Abstract: A semiconductor device includes a substrate having a first region and a second region separated from the first region by distance to define a space therebetween. A first semiconductor device including a gate dielectric is on the first region. The first semiconductor device can implement a FinFet-based input/output (I/O) device in the first region. A second semiconductor device excluding a gate dielectric is on the second region. The second semiconductor device can implement a nanosheet-based logic device in the second region.

Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.

Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.

Abstract: Dump truck bodies are mounted to truck frames by a hinge so the truck body can pivot about the hinge to eject a load from the truck body. Loads carried by these vehicles can be extreme and the cyclical stress can generate cracks in the hinges. An upper pivoting connection of a dump truck hinge has side members each with a mounting portion that join to the sides of rails of the body and a lower pivot portion. The upper hinge structure is pinned to a lower hinge portion on the truck chassis at the pivot portion. Bracing between the sides add strength to the pivoting connection.

Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.

Abstract: One embodiment of the present invention includes a boot read only memory (ROM) with an embedded, private key provision key (KPK) set that enables secure provisioning of chips. As part of taping-out a chip, the chip provider establishes the KPK set and provides the boot ROM exclusive access to the KPK. For each Original Equipment Manufacturer (OEM), the chip provider assigns and discloses an OEM-specific KPK that is included in the KPK set at a particular KPK index. Upon receiving a secured provisioning image and the associated KPK index, the boot ROM accesses the KPK set to reconstruct the KPK and then decrypts and executes the secured provisioning image. Advantageously, this enables the manufacturing factory to provision the chip without the security risks attributable to conventional provisioning approaches that require disclosing security keys to the manufacturing factory.

Abstract: A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.

Abstract: A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.

Abstract: A LED lighting apparatus for growing plants includes a remote controlling device for sending wireless signals; and at least one lighting device each including a receiver and transmitter for receiving the wireless signals sent from the remote controlling device, a first power source electrically connected to the receiver and transmitter and being capable of supplying electricity to four downstream first LED groups connected in series, and a second power source electrically connected to the first power source via the first LED groups and being capable of supplying electricity to four downstream second LED groups connected in series.

Abstract: A semiconductor chip may be operable to receive and copy an OTP programming vector presented by the semiconductor chip programming device into its memory after it boots up from the boot read-only memory (ROM). The OTP programming vector which is a computer program may comprise an encrypted data to be programmed into the one-time programmable (OTP) memory in the semiconductor chip and may be signed with an electronic signature. The semiconductor chip may be operable to authenticate the OTP programming vector in the memory. The authenticated OTP programming vector in the memory may be executed to decrypt the data and program the data in a random data format into the OTP memory and then report the status via one or more general purpose input/output (GPIO) pins on the semiconductor chip.

Abstract: A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.

Abstract: Aspects of a method and system for hardware enforced virtualization in an integrated circuit are provided. In this regard, a mode of operation of an integrated circuit may be controlled such that the integrated circuit alternates between a secure mode of operation and an open mode of operation. Various resources of the integrated circuit may be designated as open or secure, and secure resources may be made inaccessible while the integrated circuit operates in the open mode. Access to the secure resources may be controlled based on a configuration of one or more registers and/or switching elements. Resources designated as secure may comprise, for example, a one-time-programmable memory. The integrated circuit may comprise ROM and/or one-time-programmable memory that stores one or more instructions, wherein execution of the one or more instructions may control transitions between the secure mode and the open mode.

Abstract: An integrated circuit is disclosed that can be included in a host electronic device that can be commonly manufactured, where the integrated circuit can be designated (“locked”) for a specific manufacturer, thereby substantially reducing the likelihood that a third party will be able to successfully clone a host electronic device manufactured by the specific manufacturer and/or swap the chip containing the integrated circuit for one having more enabled features. The integrated circuit includes an ID module that can be programmed after fabrication. Components within the integrated circuit designate manufacturer-specific configurations (e.g., address mapping, pin routing and/or vital function releasing) based on the programmed manufacturer ID. As a result, once the integrated circuit has been programmed with the manufacturer ID, the integrated circuit will function correctly only within a host device manufactured by the manufacturer associated with the programmed manufacturer ID.

