Patents by Inventor Donald P. Matthews
Donald P. Matthews has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11860797Abstract: Restricting peripheral device protocols in confidential compute architectures, the method including: receiving a first address translation request from a peripheral device supporting a first protocol, wherein the first protocol supports cache coherency between the peripheral device and a processor cache; determining that a confidential compute architecture is enabled; and providing, in response to the first address translation request, a response including an indication to the peripheral device to not use the first protocol.Type: GrantFiled: December 30, 2021Date of Patent: January 2, 2024Assignees: ADVANCED MICRO DEVICES, INC., ATI TECHNOLOGIES ULCInventors: Philip Ng, Nippon Raval, David A. Kaplan, Donald P. Matthews, Jr.
-
Patent number: 11816228Abstract: Systems, apparatuses, and methods for implementing a metadata tweak for channel encryption differentiation are disclosed. A memory controller retrieves a device-unique identifier (ID) from a memory device coupled to a given memory channel slot. The memory controller uses the device-unique ID to generate a tweak value used for encrypting data stored in the device. In one scenario, the device-unique ID is embedded in the address bits of the tweak process. In this way, the memory device can be migrated to a different memory channel since the data can be decrypted independently of the channel. This is possible since the device-unique ID used for the tweak operation is retrieved from the metadata stored locally on the memory device. In one implementation, the memory device is a persistent dual in-line memory module (DIMM). In some implementations, the link between memory controller and memory device is a compute express link (CXL) compliant link.Type: GrantFiled: September 25, 2020Date of Patent: November 14, 2023Assignee: Advanced Micro Devices, Inc.Inventors: Donald P. Matthews, Jr., William A. Moyes
-
Publication number: 20230229603Abstract: Restricting peripheral device protocols in confidential compute architectures, the method including: receiving a first address translation request from a peripheral device supporting a first protocol, wherein the first protocol supports cache coherency between the peripheral device and a processor cache; determining that a confidential compute architecture is enabled; and providing, in response to the first address translation request, a response including an indication to the peripheral device to not use the first protocol.Type: ApplicationFiled: December 30, 2021Publication date: July 20, 2023Inventors: PHILIP NG, NIPPON RAVAL, DAVID A. KAPLAN, DONALD P. MATTHEWS, JR.
-
Publication number: 20220100870Abstract: Systems, apparatuses, and methods for implementing a metadata tweak for channel encryption differentiation are disclosed. A memory controller retrieves a device-unique identifier (ID) from a memory device coupled to a given memory channel slot. The memory controller uses the device-unique ID to generate a tweak value used for encrypting data stored in the device. In one scenario, the device-unique ID is embedded in the address bits of the tweak process. In this way, the memory device can be migrated to a different memory channel since the data can be decrypted independently of the channel. This is possible since the device-unique ID used for the tweak operation is retrieved from the metadata stored locally on the memory device. In one implementation, the memory device is a persistent dual in-line memory module (DIMM). In some implementations, the link between memory controller and memory device is a compute express link (CXL) compliant link.Type: ApplicationFiled: September 25, 2020Publication date: March 31, 2022Inventors: Donald P. Matthews, JR., William A. Moyes
-
Patent number: 10313128Abstract: A method of providing security in a computer system includes producing a plurality of sub-keys from key material and a respective address of a memory location in a memory and possibly other information. The method may include mixing the sub-keys together using a binary tree of exclusive-or operations, and to produce an intermediate result. The method may include performing a scrambling operation on the intermediate result to produce a key with which a block of ciphertext may be produced. And the method may include performing a write operation to write the block of ciphertext at the memory location having the respective address. In this regard, the memory may include a window of memory locations each of which stores a respective block of ciphertext produced with a respective key that changes from memory location to memory location.Type: GrantFiled: August 29, 2014Date of Patent: June 4, 2019Assignee: THE BOEING COMPANYInventors: Laszlo Hars, Donald P. Matthews
-
Patent number: 9876641Abstract: A system and method for using mixing functions to generate and manipulate authentication keys based on the data being decrypted to mitigate the effect of side channel attacks based on differential power analysis (DPA). The mixing function may be based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations.Type: GrantFiled: October 8, 2015Date of Patent: January 23, 2018Assignee: THE BOEING COMPANYInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Patent number: 9729310Abstract: A system and method for providing a scrambled counter mode encryption for a device that mitigates the effect of side channel attacks based on differential power analysis (DPA). The scrambled counter mode encryption engine creates noise at the start of the encryption process by obfuscating the counter value with the use of the very fast mixing function, such as a mixing function based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations. Because the counter values are scrambled and the mixing functions operate very fast in parallel hardware, the input of the block cipher is pseudorandom and groups of blocks can't be correlated. The output of the block cipher is XORed with a plaintext message to obtain a cipher text message.Type: GrantFiled: October 8, 2015Date of Patent: August 8, 2017Assignee: The Boeing CompanyInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Publication number: 20170104581Abstract: A system and method for providing a scrambled counter mode encryption for a device that mitigates the effect of side channel attacks based on differential power analysis (DPA). The scrambled counter mode encryption engine creates noise at the start of the encryption process by obfuscating the counter value with the use of the very fast mixing function, such as a mixing function based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations. Because the counter values are scrambled and the mixing functions operate very fast in parallel hardware, the input of the block cipher is pseudorandom and groups of blocks can't be correlated. The output of the block cipher is XORed with a plaintext message to obtain a cipher text message.Type: ApplicationFiled: October 8, 2015Publication date: April 13, 2017Inventors: Laszlo Hars, Donald P. Matthews, JR.
