Embodiments of systems and methods for managing control of a security processor in a supply chain are described. In some embodiments, a security processor may include: a core; and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: store a first public key usable to initiate a first secure boot process and unusable to initiate a second secure boot process; store a second public key usable to initiate the second secure boot process and unusable to initiate the first secure boot process; and in response to a first change of control or ownership of the security processor, render the first public key unusable to initiate the first secure boot process.

Embodiments of systems and methods for managing control of a security processor in a supply chain are described. In some embodiments, a security processor may include: a core; and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: store a first public key usable to initiate a first secure boot process and unusable to initiate a second secure boot process; store a second public key usable to initiate the second secure boot process and unusable to initiate the first secure boot process; and in response to a first change of control or ownership of the security processor, render the first public key unusable to initiate the first secure boot process.

A method may involve applying, by a testing computing device, a distortion to a computing device under test. The distortion includes operating the computing device under test at a performance range of a computational resource that could cause the computing device under test to operate outside a normal range. The method may also involve receiving, by the testing computing device and in response to the applying of the distortion, one or more digital signals from the computing device under test. The method may further involve comparing, by the testing computing device, the one or more digital signals to one or more baseline digital signals associated with the computing device under test. The method may also involve detecting, based on the comparing, a presence of at least one anomalous element that could be indicative of a hostile element in the computing device under test.

A system and method of protecting against control-flow attacks provides two complementary, transparent, and strong security policies for the RTL design at a hardware level. The approach performs static analysis of controller, followed by lightweight instrumentation, such that CFI is enforced in-place and at runtime. The modified controller follows conservative CFG with the help of a monitor.

In some examples, executable code causes a processor to execute a first function and enter a system management mode responsive to receipt of a first system management interrupt during the execution of the first function. The executable code causes the processor to pause execution of the first function, save a state of the processor in the system management mode, and exit the system management mode. The executable code causes the processor to execute a second function identified by the first system management interrupt and receive a second system management interrupt to enter the system management mode. The executable code causes the processor to restore the state of the processor in the system management mode and exit the system management mode. The executable code causes the processor to resume execution of the first function after exiting the system management mode.

The invention is a method for managing an instance of a class in a secure element embedded in a hosting machine and including a Central Processing Unit, a storage area and a virtual machine. The method comprises a step of receiving by the secure element a load file containing a binary representation of a package of the class and a step of instantiating the instance from the package and storing the instance in the storage area. The load file includes a specific component which is a custom component within the meaning of Java Card™ specifications and which contains executable data. The instance requests the execution of a subset of the executable data by directly invoking the subset of executable data through an Application Programming Interface.

The invention is a method for managing an instance of a class in a secure element embedded in a hosting machine and including a Central Processing Unit, a storage area and a virtual machine. The method comprises a step of receiving by the secure element a load file containing a binary representation of a package of the class and a step of instantiating the instance from the package and storing the instance in the storage area. The load file includes a specific component which is a custom component within the meaning of Java Card™ specifications and which contains executable data. The instance requests the execution of a subset of the executable data by directly invoking the subset of executable data through an Application Programming Interface.

Provided is a process that affords out-of-band authentication based on a secure channel to a trusted execution environment on a client device. The authentication process includes one or more authentication steps in addition to verifying any credentials provided by a client device. A notification may be transmitted by a server to a device other than the client device attempting to access the asset. That device may be a mobile device with a trusted execution environment storing user credential information, and the server may store representations of those credentials. The mobile device collects user input credentials and transmits representations for matching the previously stored representations and signed data for verification by the server that received data originated from the mobile device. The access attempt by the client is granted based in part on the result of authenticating the data received from the mobile device in a response to the notification.

A control method executed by a computer, including: when accepting execution instructions for a first task and a second task, adding an operation code that causes execution of an operation, to a processing program that corresponds to the first task, and generating a first program that includes the processing program and the operation code; encrypting a second program that corresponds to the second task to generate encrypted data, by using an operation result obtained based on the execution of the operation; and transmitting the first program and the encrypted data to a device that corresponds to the first task.

A system and a method for a supply-chain hardware integrity for electronics defense (SHIELD) dielet embedded over a component of a device, a radio frequency identification (RFID) probe system coupled to the SHIELD dielet, and a secure server system communicating with the RFID probe system that can enable security services is provided. Embodiments include a multi-function SHIELD software defined, hardware enabled security system that provides hardware identity, anti-tamper, encryption key generation and management, trusted platform module services, and cryptographic software security services for a device.