Patents by Inventor Dan Morav
Dan Morav has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230075399Abstract: An integrated circuit (IC) is provided. The IC includes a molding compound, a plurality of pins, an exposed pad, a die surrounded by the molding compound, an adhesive material, and a plurality of bonding wires. The pins are disposed on at least one edge of the molding compound and separated from each other. The adhesive material is disposed between the die and the exposed pad and surrounded by the molding compound. The exposed pad is electrically connected to the die through one of the bonding wires, and the pins are electrically connected to the die through the remaining bonding wires. The die is configured to detect whether a chassis intrusion event is present in response to a signal from the exposed pad.Type: ApplicationFiled: August 16, 2022Publication date: March 9, 2023Inventors: Uri TRICHTER, Tsung-Hsueh LI, Dan MORAV, Benny SHATIT, Lior ALBAZ, Ming-Che HUNG
-
Patent number: 11601268Abstract: A device including a network interface, a memory and a processor. The network interface is configured to communicate with a verifier over a communication network. The memory is configured to store multiple layers of mutable code, the layers identifiable by respective measurements. The processor is configured to generate, for a given boot cycle, a nonce associated uniquely with the given boot cycle, to receive a challenge from the verifier for attestation of a given layer of the mutable code, to calculate an attestation key based on (i) a Unique Device Secret (UDS) stored securely in the device, (ii) a measurement of the given layer taken by another layer, and (iii) the nonce generated for the given boot cycle, to calculate a response for the challenge, by signing the challenge using the attestation key, and to send the response to the verifier for verification of the given layer.Type: GrantFiled: August 3, 2020Date of Patent: March 7, 2023Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ziv Hershman, Dan Morav
-
Patent number: 11574079Abstract: A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.Type: GrantFiled: May 27, 2021Date of Patent: February 7, 2023Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Dan Morav, Ziv Hershman, Oren Tanami
-
Publication number: 20220382911Abstract: A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.Type: ApplicationFiled: May 27, 2021Publication date: December 1, 2022Inventors: Dan Morav, Ziv Hershman, Oren Tanami
-
Patent number: 11385902Abstract: A computer system includes one or more memory devices, non-resettable memory elements and a processor. The first memory device is configured to store in the one or more memory devices (i) a first version of a multi-stage bootstrap program for bootstrapping the computer system, the bootstrap program including a self-test program that tests the bootstrap program, and (ii) a second version of the bootstrap program known to be trustworthy. The non-resettable memory elements are configured to store non-resettable indicators including at least a self-test-request indicator and a self-test-passed indicator. The processor is configured to retrieve the first version of the bootstrap program, and, if the first version is at least as recent as the trustworthy second version, to bootstrap the computer system securely using the first version and the non-resettable indicators.Type: GrantFiled: July 15, 2020Date of Patent: July 12, 2022Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Moshe Alon, Avraham Fishman, Dan Morav, Eyal Cohen, Uri Trichter
-
Patent number: 11321458Abstract: An Integrated Circuit (IC) includes functional circuitry and protection circuitry. The protection circuitry is configured to maintain a counter value, which is indicative of a cumulative amount of hostile attacking attempted on the functional circuitry over a lifetime of the IC, to detect events indicative of suspected hostile attacks on the functional circuitry, to decide, responsively to a detected event, on an update of the counter value depending on a time difference between the detected event and a most recent power-up in the IC, and update the counter value in accordance with the decided update, and to disable at least part of the IC in response to the counter value crossing a threshold.Type: GrantFiled: January 28, 2020Date of Patent: May 3, 2022Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ziv Hershman, Dan Morav
-
Publication number: 20220038272Abstract: A device including a network interface, a memory and a processor. The network interface is configured to communicate with a verifier over a communication network. The memory is configured to store multiple layers of mutable code, the layers identifiable by respective measurements. The processor is configured to generate, for a given boot cycle, a nonce associated uniquely with the given boot cycle, to receive a challenge from the verifier for attestation of a given layer of the mutable code, to calculate an attestation key based on (i) a Unique Device Secret (UDS) stored securely in the device, (ii) a measurement of the given layer taken by another layer, and (iii) the nonce generated for the given boot cycle, to calculate a response for the challenge, by signing the challenge using the attestation key, and to send the response to the verifier for verification of the given layer.Type: ApplicationFiled: August 3, 2020Publication date: February 3, 2022Inventors: Ziv Hershman, Dan Morav
