Patents by Inventor Manoj R. Sastry
Manoj R. Sastry has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190260772Abstract: Various systems and methods for bus-off attack detection are described herein. An electronic device for bus-off attack detection and prevention includes bus-off prevention circuitry coupled to a protected node on a bus, the bus-off prevention circuitry to: detect a transmitted message from the protected node to the bus; detect a bit mismatch of the transmitted message on the bus; suspend further transmissions from the protected node while the bus is analyzed; determine whether the bit mismatch represents a bus fault or an active attack against the protected node; and signal the protected node indicating whether a fault has occurred.Type: ApplicationFiled: May 3, 2019Publication date: August 22, 2019Inventors: Marcio Rogerio Juliato, Shabbir Ahmed, Santosh Ghosh, Christopher Gutierrez, Manoj R. Sastry
-
Patent number: 10355891Abstract: Embodiments may include systems and methods for authenticating a message between a transmitter and a receiver. An apparatus for communication may include a transmitter to transmit a message to a receiver via a physical channel coupling the transmitter and the receiver. The message may be transmitted via a plurality of transmission voltage levels varied from a plurality of nominal voltage levels on the physical channel. The transmitter may include a voltage generator to generate the plurality of transmission voltage levels varied in accordance with a sequence of voltage variations from the plurality of nominal voltage levels for the message. The sequence of voltage variations may serve to authenticate the message between the transmitter and the receiver. Other embodiments may be described and/or claimed.Type: GrantFiled: September 29, 2017Date of Patent: July 16, 2019Assignee: Intel CorporationInventors: Marcio Juliato, Li Zhao, Ahmed Shabbir, Manoj R. Sastry, Santosh Ghosh, Rafael Misoczki
-
Patent number: 10348495Abstract: Apparatuses and methods associated with configurable crypto hardware engine are disclosed herein. In embodiments, an apparatus for signing or verifying a message may comprise: a hardware hashing computation block to perform hashing computations; a hardware hash chain computation block to perform successive hash chain computations; a hardware private key generator to generate private keys; and a hardware public key generator to generate public keys, including signature generations and signature verifications. The hardware hashing computation block, the hardware hash chain computation block, the hardware private key generator, and the hardware public key generator may be coupled to each other and selectively cooperate with each other to perform private key generation, public key generation, signature generation or signature verification at different points in time. Other embodiments may be disclosed or claimed.Type: GrantFiled: February 23, 2017Date of Patent: July 9, 2019Assignee: Intel CorporationInventors: Santosh Ghosh, Rafael Misoczki, Manoj R. Sastry, Li Zhao
-
Patent number: 10341116Abstract: An attestation protocol between a prover device (P), a verifier device (V), and a trusted third-party device (TTP). P and TTP have a first trust relationship represented by a first cryptographic representation based on a one-or-few-times, hash-based, signature key. V sends an attestation request to P, with the attestation request including a second cryptographic representation of a second trust relationship between V and TTP. In response to the attestation request, P sends a validation request to TTP, with the validation request being based on a cryptographic association of the first trust relationship and the second trust relationship. TTP provides a validation response including a cryptographic representation of verification of validity of the first trust relationship and the second trust relationship. P sends an attestation response to V based on the validation response.Type: GrantFiled: December 28, 2016Date of Patent: July 2, 2019Assignee: Intel CorporationInventors: Xiruo Liu, Rafael Misoczki, Manoj R Sastry, Santosh Ghosh, Li Zhao
-
Patent number: 10326587Abstract: A cryptography accelerator system includes a direct memory access (DMA) controller circuit to read and write data directly to and from memory circuits and an on-the-fly hashing circuit to hash data read from a first memory circuit on-the-fly before writing the read data to a second memory circuit. The hashing circuit performs at least one of integrity protection and firmware/software (FW/SW) verification of the data prior to writing the data to the second memory circuit. The on-the-fly hashing circuit includes a bit repositioning circuit to designate an order of bits of a binary word in a register from a most significant bit (MSB) to a least significant bit (LSB) for performing computations without rotating bits in the register, and an on-the-fly round constant generator circuit to generate a round constant from a counter.Type: GrantFiled: December 28, 2016Date of Patent: June 18, 2019Assignee: Intel CorporationInventors: Santosh Ghosh, Li Zhao, Rafael Misoczki, Manoj R Sastry
-
Patent number: 10313130Abstract: One embodiment provides a signer device. The signer device includes hash signature control logic and signer signature logic. The hash signature control logic is to retrieve a first nonce, to concatenate the first nonce and a message to be transmitted and to determine whether a first message representative satisfies a target threshold. The signer signature logic is to generate a first transmitted signature based, at least in part, on the first message representative, if the first message representative satisfies the target threshold. The hash signature control logic is to retrieve a second nonce, concatenate the second nonce and the message to be transmitted and to determine whether a second message representative satisfies the target threshold, if the first message representative does not satisfy the target threshold.Type: GrantFiled: September 27, 2016Date of Patent: June 4, 2019Assignee: Intel CorporationInventors: Rafael Misoczki, Steffen Schulz, Manoj R. Sastry, Santosh Ghosh, Li Zhao
