division by two, to obtain a first output value; compute, by the binary extended GCD algorithm, a second output value and a third output value; and return, to the cryptographic process, the first output value, the second output value, and the third output value.
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
G06F 7/38 - Méthodes ou dispositions pour effectuer des calculs en utilisant exclusivement une représentation numérique codée, p.ex. en utilisant une représentation binaire, ternaire, décimale
Disclosed is a method and a system to execute the method to perform a first hashing operation to compute a first hash value, store the first hash value in a plurality of output registers, store a second message in a plurality of input registers, perform a first iteration of a second hashing operation, with an input to the second hashing operation including the second message and the first hash value, determine that a first portion of the second message, stored in a first register of the plurality of input registers, has been processed in course of the second hashing operation, and move a first portion of the first hash value stored in a first register of the plurality of output registers to the first register of the plurality of input registers.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p.ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un systèm
96.
Performing cryptographic data processing operations in a manner resistant to external monitoring attacks
Systems and methods for performing cryptographic data processing operations in a manner resistant to external monitoring attacks. An example method may comprise: executing, by a processing device, a first data manipulation instruction, the first data manipulation instruction affecting a state of the processing device; executing a second data manipulation instruction, the second data manipulation instruction interacting with said internal state; and breaking a detectable interaction of the first data manipulation instruction and the second data manipulation instruction by executing a third data manipulation instruction utilizing an unpredictable data item.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
An indication of an operating mode of an asynchronous circuit may be received. A determination may be made as to whether the operating mode of the asynchronous circuit corresponds to a self-test of the asynchronous circuit. In response to determining that the operating mode of the asynchronous circuit corresponds to the self-test, a first clock signal may be provided to a first portion of a self-test component in a feedback path of the asynchronous circuit and a second clock signal may be provided to a second portion of the self-test component in the feedback path of the asynchronous circuit. Furthermore, a test value may be generated based on the first clock signal and the second clock signal.
G01R 31/319 - Matériel de test, c. à d. circuits de traitement de signaux de sortie
H04L 9/36 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité avec des moyens pour détecter des caractères non destinés à la transmission
G06F 1/06 - Générateurs d'horloge produisant plusieurs signaux d'horloge
Hardware masking may be used as a countermeasure to make power analysis attacks more difficult. Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values. One method of masking probabilistically splits each bit of a computation into multiple shares. Mask-share domains (i.e., the wires and gates that perform a computation on a share) are physically spaced to reduce coupling between mask-share domains. The mask-share domains may be connected to the same power supply network. The physical distance between mask-share domains along the power-supply network may be selected to reduce coupling between mask-share domains that may occur via the power supply network. The mask-share domains may each be connected to different on-chip power supply networks.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
99.
Managing privileges of different entities for an integrated circuit
A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.
G06F 3/06 - Entrée numérique à partir de, ou sortie numérique vers des supports d'enregistrement
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/76 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits intégrés à application spécifique [ASIC] ou les dispositifs programmables, p.ex. les réseaux de portes programmables [FPGA] ou les circuits logiques programmables [PLD]
G11C 17/16 - Mémoires mortes programmables une seule fois; Mémoires semi-permanentes, p.ex. cartes d'information pouvant être replacées à la main dans lesquelles le contenu est déterminé en établissant, en rompant ou en modifiant sélectivement les liaisons de connexion par une modification définitive de l'état des éléments de couplage, p.ex. mémoires PROM utilisant des liaisons électriquement fusibles
G11C 17/18 - Circuits auxiliaires, p.ex. pour l'écriture dans la mémoire
100.
Converting a boolean masked value to an arithmetically masked value for cryptographic operations
A first input share value, a second input share value, and a third input share value may be received. The first input share value may be converted to a summation or subtraction between an input value and a combination of the second input share value and the third input share value. A random number value may be generated and combined with the second input share value and the third input share value to generate a combined value. Furthermore, a first output share value may be generated based on a combination of the converted first input share value, the combined value, and additional random number values.
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
G06F 7/58 - Générateurs de nombres aléatoires ou pseudo-aléatoires
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
G09C 1/00 - Appareils ou méthodes au moyen desquels une suite donnée de signes, p.ex. un texte intelligible, est transformée en une suite de signes inintelligibles en transposant les signes ou groupes de signes ou en les remplaçant par d'autres suivant un systèm
G06F 7/76 - Dispositions pour le réagencement, la permutation ou la sélection de données selon des règles prédéterminées, indépendamment du contenu des données
G06F 7/00 - Procédés ou dispositions pour le traitement de données en agissant sur l'ordre ou le contenu des données maniées