-
Publication number: 20210232679Abstract: An Integrated Circuit (IC) includes functional circuitry and protection circuitry. The protection circuitry is configured to maintain a counter value, which is indicative of a cumulative amount of hostile attacking attempted on the functional circuitry over a lifetime of the IC, to detect events indicative of suspected hostile attacks on the functional circuitry, to decide, responsively to a detected event, on an update of the counter value depending on a time difference between the detected event and a most recent power-up in the IC, and update the counter value in accordance with the decided update, and to disable at least part of the IC in response to the counter value crossing a threshold.Type: ApplicationFiled: January 28, 2020Publication date: July 29, 2021Inventors: Ziv Hershman, Dan Morav
-
Publication number: 20210149681Abstract: A computer system includes one or more memory devices, non-resettable memory elements and a processor. The first memory device is configured to store in the one or more memory devices (i) a first version of a multi-stage bootstrap program for bootstrapping the computer system, the bootstrap program including a self-test program that tests the bootstrap program, and (ii) a second version of the bootstrap program known to be trustworthy. The non-resettable memory elements are configured to store non-resettable indicators including at least a self-test-request indicator and a self-test-passed indicator. The processor is configured to retrieve the first version of the bootstrap program, and, if the first version is at least as recent as the trustworthy second version, to bootstrap the computer system securely using the first version and the non-resettable indicators.Type: ApplicationFiled: July 15, 2020Publication date: May 20, 2021Inventors: Moshe Alon, Avraham Fishman, Dan Morav, Eyal Cohen, Uri Trichter
-
Patent number: 10936722Abstract: A method for initializing a computer system, which includes a Central Processing Unit (CPU), a Trusted Root Device and a Trusted Platform Module (TPM), includes authenticating a boot code of the CPU using the Trusted Root Device, and booting the CPU using the authenticated boot code. A challenge-response transaction, in which the TPM authenticates the Trusted Root Device, is initiated by the CPU following booting of the CPU. Only in response to successful authentication of the Trusted Root Device using the challenge-response transaction, a resource used in operating the computer system is released from the TPM.Type: GrantFiled: April 18, 2018Date of Patent: March 2, 2021Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Moshe Alon, Ziv Hershman, Dan Morav
-
Patent number: 10846438Abstract: A controller includes a host interface and a processor. The host interface is configured for communicating with a host. The processor is configured to receive from the host, via the host interface, instructions for execution in a Non-Volatile Memory (NVM), to identify among the instructions an instruction, which pertains to a secure monotonic counter and is intended for execution in an NVM having a secure monotonic counter embedded therein, and to execute the identified instruction, and respond to the host responsively to the instruction, instead of the NVM.Type: GrantFiled: July 4, 2019Date of Patent: November 24, 2020Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ziv Hershman, Dan Morav, Moshe Alon
-
Patent number: 10783250Abstract: A secured device includes an interface and a processor. The interface is configured to connect to a bus, to which a host and a second device are coupled. At least the second device operates over the bus in a slave mode, and the host operates on the bus as a bus master that initiates transactions on the bus, at least on behalf of the secured device. The processor is configured to request the host to initiate, for the secured device, a transaction that accesses the second device over the bus, to monitor one or more signals on the bus, at least within a period during which the host accesses the second device over the bus in performing the requested transaction, and to identify, based on the monitored signals, whether a security violation occurred in performing the requested transaction.Type: GrantFiled: April 7, 2019Date of Patent: September 22, 2020Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ziv Hershman, Dan Morav
-
Patent number: 10691807Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves a host device and a non-volatile memory (NVM) device. The processor is connected to the bus in addition to the host device and the NVM device. The processor is configured to detect on the bus a boot process, in which the host device retrieves boot code from the NVM device, and to ascertain a security of the boot process, based on an authentic copy of at least part of the boot code of the host device.Type: GrantFiled: April 7, 2019Date of Patent: June 23, 2020Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ziv Hershman, Dan Morav, Ilan Margalit, Nimrod Peled, Moshe Alon
-
