As part of a factory provisioning of an Information Handling System (IHS), a signed replaceable hardware certificate is stored that identifies any replaceable hardware components coupled to the IHS during the factory provisioning. Upon a transfer of control or ownership of the IHS, replaceable hardware components that are coupled to the IHS are detected, and the replaceable hardware certificate is utilized to validate that the identified replaceable hardware components detected as coupled to the IHS are the same replaceable hardware components coupled to the IHS during the factory provisioning. A security processor of the IHS may support boot code operations for generating additional replaceable hardware certificates that can be used to validate the integrity of any changes the replaceable hardware of the IHS, such as upon its next power cycle.

A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.

A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.

An electronic control device includes a tamper storage unit that stores a secure boot key and a control key, and has tamper resistance, a processor that is able to execute a program, a verification unit that verifies a program by using the secure boot key, performs secure boot causing the processor to execute the program based on a result of the verification, and has tamper resistance, a calculation unit that performs calculation related to encryption using the control key, and has tamper resistance, and a general storage unit that stores a first program that implements a delegated verification unit to which authority of the secure boot is delegated from the verification unit and a second program that implements a control unit that uses the calculation unit, and does not have tamper resistance. The verification unit delegates the authority of the secure boot to the delegated verification unit to end the execution of the secure boot when the verification for the first program and the second program is successful and the processor is caused to execute the first program and the second program, the calculation unit starts an operation when the verification unit ends the execution of the secure boot, and the delegated verification unit is able to simultaneously execute processing with the calculation unit.

A trusted application (TA) operates on a trusted execution environment (TEE) and generates a screen. Further, the TA transmits certification information for certifying validity of the TA to a verification device. The verification device verifies whether the TA is valid on the basis of the certification information. Further, the verification device authenticates a display device when the validity of the TA is certified and when the verification device is capable of confirming the facts that a picture is being output and that a device outputting the picture is the display device. Further, the verification device outputs a random number code when the display device is authenticated. Further, the verification device transmits the random number code to the display device when the display device is authenticated. Further, the display device receives the random number code from the verification device and displays the same.

An information processing device comprises an electronic device, an averaging circuit acquiring output signals from the electronic device multiple times in a predetermined period and averaging the signals acquired multiple times, a memory circuit storing an averaged signal averaged by the averaging circuit and a PUF-ID extraction circuit generating a unique identifier based on the averaged signal.

Polymorphic encryption is described in a way to restrict access and enhance security of a data vault. In an example, the data vault has a primary partition with a first subset of records having an encrypted value for each of at least a portion of the fields encrypted according to a first encryption scheme. A secondary partition has a second subset of the records encrypted according to a second encryption scheme that is different from the first encryption scheme. The first encryption scheme is configured to permit a first set of operations on the values when the values are encrypted and the second encryption scheme is configured to permit a second set of operations on the values when the values are encrypted.

Polymorphic encryption is described in a way to restrict access and enhance security of a data vault. In an example, the data vault has a primary partition with a first subset of records having an encrypted value for each of at least a portion of the fields encrypted according to a first encryption scheme. A secondary partition has a second subset of the records encrypted according to a second encryption scheme that is different from the first encryption scheme. The first encryption scheme is configured to permit a first set of operations on the values when the values are encrypted and the second encryption scheme is configured to permit a second set of operations on the values when the values are encrypted.

Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus includes: interface circuitry to receive a first value and a second value; selector circuitry to select a first subset of bits and a second subset of bits from the first value; multiplier circuitry to: multiply the first subset to the second value during a first compute cycle; and multiply the second subset to the second value during a second compute cycle; left shift circuitry to perform a bitwise shift with a product of the first subset and the second value during the second compute cycle; adder circuitry to add a product of the second subset and the second value to a result of the plurality of bitwise shift operations during the second compute cycle; and comparator circuitry to determine the result of the modular multiplication based on a result of the addition during the second compute cycle.

An integrated-circuit device comprises a processor, a hardware key-storage system, and a key bus. The hardware key-storage system comprises a non-volatile key storage memory, which includes a key register, for storing a cryptographic key, and an address register, for storing a destination memory address for the cryptographic key. The hardware key-storage system further comprises output logic for sending the cryptographic key over the key bus to the destination memory address, and write-once logic for preventing an address being written to the address register unless the address register is in an erased state.