Patents by Inventor Dan Morav

Dan Morav has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20230075399
    Abstract: An integrated circuit (IC) is provided. The IC includes a molding compound, a plurality of pins, an exposed pad, a die surrounded by the molding compound, an adhesive material, and a plurality of bonding wires. The pins are disposed on at least one edge of the molding compound and separated from each other. The adhesive material is disposed between the die and the exposed pad and surrounded by the molding compound. The exposed pad is electrically connected to the die through one of the bonding wires, and the pins are electrically connected to the die through the remaining bonding wires. The die is configured to detect whether a chassis intrusion event is present in response to a signal from the exposed pad.
    Type: Application
    Filed: August 16, 2022
    Publication date: March 9, 2023
    Inventors: Uri TRICHTER, Tsung-Hsueh LI, Dan MORAV, Benny SHATIT, Lior ALBAZ, Ming-Che HUNG
  • Patent number: 11601268
    Abstract: A device including a network interface, a memory and a processor. The network interface is configured to communicate with a verifier over a communication network. The memory is configured to store multiple layers of mutable code, the layers identifiable by respective measurements. The processor is configured to generate, for a given boot cycle, a nonce associated uniquely with the given boot cycle, to receive a challenge from the verifier for attestation of a given layer of the mutable code, to calculate an attestation key based on (i) a Unique Device Secret (UDS) stored securely in the device, (ii) a measurement of the given layer taken by another layer, and (iii) the nonce generated for the given boot cycle, to calculate a response for the challenge, by signing the challenge using the attestation key, and to send the response to the verifier for verification of the given layer.
    Type: Grant
    Filed: August 3, 2020
    Date of Patent: March 7, 2023
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Dan Morav
  • Patent number: 11574079
    Abstract: A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: February 7, 2023
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Dan Morav, Ziv Hershman, Oren Tanami
  • Publication number: 20220382911
    Abstract: A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.
    Type: Application
    Filed: May 27, 2021
    Publication date: December 1, 2022
    Inventors: Dan Morav, Ziv Hershman, Oren Tanami
  • Patent number: 11385902
    Abstract: A computer system includes one or more memory devices, non-resettable memory elements and a processor. The first memory device is configured to store in the one or more memory devices (i) a first version of a multi-stage bootstrap program for bootstrapping the computer system, the bootstrap program including a self-test program that tests the bootstrap program, and (ii) a second version of the bootstrap program known to be trustworthy. The non-resettable memory elements are configured to store non-resettable indicators including at least a self-test-request indicator and a self-test-passed indicator. The processor is configured to retrieve the first version of the bootstrap program, and, if the first version is at least as recent as the trustworthy second version, to bootstrap the computer system securely using the first version and the non-resettable indicators.
    Type: Grant
    Filed: July 15, 2020
    Date of Patent: July 12, 2022
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Moshe Alon, Avraham Fishman, Dan Morav, Eyal Cohen, Uri Trichter
  • Patent number: 11321458
    Abstract: An Integrated Circuit (IC) includes functional circuitry and protection circuitry. The protection circuitry is configured to maintain a counter value, which is indicative of a cumulative amount of hostile attacking attempted on the functional circuitry over a lifetime of the IC, to detect events indicative of suspected hostile attacks on the functional circuitry, to decide, responsively to a detected event, on an update of the counter value depending on a time difference between the detected event and a most recent power-up in the IC, and update the counter value in accordance with the decided update, and to disable at least part of the IC in response to the counter value crossing a threshold.
    Type: Grant
    Filed: January 28, 2020
    Date of Patent: May 3, 2022
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Dan Morav
  • Publication number: 20220038272
    Abstract: A device including a network interface, a memory and a processor. The network interface is configured to communicate with a verifier over a communication network. The memory is configured to store multiple layers of mutable code, the layers identifiable by respective measurements. The processor is configured to generate, for a given boot cycle, a nonce associated uniquely with the given boot cycle, to receive a challenge from the verifier for attestation of a given layer of the mutable code, to calculate an attestation key based on (i) a Unique Device Secret (UDS) stored securely in the device, (ii) a measurement of the given layer taken by another layer, and (iii) the nonce generated for the given boot cycle, to calculate a response for the challenge, by signing the challenge using the attestation key, and to send the response to the verifier for verification of the given layer.
