Patents by Inventor Ziv Hershman

Ziv Hershman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190278951
    Abstract: An apparatus includes an electronic circuit, a keypad and an active-shield layer. The keypad includes one or more keys for entering data to the electronic circuit by a user. The active-shield layer is placed between the electronic circuit and the keypad, and includes one or more electrical conductors laid in a pattern that shields at least a portion of the electronic circuit. In a specified region, the one or more electrical conductors of the active-shield layer are shaped to form contacts for sensing the one or more keys.
    Type: Application
    Filed: March 12, 2018
    Publication date: September 12, 2019
    Inventor: Ziv Hershman
  • Publication number: 20190236281
    Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves a host device and a non-volatile memory (NVM) device. The processor is connected to the bus in addition to the host device and the NVM device. The processor is configured to detect on the bus a boot process, in which the host device retrieves boot code from the NVM device, and to ascertain a security of the boot process, based on an authentic copy of at least part of the boot code of the host device.
    Type: Application
    Filed: April 7, 2019
    Publication date: August 1, 2019
    Inventors: Ziv Hershman, Dan Morav, Ilan Margalit, Nimrod Peled, Moshe Alon
  • Publication number: 20190236276
    Abstract: A secured device includes an interface and a processor. The interface is configured to connect to a bus, to which a host and a second device are coupled. At least the second device operates over the bus in a slave mode, and the host operates on the bus as a bus master that initiates transactions on the bus, at least on behalf of the secured device. The processor is configured to request the host to initiate, for the secured device, a transaction that accesses the second device over the bus, to monitor one or more signals on the bus, at least within a period during which the host accesses the second device over the bus in performing the requested transaction, and to identify, based on the monitored signals, whether a security violation occurred in performing the requested transaction.
    Type: Application
    Filed: April 7, 2019
    Publication date: August 1, 2019
    Inventors: Ziv Hershman, Dan Morav
  • Publication number: 20190179774
    Abstract: An apparatus includes a memory, an interface and read restriction logic. The read restriction logic is configured to receive via the interface a request to read a data value from a specified address of the memory, to retrieve the data value from the specified address, to check, upon finding that the specified address falls in an address range that is predefined as restricted, whether the retrieved data value belongs to a predefined set of permitted data values, to respond to the request with the retrieved data value when the retrieved data value belongs to the set of permitted data values, and, otherwise, when the retrieved data value does not belong to the set of permitted data values, to respond to the request with a dummy data value.
    Type: Application
    Filed: December 7, 2017
    Publication date: June 13, 2019
    Inventors: Ziv Hershman, Dan Morav
  • Patent number: 10318438
    Abstract: An apparatus includes a memory, an interface and read restriction logic. The read restriction logic is configured to receive via the interface a request to read a data value from a specified address of the memory, to retrieve the data value from the specified address, to check, upon finding that the specified address falls in an address range that is predefined as restricted, whether the retrieved data value belongs to a predefined set of permitted data values, to respond to the request with the retrieved data value when the retrieved data value belongs to the set of permitted data values, and, otherwise, when the retrieved data value does not belong to the set of permitted data values, to respond to the request with a dummy data value.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: June 11, 2019
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Dan Morav
  • Patent number: 10303880
    Abstract: A method in a security device that provides a security service to a host includes receiving a security command from an application program running on the host. The security command is executed by accessing a Non-Volatile Memory (NVM) device external to the security device transparently to the application program via a dedicated device driver, which runs on the host and mediates between the NVM device and the security device.
    Type: Grant
    Filed: May 17, 2015
    Date of Patent: May 28, 2019
    Assignee: Nuvoton Technology Corporation
    Inventors: Ziv Hershman, Dan Morav
  • Patent number: 10296738
    Abstract: An apparatus includes a Non-Volatile Memory (NVM) and a controller. The controller is configured to store in the NVM a state array, which includes multiple words. In each word, one or more bits are designated as lock-bits. The controller is further configured to set an operational state for the apparatus based on the lock-bits of the state array, by (i) deciding whether each word in the state array is locked or unlocked by comparing the lock-bits of that word to respective expected lock values, (ii) if all the words in the state array are found locked, setting the apparatus to a locked state, (iii) if all the words in the state array are found unlocked, setting the apparatus to an unlocked state, and (iv) if one or more of the words are found locked and one or more other words are found unlocked, setting the apparatus to an error state.
