Patents Assigned to Cryptography Research, Inc.
-
Patent number: 10771448Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.Type: GrantFiled: March 14, 2013Date of Patent: September 8, 2020Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventors: Paul Carl Kocher, Benjamin Che-Ming Jun, Andrew John Leiserson
-
Patent number: 10754620Abstract: The embodiments described herein describe technologies of self-timed pattern generators. The self-timed pattern generators can be used to form a random number generator to generate a random digital value. Asynchronous digital logic in a first generator asynchronously updates a next state based on a current state, a second state of a second generator that is before the first generator in the chain or ring topology, and a third state of a third generator that is after the first generator in the chain or ring topology. The self-timed pattern generators are to output a random digital value based at least in part on the current state output from the first generator.Type: GrantFiled: December 9, 2019Date of Patent: August 25, 2020Assignee: CRYPTOGRAPHY RESEARCH INC.Inventor: Scott C. Best
-
Patent number: 10747907Abstract: A cryptographic accelerator (processor) retrieves data blocks for processing from a memory. These data blocks arrive and are stored in an input buffer in the order they were stored in memory (or other known order)—typically sequentially according to memory address (i.e., in-order.) The processor waits until a certain number of data blocks are available in the input buffer and then randomly selects blocks from the input buffer for processing. This randomizes the processing order of the data blocks. The processing order of data blocks may be randomized within sets of data blocks associated with a single read transaction, or across sets of data blocks associated with multiple read transactions.Type: GrantFiled: December 1, 2015Date of Patent: August 18, 2020Assignee: Cryptography Research, Inc.Inventors: Andrew John Leiserson, Mark Evan Marson
-
Patent number: 10712385Abstract: A first plurality of logic gates and a second plurality of logic gates may be associated with a symmetric configuration. A first output at a first value may be generated by the first plurality of logic gates based on a first portion of input signals. A second output may be generated by the second plurality of logic gates at the first value based on a second portion of the input signals. A subsequent first output at a particular value may be generated by the first plurality of logic gates based on a first portion of a second plurality of input signals and a subsequent second output maybe generated by the second plurality of logic gates based on a second portion of the second plurality of input signals. A value of the subsequent second output may be complementary to the particular value of the subsequent first output.Type: GrantFiled: December 1, 2016Date of Patent: July 14, 2020Assignee: CRYPTOGRAPHY RESEARCH INC.Inventors: Michael Hutter, Matthew Pond Baker
-
Patent number: 10699030Abstract: Systems and methods for determining cryptographic operation masks for improving resistance to external monitoring attacks. An example method may comprise: selecting a first input mask value, a first output mask value, and one or more intermediate mask values; based on the first output mask value and the intermediate mask values, calculating a first transformation output mask value comprising two or more portions, wherein concatenation of all portions of the first transformation output mask value produces the first transformation output mask value, and wherein exclusive disjunction of all portions of the first transformation output mask value is equal to the first output mask value; and performing a first masked transformation based on the first transformation output mask value and the first input mask value.Type: GrantFiled: November 23, 2015Date of Patent: June 30, 2020Assignee: CRYPTOGRAPHY RESEARCH INC.Inventor: Jeremy Samuel Cooper
-
Patent number: 10666641Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.Type: GrantFiled: September 21, 2018Date of Patent: May 26, 2020Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventors: Paul Carl Kocher, Benjamin Che-Ming Jun, Andrew John Leiserson
-
Publication number: 20200110907Abstract: Methods and systems for masking certain cryptographic operations in a manner designed to defeat side-channel attacks are disclosed herein. Squaring operations can be masked to make squaring operations indistinguishable or less distinguishable from multiplication operations. In general, squaring operations are converted into multiplication operations by masking them asymmetrically. Additional methods and systems are disclosed for defeating DPA, cross-correlation, and high-order DPA attacks against modular exponentiation.Type: ApplicationFiled: August 12, 2019Publication date: April 9, 2020Applicant: Cryptography Research, Inc.Inventor: Joshua M. JAFFE
-
Patent number: 10594471Abstract: A value corresponding to an input for a cryptographic operation may be received. The value may blinded by multiplying the value based on an exponentiation of a random number raised to an exponent value that is associated with a public key. A cryptographic operation may be performed based on the blinded value.Type: GrantFiled: March 17, 2016Date of Patent: March 17, 2020Assignee: Cryptography Research, Inc.Inventor: Michael Tunstall
-
Patent number: 10581838Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: GrantFiled: June 11, 2018Date of Patent: March 3, 2020Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 10579790Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.Type: GrantFiled: June 21, 2018Date of Patent: March 3, 2020Assignee: Cryptography Research, Inc.Inventors: Benjamin Che-Ming Jun, Matthew Evan Orzen, Joel Patrick Wittenauer, Steven C. Woo
-
Patent number: 10560260Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.Type: GrantFiled: February 22, 2019Date of Patent: February 11, 2020Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventors: Megan Anneke Wachs, Ambuj Kumar, Benjamin Che-Ming Jun
-
Patent number: 10530566Abstract: Input signals may be received. Furthermore, a control signal controlling the implementation of a Differential Power Analysis (DPA) countermeasure may be received. One of the input signals may be transmitted as an output signal based on the control signal. A cryptographic operation may be performed based on the first output signal that is transmitted based on the control signal.Type: GrantFiled: April 21, 2016Date of Patent: January 7, 2020Assignee: Cryptography Research, Inc.Inventors: Christopher Gori, Pankaj Rohatgi