    Type: Application
    Filed: August 3, 2020
    Publication date: February 3, 2022
    Inventors: Ziv Hershman, Dan Morav
  • Publication number: 20210232679
    Abstract: An Integrated Circuit (IC) includes functional circuitry and protection circuitry. The protection circuitry is configured to maintain a counter value, which is indicative of a cumulative amount of hostile attacking attempted on the functional circuitry over a lifetime of the IC, to detect events indicative of suspected hostile attacks on the functional circuitry, to decide, responsively to a detected event, on an update of the counter value depending on a time difference between the detected event and a most recent power-up in the IC, and update the counter value in accordance with the decided update, and to disable at least part of the IC in response to the counter value crossing a threshold.
    Type: Application
    Filed: January 28, 2020
    Publication date: July 29, 2021
    Inventors: Ziv Hershman, Dan Morav
  • Publication number: 20210149681
    Abstract: A computer system includes one or more memory devices, non-resettable memory elements and a processor. The first memory device is configured to store in the one or more memory devices (i) a first version of a multi-stage bootstrap program for bootstrapping the computer system, the bootstrap program including a self-test program that tests the bootstrap program, and (ii) a second version of the bootstrap program known to be trustworthy. The non-resettable memory elements are configured to store non-resettable indicators including at least a self-test-request indicator and a self-test-passed indicator. The processor is configured to retrieve the first version of the bootstrap program, and, if the first version is at least as recent as the trustworthy second version, to bootstrap the computer system securely using the first version and the non-resettable indicators.
    Type: Application
    Filed: July 15, 2020
    Publication date: May 20, 2021
    Inventors: Moshe Alon, Avraham Fishman, Dan Morav, Eyal Cohen, Uri Trichter
  • Patent number: 10936722
    Abstract: A method for initializing a computer system, which includes a Central Processing Unit (CPU), a Trusted Root Device and a Trusted Platform Module (TPM), includes authenticating a boot code of the CPU using the Trusted Root Device, and booting the CPU using the authenticated boot code. A challenge-response transaction, in which the TPM authenticates the Trusted Root Device, is initiated by the CPU following booting of the CPU. Only in response to successful authentication of the Trusted Root Device using the challenge-response transaction, a resource used in operating the computer system is released from the TPM.
    Type: Grant
    Filed: April 18, 2018
    Date of Patent: March 2, 2021
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Moshe Alon, Ziv Hershman, Dan Morav
  • Patent number: 10846438
    Abstract: A controller includes a host interface and a processor. The host interface is configured for communicating with a host. The processor is configured to receive from the host, via the host interface, instructions for execution in a Non-Volatile Memory (NVM), to identify among the instructions an instruction, which pertains to a secure monotonic counter and is intended for execution in an NVM having a secure monotonic counter embedded therein, and to execute the identified instruction, and respond to the host responsively to the instruction, instead of the NVM.
    Type: Grant
    Filed: July 4, 2019
    Date of Patent: November 24, 2020
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Dan Morav, Moshe Alon
  • Patent number: 10783250
    Abstract: A secured device includes an interface and a processor. The interface is configured to connect to a bus, to which a host and a second device are coupled. At least the second device operates over the bus in a slave mode, and the host operates on the bus as a bus master that initiates transactions on the bus, at least on behalf of the secured device. The processor is configured to request the host to initiate, for the secured device, a transaction that accesses the second device over the bus, to monitor one or more signals on the bus, at least within a period during which the host accesses the second device over the bus in performing the requested transaction, and to identify, based on the monitored signals, whether a security violation occurred in performing the requested transaction.
    Type: Grant
    Filed: April 7, 2019
    Date of Patent: September 22, 2020
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Dan Morav
  • Patent number: 10691807
    Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves a host device and a non-volatile memory (NVM) device. The processor is connected to the bus in addition to the host device and the NVM device. The processor is configured to detect on the bus a boot process, in which the host device retrieves boot code from the NVM device, and to ascertain a security of the boot process, based on an authentic copy of at least part of the boot code of the host device.
    Type: Grant
    Filed: April 7, 2019
    Date of Patent: June 23, 2020
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Dan Morav, Ilan Margalit, Nimrod Peled, Moshe Alon
  • Patent number: 10496289
    Abstract: A system for improving utilization of a nonvolatile flash memory device which has pages whose guaranteed per-cycle erase time and guaranteed number of cycles are known, the system comprising erase time determination functionality for individual pages; de-facto total erase-time accumulation functionality incrementing, for each erase cycle to which an individual page is subjected, by the individual page's de facto erase time per cycle as provided by the erase time measurement functionality; and flash memory page usage monitoring functionality operative to control usage of pages in flash memory including selecting at least one individual flash memory page depending on a comparison between the individual flash memory page's de facto total erase time and a guaranteed erase time computed as a product of the guaranteed per-cycle erase time and of the guaranteed number of cycles.