    Type: Grant
    Filed: May 3, 2017
    Date of Patent: May 21, 2019
    Assignee: Nuvoton Technology Corporation
    Inventors: Ziv Hershman, Yossi Talmi, Dan Morav
  • Publication number: 20180322278
    Abstract: An apparatus includes a Non-Volatile Memory (NVM) and a controller. The controller is configured to store in the NVM a state array, which includes multiple words. In each word, one or more bits are designated as lock-bits. The controller is further configured to set an operational state for the apparatus based on the lock-bits of the state array, by (i) deciding whether each word in the state array is locked or unlocked by comparing the lock-bits of that word to respective expected lock values, (ii) if all the words in the state array are found locked, setting the apparatus to a locked state, (iii) if all the words in the state array are found unlocked, setting the apparatus to an unlocked state, and (iv) if one or more of the words are found locked and one or more other words are found unlocked, setting the apparatus to an error state.
    Type: Application
    Filed: May 3, 2017
    Publication date: November 8, 2018
    Inventors: Ziv Hershman, Yossi Talmi, Dan Morav
  • Patent number: 10095891
    Abstract: An apparatus includes an interface and a processor. The interface is configured for communicating over a bus. The processor is configured to disrupt on the bus a transaction in which a bus-master device attempts to access a peripheral device without authorization, by forcing one or more dummy values on at least one line of the bus in parallel to at least a part of the transaction.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: October 9, 2018
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Oren Tanami, Dan Morav
  • Publication number: 20180239727
    Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves one or more peripheral devices. The bus includes (i) one or more dedicated signals that are each dedicated to a respective one of the peripheral devices, and (ii) one or more shared signals that are shared among the peripheral devices served by the bus. The processor is connected to the bus as an additional device in addition to the peripheral devices, and is configured to disrupt on the bus a transaction in which a bus-master device attempts to access a given peripheral device, by disrupting a dedicated signal associated with the given peripheral device.
    Type: Application
    Filed: April 18, 2018
    Publication date: August 23, 2018
    Inventors: Ziv Hershman, Moshe Alon, Dan Morav, Oren Tanami
  • Patent number: 10025669
    Abstract: A method for data storage includes storing data in a set of memory blocks of a non-volatile memory. Each memory block, which holds a respective portion of the data, is classified as valid or invalid depending on whether the memory block holds a most updated version of the portion, and as anchor or non-anchor depending on whether the portion belongs to a coherent snapshot of the data. Upon recovering from a power interruption, the coherent snapshot of the data is reconstructed from the memory blocks, based on classification of the memory blocks as valid or invalid and as anchor or non-anchor.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: July 17, 2018
    Assignee: Nuvoton Technology Corporation
    Inventors: Boaz Tabachnik, Ziv Hershman, Yael Kanter
  • Patent number: 10013581
    Abstract: An apparatus for detecting fault injection includes functional circuitry and fault detection circuitry. The functional circuitry is configured to receive one or more functional input signals and to process the functional input signals so as to produce one or more functional output signals. The functional circuitry meets a stability condition that specifies that stability of a designated set of one or more of the functional input signals during a first time interval guarantees stability of a designated set of one or more of the functional output signals during a second time interval that is derived from the first time interval. The fault detection circuitry is configured to monitor the designated functional input and output signals, to evaluate the stability condition based on the monitored functional input and output signals, and to detect a fault injection attempt in response to detecting a deviation from the stability condition.
    Type: Grant
    Filed: October 7, 2014
    Date of Patent: July 3, 2018
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventor: Ziv Hershman
  • Publication number: 20170364282
    Abstract: A system for improving utilization of a nonvolatile flash memory device which has pages whose guaranteed per-cycle erase time and guaranteed number of cycles are known, the system comprising erase time determination functionality for individual pages; de-facto total erase-time accumulation functionality incrementing, for each erase cycle to which an individual page is subjected, by the individual page's de facto erase time per cycle as provided by the erase time measurement functionality; and flash memory page usage monitoring functionality operative to control usage of pages in flash memory including selecting at least one individual flash memory page depending on a comparison between the individual flash memory page's de facto total erase time and a guaranteed erase time computed as a product of the guaranteed per-cycle erase time and of the guaranteed number of cycles.