-
Publication number: 20190108109Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults.Type: ApplicationFiled: November 26, 2018Publication date: April 11, 2019Inventors: Santosh Ghosh, Marcio Juliato, Manoj R. Sastry
-
Publication number: 20190104001Abstract: Embodiments may include systems and methods for authenticating a message between a transmitter and a receiver. An apparatus for communication may include a transmitter to transmit a message to a receiver via a physical channel coupling the transmitter and the receiver. The message may be transmitted via a plurality of transmission voltage levels varied from a plurality of nominal voltage levels on the physical channel. The transmitter may include a voltage generator to generate the plurality of transmission voltage levels varied in accordance with a sequence of voltage variations from the plurality of nominal voltage levels for the message. The sequence of voltage variations may serve to authenticate the message between the transmitter and the receiver. Other embodiments may be described and/or claimed.Type: ApplicationFiled: September 29, 2017Publication date: April 4, 2019Inventors: Marcio Juliato, Li Zhao, Ahmed Shabbir, Manoj R. Sastry, Santosh Ghosh, Rafael Misoczki
-
Publication number: 20190052654Abstract: A data processing system that provides for active prevention of masquerading attacks comprises a microcontroller, a transceiver, and an active attack prevention module (AAPM) in communication with the microcontroller and the transceiver. The microcontroller enables the data processing system to operate as a node in a vehicle control system (VCS). The transceiver enables the node to communicate with a local area network (LAN) of the VCS. The AAPM enables the node to monitor the LAN for messages. In response to detecting a message on the LAN, the AAPM automatically determines whether the message falsely identifies the node as a source, based on a value in an identifier field in the message. In response to determining that the message falsely identifies the node as the source, the AAPM automatically takes at least one remedial action to neutralize the message. Other embodiments are described and claimed.Type: ApplicationFiled: July 3, 2018Publication date: February 14, 2019Inventors: Marcio Juliato, Shabbir Ahmed, Santosh Ghosh, Manoj R. Sastry
-
Publication number: 20190044718Abstract: In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.Type: ApplicationFiled: May 17, 2018Publication date: February 7, 2019Inventors: Santosh Ghosh, Andrew H. Reinders, Sudhir K. Satpathy, Manoj R. Sastry
-
Publication number: 20190039612Abstract: In an automated method for providing driving assistance, an electronic control unit (ECU) of a first driving assistance system of a first vehicle receives local object information from at least one sensing component of the first driving assistance system. The first driving assistance system automatically detects external objects outside of the first vehicle, based on the local object information received from the at least one sensing component. The first driving assistance system also receives a reported object list (ROL) from a second vehicle, wherein the ROL describes objects detected by a second driving assistance system in the second vehicle. The first driving assistance system also affects operation of the first vehicle, based on (a) the external objects detected by the first vehicle and (b) the ROL from the second vehicle. Other embodiments are described and claimed.Type: ApplicationFiled: September 28, 2018Publication date: February 7, 2019Inventors: Liuyang Lily Yang, Manoj R. Sastry, Xiruo Liu, Moreno Ambrosin, Shabbir Ahmed, Marcio Juliato, Christopher N. Gutierrez
-
Publication number: 20190044912Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; a network interface to communicatively couple to a bus lacking native support for authentication; and an anomaly detection engine to operate on the hardware platform and configured to: receive a first data stream across a first time; symbolize and approximate the first data stream, including computing a first window sum; receive a second data stream across a second time substantially equal in length to the first time, the second data stream including data across the plurality of dimensions from the first data stream; symbolize and approximate the second data stream, including computing a second window sum; compute a difference between the first window sum and the second window sum; determine that difference exceeds a threshold and that the correlation across the plurality of dimensions is broken; and flag a potential anomaly.Type: ApplicationFiled: March 30, 2018Publication date: February 7, 2019Applicant: Intel CorporationInventors: Liuyang Lily Yang, Huaxin Li, Li Zhao, Marcio Juliato, Shabbir Ahmed, Manoj R. Sastry
-
Publication number: 20190044728Abstract: Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.Type: ApplicationFiled: December 20, 2017Publication date: February 7, 2019Inventors: Mohammed Karmoose, Rafael Misoczki, Liuyang Yang, Xiruo Liu, Moreno Ambrosin, Manoj R. Sastry
-
