Cryptography Research, Inc.. is a San Francisco based cryptography company specializing in applied cryptographic engineering, including technologies for building tamper-resistant semiconductors. It was purchased on June 6, 2011 by Rambus for $342.5M. The company licenses patents for protecting cryptographic devices against power analysis attacks. The company's CryptoFirewall-brand ASIC cores are used in pay TV conditional access systems and anti-counterfeiting applications. CRI also developed BD+, a security component in the Blu-ray disc format, and played a role in the format war between HD DVD and Blu-ray. The company's services group assists with security testing, disaster recovery, and training.Cryptography Research protects its core operations from outside attack by maintaining a secured local network that is not connected to the Internet at all. Employees who need to work with sensitive data have two computers on their desks — one to access the secure network, and a separate computer to access the Internet.In 2009, Frost & Sullivan awarded the company the World Smart Card Technology Leadership of the Year Award, noting that the company is "one of the highest-volume and highest-value technology licensors in the semiconductor industry" and that "more than 4 billion security chips are produced under its licenses every year". Wikipedia.
Cryptography Research | Date: 2015-02-09
A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.
Cryptography Research | Date: 2015-04-15
A request associated with a revocation of a key may be received. A hash value corresponding to the key that is stored in a memory may be identified. Furthermore, the hash value that is stored in the memory may be corrupted in response to the request associated with the revocation of the key.
Cryptography Research | Date: 2015-06-26
A bitstream for configuration of a programmable logic device is received, the bitstream comprising a data segment and authentication data associated with the data segment. The programmable logic device computes a hash of the data segment. The programmable logic device compares the computed hash of the data segment with the authentication data. Configuration of the programmable logic device halts responsive to a determination that the computed hash of the data segment does not match the authentication data. Configuration of the programmable logic device using the data segment continues responsive to a determination that the computed hash of the data segment matches the authentication data.
Cryptography Research | Date: 2015-06-11
A device includes storage hardware to store a secret value and processing hardware coupled to the storage hardware. The processing hardware is to receive an encrypted data segment with a validator and derive a decryption key using the secret value and a plurality of entropy distribution operations. The processing hardware is further to verify, using the received validator, that the encrypted data segment has not been modified. The processing hardware is further to decrypt the encrypted data segment using the decryption key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.
Cryptography Research | Date: 2015-09-30
A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.