    Type: Application
    Filed: June 16, 2016
    Publication date: December 21, 2017
    Applicant: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ilan MARGALIT, Ziv HERSHMAN, Dan MORAV, Einat LUKO, Oren TANAMI, Yossef TALMI
  • Patent number: 9819657
    Abstract: An apparatus includes an interface and logic circuitry. The interface is configured to communicate over a communication link. The logic circuitry is configured to convert between a first stream of plaintext bits and a second stream of ciphered bits that are exchanged over the communication link, by applying a cascade of a stream ciphering operation and a mixing operation that cryptographically maps input bits to output bits.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: November 14, 2017
    Assignee: WINBOND ELECTRONICS CORPORATION
    Inventors: Nir Tasher, Moshe Alon, Valery Teper, Ziv Hershman, Uri Kaluzhny
  • Patent number: 9703945
    Abstract: A computing device includes an input bridge, an output bridge, a processing core, and authentication logic. The input bridge is coupled to receive a sequence of data items for use by the device in execution of a program. The processing core is coupled to receive the data items from the input bridge and execute the program so as to cause the output bridge to output a signal in response to a given data item in the sequence, and the authentication logic is coupled to receive and authenticate the data items while the processing core executes the program, and to inhibit output of the signal by the output bridge until the given data item has been authenticated.
    Type: Grant
    Filed: August 13, 2013
    Date of Patent: July 11, 2017
    Assignee: WINBOND ELECTRONICS CORPORATION
    Inventors: Ziv Hershman, Valery Teper, Moshe Alon
  • Patent number: 9523736
    Abstract: An apparatus for detecting fault injection includes a high-fanout network, which spans an Integrated Circuit (IC), and circuitry. In some embodiments, the high-fanout network is continuously inactive during functional operation of the IC, and the circuitry is configured to sense signal levels at multiple sampling points in the high-fanout network, and to identify a fault injection attempt by detecting, based on the sensed signal levels, a signal abnormality in the high-fanout network. In some embodiments, the circuitry is configured to sense signal levels at multiple sampling points in the high-fanout network, to distinguish, based on the sensed signal levels, between legitimate signal variations and signal abnormalities in the high-fanout network during functional operation of the IC, and to identify a fault injection attempt by detecting a signal abnormality.
    Type: Grant
    Filed: June 19, 2014
    Date of Patent: December 20, 2016
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Leonid Shamis, Natan Keren
  • Publication number: 20160357991
    Abstract: An apparatus includes an interface and a processor. The interface is configured for communicating over a bus. The processor is configured to disrupt on the bus a transaction in which a bus-master device attempts to access a peripheral device without authorization, by forcing one or more dummy values on at least one line of the bus in parallel to at least a part of the transaction.
    Type: Application
    Filed: March 21, 2016
    Publication date: December 8, 2016
    Inventors: Ziv Hershman, Oren Tanami, Dan Morav
  • Publication number: 20160294792
    Abstract: An apparatus includes an interface and logic circuitry. The interface is configured to communicate over a communication link. The logic circuitry is configured to convert between a first stream of plaintext bits and a second stream of ciphered bits that are exchanged over the communication link, by applying a cascade of a stream ciphering operation and a mixing operation that cryptographically maps input bits to output bits.
    Type: Application
    Filed: June 14, 2016
    Publication date: October 6, 2016
    Inventors: Nir Tasher, Moshe Alon, Valery Teper, Ziv Hershman, Uri Kaluzhny
  • Patent number: 9455962
    Abstract: An apparatus includes an interface and logic circuitry. The interface is configured to communicate over a communication link. The logic circuitry is configured to convert between a first stream of plaintext bits and a second stream of ciphered bits that are exchanged over the communication link, by applying a cascade of a stream ciphering operation and a mixing operation that cryptographically maps input bits to output bits.
    Type: Grant
    Filed: June 11, 2014
    Date of Patent: September 27, 2016
    Assignee: WINBOND ELECTRONICS CORPORATION
    Inventors: Nir Tasher, Moshe Alon, Valery Teper, Ziv Hershman, Uri Kaluzhny
  • Publication number: 20160231940
    Abstract: A method for data storage includes storing data in a set of memory blocks of a non-volatile memory. Each memory block, which holds a respective portion of the data, is classified as valid or invalid depending on whether the memory block holds a most updated version of the portion, and as anchor or non-anchor depending on whether the portion belongs to a coherent snapshot of the data. Upon recovering from a power interruption, the coherent snapshot of the data is reconstructed from the memory blocks, based on classification of the memory blocks as valid or invalid and as anchor or non-anchor.
    Type: Application
    Filed: December 21, 2015
    Publication date: August 11, 2016
    Inventors: Boaz Tabachnik, Ziv Hershman