-
Publication number: 20170104594Abstract: A system and method for using mixing functions to generate and manipulate authentication keys based on the data being decrypted to mitigate the effect of side channel attacks based on differential power analysis (DPA). The mixing function may be based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations.Type: ApplicationFiled: October 8, 2015Publication date: April 13, 2017Inventors: Laszlo Hars, Donald P. Matthews, JR.
-
Patent number: 9396136Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: GrantFiled: October 13, 2014Date of Patent: July 19, 2016Assignee: Seagate Technology LLCInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Publication number: 20150052370Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: ApplicationFiled: October 13, 2014Publication date: February 19, 2015Inventors: Laszlo Hars, Donald P. Matthews, JR.
-
Patent number: 8862902Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: GrantFiled: April 29, 2011Date of Patent: October 14, 2014Assignee: Seagate Technology LLCInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Publication number: 20120278635Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: ApplicationFiled: April 29, 2011Publication date: November 1, 2012Applicant: SEAGATE TECHNOLOGY LLCInventors: Laszlo Hars, Donald P. Matthews, JR.
-
Patent number: 8190920Abstract: A method of establishing security in an electronic device. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided.Type: GrantFiled: September 17, 2007Date of Patent: May 29, 2012Assignee: Seagate Technology LLCInventor: Donald P. Matthews, Jr.
-
Patent number: 7568110Abstract: Methods and apparatus are provided for decoupling a cryptography accelerator interface from cryptographic processing cores. A shared resource is provided at the cryptography accelerator interface having multiple input ports. References to data in the shared resource are provided to allow processing and ordering of data in preparation for processing by cryptographic processing cores without substantial numbers of separate buffers in the cryptographic processing data paths.Type: GrantFiled: January 23, 2003Date of Patent: July 28, 2009Assignee: Broadcom CorporationInventors: Mark Buer, Donald P. Matthews
-
Publication number: 20090077389Abstract: A method of establishing security in an electronic device. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided.Type: ApplicationFiled: September 17, 2007Publication date: March 19, 2009Applicant: Seagate Technology LLCInventor: Donald P. Matthews, JR.
-
Patent number: 7434043Abstract: Methods and apparatus are provided for handling data at a cryptography accelerator output interface. A shared resource such as a shared output buffer is provided at the cryptography accelerator output interface having multiple output ports. The output interface shared resource can be allocated amongst the various output ports based on characteristics and requirements of the various input ports. References to data in the shared resource allow processing and ordering of data following processing by cryptographic processing cores.Type: GrantFiled: January 23, 2003Date of Patent: October 7, 2008Assignee: Broadcom CorporationInventors: Mark Buer, Donald P. Matthews
-
Patent number: 7403615Abstract: Methods and apparatus are provided for improving ARC4 processing in a cryptography engine. A multiple ported memory can be used to allow pipelined read and write access to values in memory. Coherency checking can be applied to provide that read-after-write and write-after-write consistency is maintained. Initialization of the memory can be improved with a reset feature occurring in a single cycle. Key shuffle and key stream generation can also be performed using a single core.Type: GrantFiled: December 20, 2001Date of Patent: July 22, 2008Assignee: Broadcom CorporationInventor: Donald P. Matthews, Jr.
-
Patent number: 7376826Abstract: Methods and apparatus are provided for a cryptography accelerator to efficiently perform authentication and encryption operations. A data sequence is received at a cryptography accelerator. An encrypted authentication code and an encrypted data sequence is provided efficiently upon performing single pass authentication and encryption operations on the data sequence.Type: GrantFiled: May 31, 2002Date of Patent: May 20, 2008Assignee: Broadcom CorporationInventors: Joseph Tardo, Donald P. Matthews
-
Patent number: 6825222Abstract: The present invention is directed to compounds represented by Structural Formula I and pharmaceutically acceptable salts, solvates and hydrates thereof, and methods of making, methods of using and pharmaceutical compositions having compounds represented by Structural Formula I and pharmaceutically acceptable salts, solvates and hydrates thereof: In Structural Formula I, n is 2, 3, or 4; V is O or S; W is O, S, or SO2; R1 is H, a C1-C4 alkyl, phenyl or trifluoromethyl; R2 are each, independently, H, a C1-C6 alkyl, an aryl-C1-C6 alkyl, a cycloalkyl-C1-C4 alkyl, an aryl, a cycloalkyl, or together with the phenyl to which they are bound form naphthyl or 1,2,3,4-tetrahydronaphthyl; R3 are each, independently, H, a C1-C6 alkyl, an aryl-C1-C6 alkyl, a cycloalkyl-C1-C4 alkyl, an aryl, or a cycloalkyl; R4 are each, independently, H, a C1-C4 alkyl, an aryl, or benzyl; R5 are each, independently, H, a substituted or unsubstituted aryl or a heteroaryl, provided that at least one R5 is a substituted or uType: GrantFiled: May 7, 2003Date of Patent: November 30, 2004Assignees: Eli Lilly and Company, Ligand Pharmaceuticals, Inc.Inventors: Dawn A. Brooks, Christopher J. Rito, Anthony J. Shuker, Samuel J. Dominianni, Alan M. Warshawsky, Lynn S. Gossett, Donald P. Matthews, David A. Hay, Robert J. Ardecky, Pierre-Yves Michellys, John S. Tyhonas