Disclosed is a physical unclonable function generator circuit and testing method. In one embodiment, a testing method for physical unclonable function (PUF) generator includes: verifying a functionality of a PUF generator by writing preconfigured logical states to and reading output logical states from a plurality of bit cells in a PUF cell array; determining a first number of first bit cells in the PUF cell array, wherein the output logical states of the first bit cells are different from the preconfigured logical states; when the first number of first bit cells is less than a first predetermined number, generating a first map under a first set of operation conditions using the PUF generator and a masking circuit, generating a second map under a second set of operation conditions using the PUF generator and the masking circuit, determining a second number of second bit cells, wherein the second bit cells are stable in the first map and unstable in the second map; when the second number of second bit cells is determined to be zero, determining a third number of third bit cells, wherein the third bit cells are stable in the first map and stable in the second map; and when the third number of third bit cells are greater than a second preconfigured number, the PUF generator is determined as a qualified PUF generator.

Technologies for switching network traffic include a network switch. The network switch includes one or more processors and communication circuitry coupled to the one or more processors. The communication circuity is capable of switching network traffic of multiple link layer protocols. Additionally, the network switch includes one or more memory devices storing instructions that, when executed, cause the network switch to receive, with the communication circuitry through an optical connection, network traffic to be forwarded, and determine a link layer protocol of the received network traffic. The instructions additionally cause the network switch to forward the network traffic as a function of the determined link layer protocol. Other embodiments are also described and claimed.

Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

A data storage device including a first non-volatile memory configured to store data, and a device controller configured to control the first non-volatile memory may be provided, and wherein the device controller may be configured to receive a data read command including a first logical address of the first non-volatile memory, a first physical address corresponding to the first logical address, and first status information of the first non-volatile memory corresponding to the first physical address, determine a first read level, using the first status information included in the data read command, and apply a voltage of the first read level to a first word line of the first non-volatile memory corresponding to the first physical address to read data.

A computing device is disclosed. The computing device includes a central processing unit and a mass storage bus. The central processing unit includes an application processing unit and an immutable encryption key for use with the encryption of data and the decryption of data. The application processing unit includes an instruction set to perform an encryption of data and a decryption of data stored via the mass storage bus. The immutable encryption key stored in the central processing unit and inaccessible from outside of the instruction set.

A processor comprises a first register to store an encoded pointer to a memory location. First context information is stored in first bits of the encoded pointer and a slice of a linear address of the memory location is stored in second bits of the encoded pointer. The processor also includes circuitry to execute a memory access instruction to obtain a physical address of the memory location, access encrypted data at the memory location, derive a first tweak based at least in part on the encoded pointer, and generate a keystream based on the first tweak and a key. The circuitry is to further execute the memory access instruction to store state information associated with memory access instruction in a first buffer, and to decrypt the encrypted data based on the keystream. The keystream is to be generated at least partly in parallel with accessing the encrypted data.

An apparatus can have a computing component. The computing component can be configured to receive a wireless transmission from an implanted device, verify an identity of the implanted device by verifying security data from the implanted device, and perform an authentication procedure, in response to verifying the identity of the implanted device, to determine whether the transmission is authentic by determining whether a digital signature of the transmission is authentic. The apparatus can be configured to wirelessly charge the implanted device in response to the computing component determining that the digital signature is authentic.

Techniques for memory assisted inline encryption/decryption are described. An example includes an encryption data structure engine to provide a key, data, and a tweak to the encryption/decryption engine, wherein the encryption data structure engine is to: read an index value from an encryption data structure lookup data structure entry using an address, the entry to include the index value and a guest page physical address (GPPA), retrieve, based on the index value, an entry from the encryption data structure, the entry to include a logical block address (LBA) base, a key identifier, and at least one GPPA in a sequence of GPPAs, generate a LBA using a position of the GPPA from the encryption data structure lookup data structure entry in the sequence of GPPAs, and retrieve a key based on the key identifier, wherein the encryption engine to encrypt data using the retrieved key, and the generated LBA.

In one embodiment, an apparatus includes: an access control circuit to receive a memory transaction directed to a storage, the memory transaction having a requester ID and a key ID; a first memory to store an access control table, the access control table having a plurality of entries each to store a requester ID and at least one key ID; and a cryptographic circuit coupled to the access control circuit, the cryptographic circuit to perform a cryptographic operation on data associated with the memory transaction based at least in part on the key ID. The apparatus may be implemented as an inline engine coupled between the storage and an accelerator, the inline engine to provide decrypted data to the accelerator, the storage to store encrypted data. Other embodiments are described and claimed.