Patents by Inventor Donald P. Matthews, Jr.
Donald P. Matthews, Jr. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11860797Abstract: Restricting peripheral device protocols in confidential compute architectures, the method including: receiving a first address translation request from a peripheral device supporting a first protocol, wherein the first protocol supports cache coherency between the peripheral device and a processor cache; determining that a confidential compute architecture is enabled; and providing, in response to the first address translation request, a response including an indication to the peripheral device to not use the first protocol.Type: GrantFiled: December 30, 2021Date of Patent: January 2, 2024Assignees: ADVANCED MICRO DEVICES, INC., ATI TECHNOLOGIES ULCInventors: Philip Ng, Nippon Raval, David A. Kaplan, Donald P. Matthews, Jr.
-
Patent number: 11816228Abstract: Systems, apparatuses, and methods for implementing a metadata tweak for channel encryption differentiation are disclosed. A memory controller retrieves a device-unique identifier (ID) from a memory device coupled to a given memory channel slot. The memory controller uses the device-unique ID to generate a tweak value used for encrypting data stored in the device. In one scenario, the device-unique ID is embedded in the address bits of the tweak process. In this way, the memory device can be migrated to a different memory channel since the data can be decrypted independently of the channel. This is possible since the device-unique ID used for the tweak operation is retrieved from the metadata stored locally on the memory device. In one implementation, the memory device is a persistent dual in-line memory module (DIMM). In some implementations, the link between memory controller and memory device is a compute express link (CXL) compliant link.Type: GrantFiled: September 25, 2020Date of Patent: November 14, 2023Assignee: Advanced Micro Devices, Inc.Inventors: Donald P. Matthews, Jr., William A. Moyes
-
Publication number: 20230229603Abstract: Restricting peripheral device protocols in confidential compute architectures, the method including: receiving a first address translation request from a peripheral device supporting a first protocol, wherein the first protocol supports cache coherency between the peripheral device and a processor cache; determining that a confidential compute architecture is enabled; and providing, in response to the first address translation request, a response including an indication to the peripheral device to not use the first protocol.Type: ApplicationFiled: December 30, 2021Publication date: July 20, 2023Inventors: PHILIP NG, NIPPON RAVAL, DAVID A. KAPLAN, DONALD P. MATTHEWS, JR.
-
Publication number: 20220100870Abstract: Systems, apparatuses, and methods for implementing a metadata tweak for channel encryption differentiation are disclosed. A memory controller retrieves a device-unique identifier (ID) from a memory device coupled to a given memory channel slot. The memory controller uses the device-unique ID to generate a tweak value used for encrypting data stored in the device. In one scenario, the device-unique ID is embedded in the address bits of the tweak process. In this way, the memory device can be migrated to a different memory channel since the data can be decrypted independently of the channel. This is possible since the device-unique ID used for the tweak operation is retrieved from the metadata stored locally on the memory device. In one implementation, the memory device is a persistent dual in-line memory module (DIMM). In some implementations, the link between memory controller and memory device is a compute express link (CXL) compliant link.Type: ApplicationFiled: September 25, 2020Publication date: March 31, 2022Inventors: Donald P. Matthews, JR., William A. Moyes
-
Patent number: 9876641Abstract: A system and method for using mixing functions to generate and manipulate authentication keys based on the data being decrypted to mitigate the effect of side channel attacks based on differential power analysis (DPA). The mixing function may be based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations.Type: GrantFiled: October 8, 2015Date of Patent: January 23, 2018Assignee: THE BOEING COMPANYInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Patent number: 9729310Abstract: A system and method for providing a scrambled counter mode encryption for a device that mitigates the effect of side channel attacks based on differential power analysis (DPA). The scrambled counter mode encryption engine creates noise at the start of the encryption process by obfuscating the counter value with the use of the very fast mixing function, such as a mixing function based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations. Because the counter values are scrambled and the mixing functions operate very fast in parallel hardware, the input of the block cipher is pseudorandom and groups of blocks can't be correlated. The output of the block cipher is XORed with a plaintext message to obtain a cipher text message.Type: GrantFiled: October 8, 2015Date of Patent: August 8, 2017Assignee: The Boeing CompanyInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Publication number: 20170104581Abstract: A system and method for providing a scrambled counter mode encryption for a device that mitigates the effect of side channel attacks based on differential power analysis (DPA). The scrambled counter mode encryption engine creates noise at the start of the encryption process by obfuscating the counter value with the use of the very fast mixing function, such as a mixing function based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations. Because the counter values are scrambled and the mixing functions operate very fast in parallel hardware, the input of the block cipher is pseudorandom and groups of blocks can't be correlated. The output of the block cipher is XORed with a plaintext message to obtain a cipher text message.Type: ApplicationFiled: October 8, 2015Publication date: April 13, 2017Inventors: Laszlo Hars, Donald P. Matthews, JR.