Publication number: 20190044738Abstract: Disclosed herein are mobile device distribution methods and apparatuses. In embodiments, a system for managing cryptographic exchanges between devices capable of operating in accord with the Wireless Access Vehicular Environment (WAVE) functionality may comprise a device operable in at least a first environment in which the device is configured to: receive a first message with an associated first certificate chain; and add a second certificate chain associated with the device to a second message. The device may further determine if the first certificate chain includes an unknown certificate, and if so, set a flag associated with the second message; as well as determine if all certificates in the first certificate chain are known, and if so, check if message has the set flag, and if the flag is set, then unset the flag; and send the second message. Other embodiments may be disclosed and claimed.Type: ApplicationFiled: May 4, 2018Publication date: February 7, 2019Inventors: Xiruo Liu, Liuyang Yang, Manoj R. Sastry, Moreno Ambrosin
-
Publication number: 20190007219Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Inventors: Santosh Ghosh, Manoj R. Sastry
-
Publication number: 20180337780Abstract: Embodiments of a system for, and method for using, an elliptic curve cryptography integrated circuit are generally described herein. An elliptic curve cryptography (ECC) operation request may be received. One of a plurality of circuit portions may be instructed to perform the ECC operation. The plurality of circuit portions that may be used include a finite field arithmetic circuit portion, an EC point addition and doubler circuit portion, a finite field exponentiation circuit portion, and a point multiplier circuit portion. The result of the ECC operation may then be output.Type: ApplicationFiled: April 13, 2018Publication date: November 22, 2018Inventors: Santosh Ghosh, Manoj R. Sastry
-
Patent number: 10124764Abstract: Various systems and methods for intrusion detection are described herein. An electronic device for intrusion detection includes memory circuitry to store a set of signature voltage ratios and a corresponding set of node identifiers, each node identifier corresponding to a unique signature voltage ratio; and security circuitry to: compare voltages received at a first and second measuring point on a bus, the voltages resulting from a message transmitted by a sending node on the bus, the first measuring point providing a first voltage and the second measuring point providing a second voltage; calculate a test voltage ratio from the first voltage and the second voltage; determine whether the test voltage ratio is in the set of signature voltage ratios; and initiate a security response based on whether the test voltage ratio is in the set of signature voltage ratios.Type: GrantFiled: September 29, 2017Date of Patent: November 13, 2018Assignee: Intel CorporationInventors: Shabbir Ahmed, Marcio Rogerio Juliato, Li Zhao, Manoj R. Sastry
-
Publication number: 20180316508Abstract: In a method for validating software updates, a data processing system contains a current version of a software component. The data processing system saves at least first and second current advance keys (AKs). After saving the current AKs, the data processing system receives an update package for a new version of the software component. The data processing system extracts a digital signature and two or more new AKs from the update package. The data processing system uses at least one current AK to determine whether the digital signature is valid. In response to a determination that the digital signature is valid, the data processing system uses a software image from the update package to update the software component, and the data processing system saves the new AKs, for subsequent utilization as the current AKs.Type: ApplicationFiled: July 3, 2018Publication date: November 1, 2018Inventors: Steffen Schulz, Rafael Misoczki, Manoj R. Sastry, Jesse Walker
-
Publication number: 20180241554Abstract: Apparatuses and methods associated with configurable crypto hardware engine are disclosed herein. In embodiments, an apparatus for signing or verifying a message may comprise: a hardware hashing computation block to perform hashing computations; a hardware hash chain computation block to perform successive hash chain computations; a hardware private key generator to generate private keys; and a hardware public key generator to generate public keys, including signature generations and signature verifications. The hardware hashing computation block, the hardware hash chain computation block, the hardware private key generator, and the hardware public key generator may be coupled to each other and selectively cooperate with each other to perform private key generation, public key generation, signature generation or signature verification at different points in time. Other embodiments may be disclosed or claimed.Type: ApplicationFiled: February 23, 2017Publication date: August 23, 2018Inventors: Santosh Ghosh, Rafael Misoczki, Manoj R. Sastry, Li Zhao
-
Publication number: 20180227115Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads a datapath selector signal that indicates a 256-bit data width or a 384-bit data width. The ECC engine reads one or more parameters having a data width indicated by the datapath selector signal from a data port. The ECC engine reads an opcode from an instruction port that identifies an ECC operation such as an elliptic curve operation or a prime field arithmetic operation. The ECC engine performs the operation with the data width identified by the datapath selector. The ECC engine writes results data having the data width identified by the datapath selector to one or more output ports. The ECC engine may perform the elliptic curve operation with a specified side-channel protection level. The computing device may include a cryptography driver to control the ECC engine. Other embodiments are described and claimed.Type: ApplicationFiled: February 9, 2017Publication date: August 9, 2018Inventors: Santosh Ghosh, Manoj R. Sastry