Patent application number | Description | Published |
20100169650 | STORAGE MINIMIZATION TECHNIQUE FOR DIRECT ANONYMOUS ATTESTATION KEYS - A storage minimization technique for direct anonymous attestation (DAA) keys is presented. In one embodiment, the method includes deriving a random portion of a (DAA) private key from a device's fuse key, computing a point on an elliptical curve from the derived random portion and a master private key, and storing only one coordinate of the point in fuses within the device. Other embodiments are described and claimed. | 07-01-2010 |
20120023334 | METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA). | 01-26-2012 |
20120137137 | METHOD AND APPARATUS FOR KEY PROVISIONING OF HARDWARE DEVICES - Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform. | 05-31-2012 |
20140089659 | Method and apparatus for key provisioning of hardware devices - Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform. | 03-27-2014 |
Patent application number | Description | Published |
20080270786 | APPARATUS AND METHOD FOR DIRECT ANONYMOUS ATTESTATION FROM BILINEAR MAPS - A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed. | 10-30-2008 |
20080270790 | APPARATUS AND METHOD FOR ENHANCED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for enhanced revocation of direct proof and direct anonymous attestation are described. In one embodiment a trusted hardware device verifies that membership of the device within a trusted membership group is not revoked according to a revocation list received with a challenge request from a verifier. Once such verification is performed, the device convinces the verifier of possessing cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. In one embodiment, the trusted hardware device computes a digital signature on a message received with the challenge request to the verifier if membership of the anonymous hardware device within a trusted membership group is verified. In one embodiment, the verifier authenticates the digital signature according to a public key of the trusted membership group to enable a trusted member device to remain anonymous to the verifier. Other embodiments are described and claimed. | 10-30-2008 |
20080307223 | APPARATUS AND METHOD FOR ISSUER BASED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for issuer based revocation of direct proof and direct anonymous attestation are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of revocation request to the trusted hardware device, including a base value B | 12-11-2008 |
20090323941 | SOFTWARE COPY PROTECTION VIA PROTECTED EXECUTION OF APPLICATIONS - Methods and apparatus to provide a tamper-resistant environment for software are described. In some embodiments, procedures for verifying whether a software container is utilizing protected memory and is associated with a specific platform are described. Other embodiments are also described. | 12-31-2009 |
Patent application number | Description | Published |
20090172639 | FIRMWARE INTEGRITY VERIFICATION - In some embodiments, the integrity of firmware stored in a non-volatile memory is verified prior to initiation of a firmware reset vector. Other embodiments are described and claimed. | 07-02-2009 |
20100299479 | OBSCURING MEMORY ACCESS PATTERNS - For each memory location in a set of memory locations associated with a thread, setting an indication associated with the memory location to request a signal if data from the memory location is evicted from a cache; and in response to the signal, reloading the set of memory locations into the cache. | 11-25-2010 |
20110307704 | Replacing Blinded Authentication Authority - A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority. | 12-15-2011 |
20130103938 | Reconfiguring A Secure System - Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock. | 04-25-2013 |
Patent application number | Description | Published |
20100082973 | Direct anonymous attestation scheme with outsourcing capability - A Direct Anonymous Attestation (DAA) scheme using elliptic curve cryptography (ECC) and bilinear maps. A trusted platform module (TPM) may maintain privacy of a portion of a private membership key from an issuer while joining a group. Moreover, the TPM can outsource most of the computation involved in generating a signature to a host computer. | 04-01-2010 |
20100332574 | Digital random number generator - A hardware-based digital random number generator is provided. The digital random number generator is a randomly behaving random number generator based on a set of nondeterministic behaviors. The nondeterministic behaviors include temporal asynchrony between subunits, entropy source “extra” bits, entropy measurement, autonomous deterministic random bit generator reseeding and consumption from a shared resource. | 12-30-2010 |
20110161672 | Provisioning, upgrading, and/or changing of hardware - In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed. | 06-30-2011 |
20120159155 | Direct Anonymous Attestation Scheme with Outsourcing Capability - A Direct Anonymous Attestation (DAA) scheme using elliptic curve cryptography (ECC) and bilinear maps. A trusted platform module (TPM) may maintain privacy of a portion of a private membership key from an issuer while joining a group. Moreover, the TPM can outsource most of the computation involved in generating a signature to a host computer. | 06-21-2012 |