-
Publication number: 20170104594Abstract: A system and method for using mixing functions to generate and manipulate authentication keys based on the data being decrypted to mitigate the effect of side channel attacks based on differential power analysis (DPA). The mixing function may be based on a XOR tree, substitution-permutation networks, or double-mix Feistel networks. The mixing function uses some secret key material, which diversifies its behavior between different instantiations.Type: ApplicationFiled: October 8, 2015Publication date: April 13, 2017Inventors: Laszlo Hars, Donald P. Matthews, JR.
-
Patent number: 9396136Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: GrantFiled: October 13, 2014Date of Patent: July 19, 2016Assignee: Seagate Technology LLCInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Publication number: 20150052370Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: ApplicationFiled: October 13, 2014Publication date: February 19, 2015Inventors: Laszlo Hars, Donald P. Matthews, JR.
-
Patent number: 8862902Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: GrantFiled: April 29, 2011Date of Patent: October 14, 2014Assignee: Seagate Technology LLCInventors: Laszlo Hars, Donald P. Matthews, Jr.
-
Publication number: 20120278635Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.Type: ApplicationFiled: April 29, 2011Publication date: November 1, 2012Applicant: SEAGATE TECHNOLOGY LLCInventors: Laszlo Hars, Donald P. Matthews, JR.
-
Patent number: 8190920Abstract: A method of establishing security in an electronic device. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided.Type: GrantFiled: September 17, 2007Date of Patent: May 29, 2012Assignee: Seagate Technology LLCInventor: Donald P. Matthews, Jr.
-
Publication number: 20090077389Abstract: A method of establishing security in an electronic device. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided.Type: ApplicationFiled: September 17, 2007Publication date: March 19, 2009Applicant: Seagate Technology LLCInventor: Donald P. Matthews, JR.
-
Patent number: 7403615Abstract: Methods and apparatus are provided for improving ARC4 processing in a cryptography engine. A multiple ported memory can be used to allow pipelined read and write access to values in memory. Coherency checking can be applied to provide that read-after-write and write-after-write consistency is maintained. Initialization of the memory can be improved with a reset feature occurring in a single cycle. Key shuffle and key stream generation can also be performed using a single core.Type: GrantFiled: December 20, 2001Date of Patent: July 22, 2008Assignee: Broadcom CorporationInventor: Donald P. Matthews, Jr.
-
Patent number: 6549622Abstract: The system and method of the present invention facilitates encrypting and decrypting files using a fast hardware implementation of the RC4 method to enable secure access to information resources in a computer network. The network system includes a sender computer coupled via a computer network to a receiver computer. The RC4 algorithm as implemented in hardware and its associated multiport memory (included within both the sender computer and the receiver computer) enables a fast hardware implementation of the respective encryption circuit and decryption circuit. Multi-port memory allows for at either computer site a fast hardware implementation of the RC4 encryption/decryption method where reads and writes are synchronously performed.Type: GrantFiled: November 23, 1998Date of Patent: April 15, 2003Assignee: Compaq Computer CorporationInventor: Donald P. Matthews, Jr.
-
Patent number: 6457125Abstract: Method and apparatus is provided for securely configuring a programmable hardware device from a remote source. The programmable hardware device includes a plurality of programmable logic modules. A host receives configuration information from the remote source, where the configuration information defines a function of the programmable logic modules. The host encrypts the configuration information according to a cryptographic algorithm. The encrypted information is transferred to a special download engine at the programmable hardware device, which decrypts the information according to the same cryptographic algorithm. The programmable logic modules are thus configured by the decrypted configuration information, which has been securely downloaded from the remote source.Type: GrantFiled: December 14, 1998Date of Patent: September 24, 2002Assignee: Compaq Computer CorporationInventors: Donald P. Matthews, Jr., Ralph R. Bestock
-
Patent number: 6321247Abstract: A system and method are provided for performing modulo multiplication of two numbers N bits long with a modulus of 2N+1, where the resulting modulus is determined without a need to perform successive reductions. Without a need to perform successive reductions, a hardware implementation does not require a divider circuit.Type: GrantFiled: December 28, 1998Date of Patent: November 20, 2001Assignee: Compaq Computer CorporationInventors: Donald P. Matthews, Jr., Susan K. Langford
-
Patent number: 6259435Abstract: A keyboard input device includes a processor repeatedly executing a scan routine to detect key press events while masking the events from an external monitoring means. The keyboard input device has a number of finger-activatable keys, each connected at the intersection of row signal lines and column signal lines, which are in turn connected to the processor. The processor systematically activates the rows and randomly activates the columns. A key press event causes the key's associated row and column to create a closed switch. The processor monitors the columns for a signal forced on pairs of rows. Obfuscating signals forced onto the columns inhibit detection of the key press event signals by an external source.Type: GrantFiled: August 25, 1998Date of Patent: July 10, 2001Assignee: Compaq Computer Corp.Inventor: Donald P. Matthews, Jr.