Permutation cipher encryption for processor-accelerator memory mapped input/output communication
US-2021297243-A1 · Sep 23, 2021 · US
Secure public key acceleration
US12079350B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12079350-B2 |
| Application number | US-202318301860-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 17, 2023 |
| Priority date | Sep 26, 2014 |
| Publication date | Sep 3, 2024 |
| Grant date | Sep 3, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
First claim
Opening claim text (preview).
What is claimed is: 1. A system on a chip (SoC), comprising: one or more processors; and a security circuit that includes a cryptographic accelerator circuit isolated from the one or more processors, wherein the cryptographic accelerator circuit is configured to: perform a cryptographic operation responsive to a service request associated with the one or more processors, wherein performance of the cryptographic operation includes accessing key material stored in an internal memory of the cryptographic accelerator circuit; and after performing of the cryptographic operation, zero the key material in the internal memory of the cryptographic accelerator circuit. 2. The SoC of claim 1 , wherein the cryptographic accelerator circuit is a public key accelerator (PKA) configured to perform public key cryptographic operations. 3. The SoC of claim 2 , wherein the public key cryptographic operations include elliptical-curve Diffie-Hellman (ECDH) operations. 4. The SoC of claim 2 , wherein the public key cryptographic operations include digital signature operations. 5. The SoC of claim 1 , wherein the security circuit includes: an internal processor; and a read-only memory (ROM) having boot code stored therein that is executable by the internal processor to boot the security circuit. 6. The SoC of claim 5 , wherein the cryptographic accelerator circuit is configured to perform the cryptographic operation responsive to a request issued by the internal processor. 7. The SoC of claim 5 , further comprising: memory external to the security circuit and accessible to the one or more processors; and wherein the internal processor is configured to load software from the external memory. 8. The SoC of claim 7 , wherein the security circuit is configured to verify the software. 9. The SoC of claim 1 , wherein the security circuit includes a random number generator (RNG) circuit configured to generate random numbers for the security circuit. 10. The SoC of claim 1 , wherein the security circuit includes programable fuses configured to store key material accessible to the cryptographic accelerator circuit. 11. A device, comprising: an integrated circuit that includes one or more processors and a security circuit having a cryptographic accelerator circuit isolated from the one or more processors, wherein the cryptographic accelerator circuit is configured to: perform a cryptographic operation that includes accessing key material stored in an internal memory of the cryptographic accelerator circuit; and overwriting the key material in the internal memory of the cryptographic accelerator circuit. 12. The device of claim 11 , wherein the security circuit includes: an internal processor; and a read-only memory (ROM) having program instructions stored therein that are executable by the internal processor to facilitate performance of the cryptographic operation. 13. The device of claim 12 , further comprising: memory external to security circuit and accessible to the one or more processors; and wherein the internal processor is configured to load and verify software from the external memory. 14. The device of claim 11 , wherein the security circuit includes a fuse memory configured to store data accessible to the cryptographic accelerator circuit. 15. The device of claim 11 , wherein the overwriting includes writing zeroes over the key material. 16. The device of claim 11 , wherein the integrated circuit is a system on a chip (SoC). 17. One or more non-transitory computer readable media having program instructions stored therein that are executable by a computing device to perform operations comprising: receive, by a security circuit of the computing device and from a processor external to security circuit, a request for performance of a cryptographic operation; performing, by a cryptographic accelerator circuit included in security circuit and isolated from the processor, the cryptographic operation, wherein performance of the cryptographic operation includes accessing key material stored in an internal memory of the cryptographic accelerator circuit; and zeroing, by the cryptographic accelerator circuit, the key material in the internal memory after performing of the cryptographic operation. 18. The computer readable media of claim 17 , wherein the computer readable media include a read-only memory having boot code executable by an internal processor included in the security circuit. 19. The computer readable media of claim 17 , wherein the computer readable media include a memory having program instructions executable by the external processor to generate the request for performance of the cryptographic operation. 20. The computer readable media of claim 17 , wherein the cryptographic operation is a public key operation.
Assignees
Inventors
Classifications
to a system of files or objects, e.g. local or distributed file system or database · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12079350B2 cover?
- In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. …
- Who is the assignee on this patent?
- Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/71. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 03 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).