Abstract: A semiconductor chip may be operable to block the debug interfaces when the semiconductor chip boots up from the boot read-only memory (ROM). The semiconductor chip may be operable to authenticate a debug certificate received by the semiconductor chip and enable one or more debug interfaces in the semiconductor chip based on the information resulting from the authentication of the debug certificate. The debug certificate may be in a form of a cryptographic public key certificate. A unique device ID which may be generated at boot and stored in the memory may be used by the semiconductor chip to authenticate the debug certificate. The device ID may be generated using the cryptographic public key that is stored in the one-time programmable (OTP) memory in the semiconductor chip and a cryptographic hash algorithm.

Abstract: An integrated circuit is disclosed that can be included in a host electronic device that can be commonly manufactured, where the integrated circuit can be designated (“locked”) for a specific manufacturer, thereby substantially reducing the likelihood that a third party will be able to successfully clone a host electronic device manufactured by the specific manufacturer and/or swap the chip containing the integrated circuit for one having more enabled features. The integrated circuit includes an ID module that can be programmed after fabrication. Components within the integrated circuit designate manufacturer-specific configurations (e.g., address mapping, pin routing and/or vital function releasing) based on the programmed manufacturer ID. As a result, once the integrated circuit has been programmed with the manufacturer ID, the integrated circuit will function correctly only within a host device manufactured by the manufacturer associated with the programmed manufacturer ID.

Abstract: A network device includes a web server chip that is connectable to a computer network. The web server chip includes an embedded processor that is programmable to function as a manageability web server, obtain manageability information about the network device and send the manageability to a network manager. The web server chip further includes an interface for communicating with an I2C bus in the network device. The embedded processor is programmable to obtain manageability information about devices connected to the I2C bus. The embedded processor is also programmable to control fan controllers, power supply controllers and other controllers connected to the I2C bus. This, in turn, allows a network manager to command the web server chip to remotely power up and power down the network device. Thus, the web server chip can perform network management functions without burdening the host processor of the network device.

Abstract: A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.

Abstract: A technique to provide an integrated circuit that performs memory partitioning to partition a memory into a plurality of regions, in which the memory is accessed by a plurality of heterogeneous processing devices that operate to access the memory. The integrated circuit also assigns a security level for each region of the memory and permits a memory access by a transaction to a particular region of the memory, only when a level of security assigned to the transaction meets or exceeds the assigned security level for the particular region. The integrated circuit also performs sandboxing by assigning which of the plurality of processing devices are permitted access to each of the plurality of regions. The integrated circuit may implement only the security level function or only the sandboxing function, or the integrated circuit may implement them both. In some instances, a scrambling/descrambling function is included to scramble/descramble data.

Abstract: A semiconductor chip may be operable to block the debug interfaces when the semiconductor chip boots up from the boot read-only memory (ROM). The semiconductor chip may be operable to authenticate a debug certificate received by the semiconductor chip and enable one or more debug interfaces in the semiconductor chip based on the information resulting from the authentication of the debug certificate. The debug certificate may be in a form of a cryptographic public key certificate. A unique device ID which may be generated at boot and stored in the memory may be used by the semiconductor chip to authenticate the debug certificate. The device ID may be generated using the cryptographic public key that is stored in the one-time programmable (OTP) memory in the semiconductor chip and a cryptographic hash algorithm.

Abstract: Aspects of a method and system for hardware enforced virtualization in an integrated circuit are provided. In this regard, a mode of operation of an integrated circuit may be controlled such that the integrated circuit alternates between a secure mode of operation and an open mode of operation. Various resources of the integrated circuit may be designated as open or secure, and secure resources may be made inaccessible while the integrated circuit operates in the open mode. Access to the secure resources may be controlled based on a configuration of one or more registers and/or switching elements. Resources designated as secure may comprise, for example, a one-time-programmable memory. The integrated circuit may comprise ROM and/or one-time-programmable memory that stores one or more instructions, wherein execution of the one or more instructions may control transitions between the secure mode and the open mode.