Patent number: 10496289Abstract: A system for improving utilization of a nonvolatile flash memory device which has pages whose guaranteed per-cycle erase time and guaranteed number of cycles are known, the system comprising erase time determination functionality for individual pages; de-facto total erase-time accumulation functionality incrementing, for each erase cycle to which an individual page is subjected, by the individual page's de facto erase time per cycle as provided by the erase time measurement functionality; and flash memory page usage monitoring functionality operative to control usage of pages in flash memory including selecting at least one individual flash memory page depending on a comparison between the individual flash memory page's de facto total erase time and a guaranteed erase time computed as a product of the guaranteed per-cycle erase time and of the guaranteed number of cycles.Type: GrantFiled: June 16, 2016Date of Patent: December 3, 2019Assignee: NUVOTON TECHNOLOGY CORPORATIONInventors: Ilan Margalit, Ziv Hershman, Dan Morav, Einat Luko, Oren Tanami, Yossef Talmi
-
Publication number: 20190325140Abstract: A method for initializing a computer system, which includes a Central Processing Unit (CPU), a Trusted Root Device and a Trusted Platform Module (TPM), includes authenticating a boot code of the CPU using the Trusted Root Device, and booting the CPU using the authenticated boot code. A challenge-response transaction, in which the TPM authenticates the Trusted Root Device, is initiated by the CPU following booting of the CPU. Only in response to successful authentication of the Trusted Root Device using the challenge-response transaction, a resource used in operating the computer system is released from the TPM.Type: ApplicationFiled: April 18, 2018Publication date: October 24, 2019Inventors: Moshe Alon, Ziv Hershman, Dan Morav
-
Publication number: 20190325167Abstract: A controller includes a host interface and a processor. The host interface is configured for communicating with a host. The processor is configured to receive from the host, via the host interface, instructions for execution in a Non-Volatile Memory (NVM), to identify among the instructions an instruction, which pertains to a secure monotonic counter and is intended for execution in an NVM having a secure monotonic counter embedded therein, and to execute the identified instruction, and respond to the host responsively to the instruction, instead of the NVM.Type: ApplicationFiled: July 4, 2019Publication date: October 24, 2019Inventors: Ziv Hershman, Dan Morav, Moshe Alon
-
Patent number: 10452582Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves one or more peripheral devices. The bus includes (i) one or more dedicated signals that are each dedicated to a respective one of the peripheral devices, and (ii) one or more shared signals that are shared among the peripheral devices served by the bus. The processor is connected to the bus as an additional device in addition to the peripheral devices, and is configured to disrupt on the bus a transaction in which a bus-master device attempts to access a given peripheral device, by disrupting a dedicated signal associated with the given peripheral device.Type: GrantFiled: April 18, 2018Date of Patent: October 22, 2019Assignee: Nuvoton Technology CorporationInventors: Ziv Hershman, Moshe Alon, Dan Morav, Oren Tanami
-
Publication number: 20190236276Abstract: A secured device includes an interface and a processor. The interface is configured to connect to a bus, to which a host and a second device are coupled. At least the second device operates over the bus in a slave mode, and the host operates on the bus as a bus master that initiates transactions on the bus, at least on behalf of the secured device. The processor is configured to request the host to initiate, for the secured device, a transaction that accesses the second device over the bus, to monitor one or more signals on the bus, at least within a period during which the host accesses the second device over the bus in performing the requested transaction, and to identify, based on the monitored signals, whether a security violation occurred in performing the requested transaction.Type: ApplicationFiled: April 7, 2019Publication date: August 1, 2019Inventors: Ziv Hershman, Dan Morav
-
Publication number: 20190236281Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves a host device and a non-volatile memory (NVM) device. The processor is connected to the bus in addition to the host device and the NVM device. The processor is configured to detect on the bus a boot process, in which the host device retrieves boot code from the NVM device, and to ascertain a security of the boot process, based on an authentic copy of at least part of the boot code of the host device.Type: ApplicationFiled: April 7, 2019Publication date: August 1, 2019Inventors: Ziv Hershman, Dan Morav, Ilan Margalit, Nimrod Peled, Moshe Alon
-
Publication number: 20190179774Abstract: An apparatus includes a memory, an interface and read restriction logic. The read restriction logic is configured to receive via the interface a request to read a data value from a specified address of the memory, to retrieve the data value from the specified address, to check, upon finding that the specified address falls in an address range that is predefined as restricted, whether the retrieved data value belongs to a predefined set of permitted data values, to respond to the request with the retrieved data value when the retrieved data value belongs to the set of permitted data values, and, otherwise, when the retrieved data value does not belong to the set of permitted data values, to respond to the request with a dummy data value.Type: ApplicationFiled: December 7, 2017Publication date: June 13, 2019Inventors: Ziv Hershman, Dan Morav