Patents by Inventor Avishay Sharaga
Avishay Sharaga has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11799662Abstract: In one embodiment, an apparatus includes a storage element, and a processing element configured to verify an asymmetric digital signature in order to authenticate a data item signed with the asymmetric digital signature, upon successful verification of the asymmetric digital signature, generate a symmetric MAC of the data item and store the symmetric digital in the storage element, and retrieve and verify the symmetric MAC in order to authenticate the data item.Type: GrantFiled: February 15, 2021Date of Patent: October 24, 2023Assignee: SONY SEMICONDUCTOR SOLUTIONS CORPORATIONInventors: Boaz Shahar, Yehuda Ben Simon, Avishay Sharaga
-
Publication number: 20220263661Abstract: In one embodiment, an apparatus includes a storage element, and a processing element configured to verify an asymmetric digital signature in order to authenticate a data item signed with the asymmetric digital signature, upon successful verification of the asymmetric digital signature, generate a symmetric MAC of the data item and store the symmetric digital in the storage element, and retrieve and verify the symmetric MAC in order to authenticate the data item.Type: ApplicationFiled: February 15, 2021Publication date: August 18, 2022Inventors: Boaz Shahar, Yehuda Ben Simon, Avishay Sharaga
-
Patent number: 11144649Abstract: A method for exporting sensitive information an integrated circuit, the method comprising: fabricating an integrated circuit, the integrated circuit having a register-transfer level “RTL” key fabricated in the integrated circuit, wherein the RTL key is a pre-determined cryptographic key; signing the sensitive information using the RTL key using a signature; and exporting the signed sensitive information and the signature for validation.Type: GrantFiled: January 2, 2019Date of Patent: October 12, 2021Assignees: Kigen (UK) Limited, Altair Semiconductor LtdInventors: Asaf Shen, Patrick Biget, Avishay Sharaga, Omer Botvinik
-
Patent number: 11139987Abstract: An Integrated Circuit (IC) includes an on-chip non-volatile memory (NVM) and an on-chip processor. The on-chip NVM is configured to store a representation of a device-specific part of a security certificate assigned to the IC. The on-chip processor is configured to obtain a common part of the security certificate, to reconstruct the security certificate from the obtained common part and from the representation of the device-specific part stored in the on-chip NVM, and to perform a security operation using the reconstructed security certificate.Type: GrantFiled: January 30, 2019Date of Patent: October 5, 2021Assignee: SONY SEMICONDUCTOR ISRAEL LTD.Inventors: Yehuda Ben Simon, Omer Botvinik, Avishay Sharaga
-
Patent number: 11100011Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is configured to communicate with an NVM. The processor is configured to store in the NVM at least (i) data entries including data and (ii) mapping entries including mapping information that indicate physical addresses in which the data entries are stored in the NVM, and to verify authenticity of the data entries and of the mapping entries using a hierarchical authentication scheme in which (i) the data entries include first authentication information that authenticates the data, and (ii) the mapping entries include second authentication information that authenticates both the mapping information and the data entries.Type: GrantFiled: December 10, 2019Date of Patent: August 24, 2021Assignee: SONY SEMICONDUCTOR ISRAEL LTD.Inventors: Yehuda Ben-Simon, Omer Botvinik, Avishay Sharaga, David Fishelovich
-
Patent number: 11012830Abstract: A communication device includes a modem and circuitry. The modem communicates with a cellular network that is linked to a data network to which one or more target servers are coupled. The circuitry is configured to hold a token that identifies the communication device for assignment to a selected service plan in a management server of the cellular network, to trigger, based on the token, an onboarding request to the management server for assigning the selected service plan to the communication device, and, after the selected service plan has been assigned to the communication device in the management server, to communicate with a target server, via the cellular network and over the data network, in accordance with the selected service plan.Type: GrantFiled: March 11, 2019Date of Patent: May 18, 2021Assignee: SONY SEMICONDUCTOR ISRAEL LTD.Inventors: Avishay Sharaga, Ilan Reingold, Yigal Bitran, Gilad Aloni
-