    Type: Grant
    Filed: June 16, 2016
    Date of Patent: December 3, 2019
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ilan Margalit, Ziv Hershman, Dan Morav, Einat Luko, Oren Tanami, Yossef Talmi
  • Publication number: 20190325140
    Abstract: A method for initializing a computer system, which includes a Central Processing Unit (CPU), a Trusted Root Device and a Trusted Platform Module (TPM), includes authenticating a boot code of the CPU using the Trusted Root Device, and booting the CPU using the authenticated boot code. A challenge-response transaction, in which the TPM authenticates the Trusted Root Device, is initiated by the CPU following booting of the CPU. Only in response to successful authentication of the Trusted Root Device using the challenge-response transaction, a resource used in operating the computer system is released from the TPM.
    Type: Application
    Filed: April 18, 2018
    Publication date: October 24, 2019
    Inventors: Moshe Alon, Ziv Hershman, Dan Morav
  • Publication number: 20190325167
    Abstract: A controller includes a host interface and a processor. The host interface is configured for communicating with a host. The processor is configured to receive from the host, via the host interface, instructions for execution in a Non-Volatile Memory (NVM), to identify among the instructions an instruction, which pertains to a secure monotonic counter and is intended for execution in an NVM having a secure monotonic counter embedded therein, and to execute the identified instruction, and respond to the host responsively to the instruction, instead of the NVM.
    Type: Application
    Filed: July 4, 2019
    Publication date: October 24, 2019
    Inventors: Ziv Hershman, Dan Morav, Moshe Alon
  • Patent number: 10452582
    Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves one or more peripheral devices. The bus includes (i) one or more dedicated signals that are each dedicated to a respective one of the peripheral devices, and (ii) one or more shared signals that are shared among the peripheral devices served by the bus. The processor is connected to the bus as an additional device in addition to the peripheral devices, and is configured to disrupt on the bus a transaction in which a bus-master device attempts to access a given peripheral device, by disrupting a dedicated signal associated with the given peripheral device.
    Type: Grant
    Filed: April 18, 2018
    Date of Patent: October 22, 2019
    Assignee: Nuvoton Technology Corporation
    Inventors: Ziv Hershman, Moshe Alon, Dan Morav, Oren Tanami
  • Publication number: 20190236276
    Abstract: A secured device includes an interface and a processor. The interface is configured to connect to a bus, to which a host and a second device are coupled. At least the second device operates over the bus in a slave mode, and the host operates on the bus as a bus master that initiates transactions on the bus, at least on behalf of the secured device. The processor is configured to request the host to initiate, for the secured device, a transaction that accesses the second device over the bus, to monitor one or more signals on the bus, at least within a period during which the host accesses the second device over the bus in performing the requested transaction, and to identify, based on the monitored signals, whether a security violation occurred in performing the requested transaction.
    Type: Application
    Filed: April 7, 2019
    Publication date: August 1, 2019
    Inventors: Ziv Hershman, Dan Morav
  • Publication number: 20190236281
    Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves a host device and a non-volatile memory (NVM) device. The processor is connected to the bus in addition to the host device and the NVM device. The processor is configured to detect on the bus a boot process, in which the host device retrieves boot code from the NVM device, and to ascertain a security of the boot process, based on an authentic copy of at least part of the boot code of the host device.
    Type: Application
    Filed: April 7, 2019
    Publication date: August 1, 2019
    Inventors: Ziv Hershman, Dan Morav, Ilan Margalit, Nimrod Peled, Moshe Alon
  • Publication number: 20190179774
    Abstract: An apparatus includes a memory, an interface and read restriction logic. The read restriction logic is configured to receive via the interface a request to read a data value from a specified address of the memory, to retrieve the data value from the specified address, to check, upon finding that the specified address falls in an address range that is predefined as restricted, whether the retrieved data value belongs to a predefined set of permitted data values, to respond to the request with the retrieved data value when the retrieved data value belongs to the set of permitted data values, and, otherwise, when the retrieved data value does not belong to the set of permitted data values, to respond to the request with a dummy data value.
    Type: Application
    Filed: December 7, 2017
    Publication date: June 13, 2019
    Inventors: Ziv Hershman, Dan Morav