-
Patent number: 10523418Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.Type: GrantFiled: May 23, 2017Date of Patent: December 31, 2019Assignee: Cryptography Research, Inc.Inventors: Michael A. Hamburg, Megan Anneke Wachs
-
Patent number: 10503476Abstract: The embodiments described herein describe technologies of self-timed pattern generators. The self-timed pattern generators can be used to form a random number generator to generate a random digital value. Asynchronous digital logic in a first generator asynchronously updates a next state based on a current state, a second state of a second generator that is before the first generator in the chain or ring topology, and a third state of a third generator that is after the first generator in the chain or ring topology. The self-timed pattern generators are to output a random digital value based at least in part on the current state output from the first generator.Type: GrantFiled: August 29, 2018Date of Patent: December 10, 2019Assignee: Cryptography Research, Inc.Inventor: Scott C. Best
-
Patent number: 10482275Abstract: Systems and methods for implementing access control by systems-on-chip (SoCs). An example SoC may comprise: an access control unit comprising a secure memory for storing access control data, the access control unit to: receive a message comprising an access control data item; store the access control data item in the secure memory; perform at least one of: authenticating the message using a message digest function, or validating contents of the secure memory by comparing a stored reference value with a calculated value of a message digest function of the contents of the secure memory; and control, in view of the access control data item, access by an initiator device to a target device.Type: GrantFiled: January 27, 2015Date of Patent: November 19, 2019Assignee: Cryptography Research, Inc.Inventors: Craig E. Hampel, Jean-Michel Cioranesco, Rodrigo Portella do Canto, Guilherme Ozari de Almeida
-
Patent number: 10467014Abstract: A method includes providing a data processor having an instruction pipeline, where the instruction pipeline has a plurality of instruction pipeline stages, and where the plurality of instruction pipeline stages includes a first instruction pipeline stage and a second instruction pipeline stage. The method further includes providing a data processor instruction that causes the data processor to perform a first set of computational operations during execution of the data processor instruction, performing the first set of computational operations in the first instruction pipeline stage if the data processor instruction is being executed and a first mode has been selected, and performing the first set of computational operations in the second instruction pipeline stage if the data processor instruction is being executed and a second mode has been selected.Type: GrantFiled: July 3, 2018Date of Patent: November 5, 2019Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventors: William C. Moyer, Jeffrey W. Scott
-
Patent number: 10461925Abstract: An integrated circuit may implement a masked substitution box that includes a counter that generates counter values. An input mask component may generate unmasked input values based on a combination of respective counter values and an input mask value. Furthermore, a substitution function component may receive the unmasked input values and may generate output values based on respective unmasked input values and a substitution function. An output mask component may generate masked output values based on a combination of respective output values and an output mask value. The masked output values may be stored at memory elements.Type: GrantFiled: August 9, 2017Date of Patent: October 29, 2019Assignee: Cryptography Research, Inc.Inventors: Matthew Pond Baker, Elena Trichina, Jean-Michel Cioranesco, Michael Hutter
-
Patent number: 10460084Abstract: A media storage device includes a media security controller circuit and a memory to store data that relates to a media item to be rendered by a rendering device. The media security controller circuit sends a message to the rendering device that causes the rendering device to obtain a portion of data from memory of the media storage device and provide it to the media security controller circuit. The portion is received and transformed by the media security controller circuit. The media security controller circuit sends the transformed portion to the rendering device.Type: GrantFiled: September 5, 2018Date of Patent: October 29, 2019Assignee: Cryptography Research, Inc.Inventors: Paul C. Kocher, Helena Handschuh
-
Patent number: 10454670Abstract: A first hash value is calculated by using a first input value that is stored in a first set of registers. The first hash value is then stored in a second set of registers. A second input value is stored in the first set of registers after calculating the first hash value. The second hash value is calculated based on the first hash value and the second input value. During the calculating of the second hash value, the first hash value is shifted from the second set of registers to a portion of the first set of registers when the calculating of the second hash value has reached a state where the portion of the first set of registers is no longer used to store the second input value.Type: GrantFiled: May 23, 2017Date of Patent: October 22, 2019Assignee: Cryptography Research, Inc.Inventors: Michael Hutter, Matthew Pond Baker
-
Patent number: 10440000Abstract: A first instruction to store an entity identification (ID) in a memory of a device may be received. The entity ID may be stored in the memory in response to receiving the first instruction. Furthermore, a second instruction to store a value based on a key in the memory of the device may be received. A determination may be made as to whether the value based on the key that is to be stored in the memory corresponds to the entity ID that is stored in the memory. The value based on the key may be stored in the memory of the device when the value based on the key corresponds to the entity ID.Type: GrantFiled: July 9, 2015Date of Patent: October 8, 2019Assignee: Cryptography Research, Inc.Inventors: Ambuj Kumar, Daniel Beitel, Benjamin Che-Ming Jun