20130159726 | METHOD AND APPARATUS TO PROVIDE SECURE APPLICATION EXECUTION - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed. | 06-20-2013 |
20130198853 | METHOD AND APPARATUS TO PROVIDE SECURE APPLICATION EXECUTION - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed. | 08-01-2013 |
20140201540 | SECURE KEY STORAGE USING PHYSICALLY UNCLONABLE FUNCTIONS - Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor. | 07-17-2014 |
20140205090 | METHOD AND SYSTEM FOR SECURELY COMPUTING A BASE POINT IN DIRECT ANONYMOUS ATTESTATION - A method and system computes a basepoint for use in a signing operation of a direct anonymous attestation scheme. The method and system includes computing a basepoint at a host computing device and verifying the base point at a trusted platform module (TPM) device. | 07-24-2014 |
20140270177 | HARDENING INTER-DEVICE SECURE COMMUNICATION USING PHYSICALLY UNCLONABLE FUNCTIONS - Embodiments of an invention for hardened inter-device secure communication using physically unclonable functions are disclosed. In one embodiment, an apparatus includes a first storage location, a second storage location, a physically unclonable function (PUF) circuit, a PUF key generator, and an encryption unit. The first storage location is to store an embedded key. The second storage location is to store a fuse key. The PUF circuit is to provide a PUF value. The PUF key generator is to generate a PUF key based on the PUF value. The encryption unit is to receive from a key server a global key encrypted using the embedded key, decrypt the global key using the embedded key, encrypt the global key using the PUF key, and store the global key encrypted using the PUF key in the second storage location. | 09-18-2014 |
Patent application number | Description | Published |
20090041232 | ESTABLISHING TRUST WITHOUT REVEALING IDENTITY - A method, system, and apparatus are provided for establishing trust without revealing identity. According to one embodiment, values in a first proof corresponding to a first statement are precomputed, a request for a second proof is received from a challenger, and the first and second proofs are completed. | 02-12-2009 |
20090089564 | Protecting a Branch Instruction from Side Channel Vulnerabilities - Embodiments of an invention to protection a branch instruction from side channel vulnerabilities are described. In one embodiment, a method includes receiving a request to modify the operation of a processor to protect against side channel attacks, and modifying branch prediction operation in response to the request. | 04-02-2009 |
20090129600 | APPARATUS AND METHOD FOR A DIRECT ANONYMOUS ATTESTATION SCHEME FROM SHORT-GROUP SIGNATURES - An apparatus and method is provided for a direct anonymous attestation scheme from short-group signatures. The method may include the creation of a group public/private key pair for a trusted membership group defined by an issuer; and assigning a cryptographic pair that is combined with a unique private member value to form a private membership key. A trusted member device generates the unique private member value during a join procedure of a trusted membership group. In one embodiment, the private member value of the private membership key is unknown to the issuer. A member may sign a message with the private membership key to form a short-group digital signature that is verified using a public key of the trusted membership group to maintain anonymity of trusted member devices. A size of the private membership key may be reduced to enable storage within a trusted platform module. Other embodiments are described and claimed. | 05-21-2009 |
20100150351 | Method of Delivering Direct Proof Private Keys to Devices Using an On-Line Service - Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system. | 06-17-2010 |
20100254532 | METHOD OF OBSCURING CRYPTOGRAPHIC COMPUTATIONS - Obscuring cryptographic computations may be accomplished by performing modular exponentiation of an exponent in a cryptographic computation such that memory accesses are independent of the exponent bit pattern, thereby deterring timing attacks. | 10-07-2010 |
20120106736 | METHODS AND APPARATUS FOR MIXING ENCRYPTED DATA WITH UNENCRYPTED DATA - Methods and apparatus for mixing encrypted data with unencrypted data are disclosed. A disclosed system receives data from a first media source, such as DVD-Audio content, and encrypts the data from the first media source using a key stream to form an encrypted data stream. The disclosed system may separate the encrypted data stream into a plurality of encrypted data streams and may combine the plurality of encrypted data streams with an unencrypted data stream associated with a second media source to form a mixed data stream. The mixed data stream is formed without decrypting the plurality of encrypted data streams and is transmitted to hardware or a hardware driver. | 05-03-2012 |
20120189119 | Method and Apparatus for Increasing the Speed of Cryptographic Processing - Encrypting data in as cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps. | 07-26-2012 |