Publication number: 20200192826Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is configured to communicate with an NVM. The processor is configured to store in the NVM at least (i) data entries including data and (ii) mapping entries including mapping information that indicate physical addresses in which the data entries are stored in the NVM, and to verify authenticity of the data entries and of the mapping entries using a hierarchical authentication scheme in which (i) the data entries include first authentication information that authenticates the data, and (ii) the mapping entries include second authentication information that authenticates both the mapping information and the data entries.Type: ApplicationFiled: December 10, 2019Publication date: June 18, 2020Inventors: Yehuda Ben-Simon, Omer Botvinik, Avishay Sharaga, David Fishelovich
-
Publication number: 20190386822Abstract: An Integrated Circuit (IC) includes a nonvolatile storage element and a processor. The nonvolatile storage element is pre-programmed with a Root of Trust (RoT) secret. The processor is configured to receive via an unsecured link a data image that is securely protected based on the RoT secret, the data image containing at least an application program for generating user personal data. The processor is further configured to install the application program in response to verifying, using the RoT secret, that the received data image is trusted, to run the application program to generate the user personal data, securely within the IC, and to report the user personal data using a secured scheme.Type: ApplicationFiled: June 6, 2019Publication date: December 19, 2019Inventors: Yehuda Ben-Simon, Omer Botvinik, Avishay Sharaga
-
Publication number: 20190306673Abstract: A communication device includes a modem and circuitry. The modem communicates with a cellular network that is linked to a data network to which one or more target servers are coupled. The circuitry is configured to hold a token that identifies the communication device for assignment to a selected service plan in a management server of the cellular network, to trigger, based on the token, an onboarding request to the management server for assigning the selected service plan to the communication device, and, after the selected service plan has been assigned to the communication device in the management server, to communicate with a target server, via the cellular network and over the data network, in accordance with the selected service plan.Type: ApplicationFiled: March 11, 2019Publication date: October 3, 2019Inventors: Avishay Sharaga, Ilan Reingold, Yigal Bitran, Gilad Aloni
-
Patent number: 10404692Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.Type: GrantFiled: June 21, 2017Date of Patent: September 3, 2019Assignee: McAfee, LLCInventors: Avishay Sharaga, Alex Nayshtut, Oleg Pogorelik, Igor Muttik, Ned M. Smith
-
Patent number: 10397112Abstract: Technologies for communicating with local components of a computing device include intercepting a name resolution request from a host application, resolving a hostname included in the name resolution request to obtain a network address assigned to a target destination of the network packet, and transmitting the network address to the host application in response to the name resolution request. Such technologies may also include receiving the network packet from the host application destined for the network address, determining whether the target destination of the network packet includes a local component of the computing device based on the network address, and transmitting the network packet to the local component of the computing device via a platform network in response to the network packet being destined for the local component of the computing device.Type: GrantFiled: December 19, 2016Date of Patent: August 27, 2019Assignee: Intel CorporationInventors: Shlomo Avital, Avishay Sharaga
-
Publication number: 20190245702Abstract: An Integrated Circuit (IC) includes an on-chip non-volatile memory (NVM) and an on-chip processor. The on-chip NVM is configured to store a representation of a device-specific part of a security certificate assigned to the IC. The on-chip processor is configured to obtain a common part of the security certificate, to reconstruct the security certificate from the obtained common part and from the representation of the device-specific part stored in the on-chip NVM, and to perform a security operation using the reconstructed security certificate.Type: ApplicationFiled: January 30, 2019Publication date: August 8, 2019Inventors: Yehuda Ben Simon, Omer Botvinik, Avishay Sharaga
-
Publication number: 20190228164Abstract: A method for exporting sensitive information an integrated circuit, the method comprising: fabricating an integrated circuit, the integrated circuit having a register-transfer level “RTL” key fabricated in the integrated circuit, wherein the RTL key is a pre-determined cryptographic key; signing the sensitive information using the RTL key using a signature; and exporting the signed sensitive information and the signature for validation.Type: ApplicationFiled: January 2, 2019Publication date: July 25, 2019Inventors: Asaf SHEN, Patrick BIGET, Avishay SHARAGA, Omer BOTVINIK
-
Patent number: 10334431Abstract: Described herein are architectures, platforms and methods for offloading process or application from a near field communication (NFC) master device for proxy delegation to a proxy NFC device.Type: GrantFiled: December 23, 2014Date of Patent: June 25, 2019Assignee: Intel CorporationInventors: Oleg Pogorelik, Shahar Porat, Gennady Goltman, Sergey Sofer, Alex Nayshtut, Avishay Sharaga, Miguel Ballesteros
-
Patent number: 9948468Abstract: In an example, a DHN (DHN) is provided for enabling grantees to access digitally-controlled assets of a principal. The principal (level 0) establishes a digital testament (DT), identifying one or more grantees on levels 1-n. Each grantee receives a digital heritage certificate (DHC), which may be based on the PKI certificate definition. The DHC includes a “PREDECESSORS” field, identifying one or more predecessor certificates that must be revoked before the DHC is valid. All grantee DHCs have the principal's level 0, DHC as a predecessor certificate. Level n certificates may also be valid only if all certificates at level n?1, have been revoked. In practice, a DHC may be revoked when a user of the certificate passes away, so that nth generation grantees inherit only when generation n?1, has passed away.Type: GrantFiled: December 23, 2014Date of Patent: April 17, 2018Assignee: McAfee, LLCInventors: Alex Nayshtut, Oleg Pogorelik, Avishay Sharaga, Ned M. Smith, Igor Muttik
-
Publication number: 20180048643Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.Type: ApplicationFiled: June 21, 2017Publication date: February 15, 2018Applicant: McAfee, Inc.Inventors: Avishay Sharaga, Alex Nayshtut, Oleg Pogorelik, Igor Muttik, Ned M. Smith
-
Publication number: 20170331738Abstract: Technologies for communicating with local components of a computing device include intercepting a name resolution request from a host application, resolving a hostname included in the name resolution request to obtain a network address assigned to a target destination of the network packet, and transmitting the network address to the host application in response to the name resolution request. Such technologies may also include receiving the network packet from the host application destined for the network address, determining whether the target destination of the network packet includes a local component of the computing device based on the network address, and transmitting the network packet to the local component of the computing device via a platform network in response to the network packet being destined for the local component of the computing device.Type: ApplicationFiled: December 19, 2016Publication date: November 16, 2017Inventors: Shlomo Avital, Avishay Sharaga
-
Patent number: 9798895Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.Type: GrantFiled: September 25, 2014Date of Patent: October 24, 2017Assignee: McAfee, Inc.Inventors: Alex Nayshtur, Ned Smith, Avishay Sharaga, Oleg Pogorelik, Abhilasha Bhargav-Spantzel, Michael Raziel, Avi Priev, Adi Shaliv, Igor Muttik
-
Patent number: 9749377Abstract: An apparatus may include a transceiver and a processor circuit coupled to the transceiver. The apparatus may also include a local packet data network access module operable on the processor circuit to schedule for transmission from the transceiver to a mobility management entity (MME) a request from a user equipment (UE) for access to a local network, to generate a request for authentication to be sent to the UE, and to receive authentication information sent in response to the request for authentication. Other embodiments are disclosed and claimed.Type: GrantFiled: December 16, 2011Date of Patent: August 29, 2017Assignee: INTEL CORPORATIONInventors: Sasha Sirotkin, Muthaiah Venkatachalam, Avishay Sharaga
-
Patent number: 9621547Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.Type: GrantFiled: December 22, 2014Date of Patent: April 11, 2017Assignee: McAfee, Inc.Inventors: Avishay Sharaga, Alex Nayshtut, Oleg Pogorelik, Igor Muttik, Ned M. Smith