A storage device and a data access method are provided. The storage device includes a primary storage unit and at least one additional unit. The primary storage unit includes: a primary memory element configured to store secret data and a primary access unit configured to receive an external access command. Each additional unit is configured to receive the external access command. Each additional unit includes: an additional memory element configured to store non-specific data, a local access generation element configured to trigger generating an internal access command based on the external access command, and an additional access unit configured to receive a local access command. The primary storage unit and each additional unit are coupled to a same power rail and a connection wire to simultaneously receive the external access command to parallelly (simultaneously) access the secret data and the non-specific data stored in each additional unit.

Systems and methods for protecting block cipher computation operations from external monitoring attacks. An example apparatus for implementing a block cipher may comprise a memory device to store instructions for computing a block cipher; and a processing device coupled to the memory device. The processing device performs a Data Encryption Standard (DES) cryptographic operation with multiple rounds of a Feistel structure, each round including a substitution function and a transformation function that combines an expansion function and a permutation function into a single operation. The transformation function transforms a first input portion of an internal state of the respective round and a second input portion of the internal state into a first output portion and a second output portion of data. The second output portion is equal to the first input portion and the first output portion is dependent on a combined permutation output from the transformation function.

The present invention concerns an electronic circuit power supply device, configured to: flow, through a first conductor connected to a node, a first current that is an image of a second current consumed by the electronic circuit; flow a third current through a second conductor connected to the node, a first branch of a current mirror conducting the third current; flow a fourth constant current through a third conductor connected to the node; consume a fifth current that is an image of the third current; and regulate a potential of the node by acting on a gate potential of a transistor electrically in series with a second branch of the current mirror.

A protected circuit is provided comprising multiple essentially identical circuits, such as TPM (Trusted Platform Module) hosted in a common chip-housing, such that the signals thereof interfere with each other and it is difficult to obtain information therefrom. Additional protection may be achieved by adding a random delay to mask any relation between contents of processed information packages and the processing time required between in- and output signals of protected circuits. A physical barrier may be provided in order to prevent or at least limit physical access to for example at least one TPM chip arranged inside of the barrier. The physical barrier may comprises an impedance, i.e. in form of a capacitor with capacity C and or resistor R and or inductivity L, for example formed by two of the reflector layers with an absorbing material in between. Any impedance (i.e. capacity C and/or resistance R and/or inductivity L) change can be detected and any impedance (i.e. capacity and/or resistance and/or inductivity L) change beyond a chosen threshold is indicative of an attempt to physically destruct or enter the barrier. Upon detecting an impedance (i.e. capacity C and/or resistance R and/or inductivity L) change beyond the threshold, any suitable action may be performed, such as deleting all information from the chip, destroying the chip or providing wrong information. The barrier may also act as a reflector for reflecting the desired signal of the at least one chip, such that the desired signal and the reflected signals interfere with each other and it is difficult to obtain information therefrom.

A protected circuit is provided comprising multiple essentially identical circuits, such as TPM (Trusted Platform Module) hosted in a common chip-housing, such that the signals thereof interfere with each other and it is difficult to obtain information therefrom. Additional protection may be achieved by adding a random delay to mask any relation between contents of processed information packages and the processing time required between in- and output signals of protected circuits. A physical barrier may be provided in order to prevent or at least limit physical access to for example at least one TPM chip arranged inside of the barrier. The physical barrier may comprises an impedance, i.e. in form of a capacitor with capacity C and or resistor R and or inductivity L, for example formed by two of the reflector layers with an absorbing material in between. Any impedance (i.e. capacity C and/or resistance R and/or inductivity L) change can be detected and any impedance (i.e. capacity and/or resistance and/or inductivity L) change beyond a chosen threshold is indicative of an attempt to physically destruct or enter the barrier. Upon detecting an impedance (i.e. capacity C and/or resistance R and/or inductivity L) change beyond the threshold, any suitable action may be performed, such as deleting all information from the chip, destroying the chip or providing wrong information. The barrier may also act as a reflector for reflecting the desired signal of the at least one chip, such that the desired signal and the reflected signals interfere with each other and it is difficult to obtain information therefrom.

Circuits are protected from timing attacks by adding a random delay to mask any relation between contents of processed information packages and the processing time required between in- and output signals of protected circuits. This random delay has to be performed preferably inside the protected volume and can be realized by one or more random delay buffers that are realized by means of e.g. random shift-registers. Further protection may be provided by situating the circuits in a single chip housing, such that the signals thereof interfere with each other and it is difficult to obtain information therefrom. A physical barrier may be provided in order to prevent or at least limit physical access to for example at least one TPM chip arranged inside of the barrier. The physical barrier comprises an impedance, i.e. in form of a capacitor with capacity C and or resistor R and or inductivity L, for example formed by two of the reflector layers of the barrier with an absorbing material in between. Any impedance (i.e. capacity C and/or resistance R and/or inductivity L) change can be detected and any impedance (i.e. capacity and/or resistance and/or inductivity L) change beyond a chosen threshold is indicative of an attempt to physically destruct or enter the barrier. Upon detecting an impedance (i.e. capacity C and/or resistance R and/or inductivity L) change beyond the threshold, any suitable action may be performed, such as deleting all information from the chip, destroying the chip or providing wrong information. The barrier may also act as a reflector for reflecting the desired signal of the at least one chip, such that the desired signal and the reflected signals interfere with each other and it is difficult to obtain information therefrom.

Circuits are protected from timing attacks by adding a random delay to mask any relation between contents of processed information packages and the processing time required between in- and output signals of protected circuits. This random delay has to be performed preferably inside the protected volume and can be realized by one or more random delay buffers that are realized by means of e.g. random shift-registers. Further protection may be provided by situating the circuits in a single chip housing, such that the signals thereof interfere with each other and it is difficult to obtain information therefrom. A physical barrier may be provided in order to prevent or at least limit physical access to for example at least one TPM chip arranged inside of the barrier. The physical barrier comprises an impedance, i.e. in form of a capacitor with capacity C and or resistor R and or inductivity L, for example formed by two of the reflector layers of the barrier with an absorbing material in between. Any impedance (i.e. capacity C and/or resistance R and/or inductivity L) change can be detected and any impedance (i.e. capacity and/or resistance and/or inductivity L) change beyond a chosen threshold is indicative of an attempt to physically destruct or enter the barrier. Upon detecting an impedance (i.e. capacity C and/or resistance R and/or inductivity L) change beyond the threshold, any suitable action may be performed, such as deleting all information from the chip, destroying the chip or providing wrong information. The barrier may also act as a reflector for reflecting the desired signal of the at least one chip, such that the desired signal and the reflected signals interfere with each other and it is difficult to obtain information therefrom.

A control device is provided, in which the control device is coupled to an external memory and includes a storage circuit, a memory mapping circuit, and a central processing unit (CPU). The storage circuit stores a firmware image. The memory mapping circuit divides the firmware image into a plurality of segments and calculates the start address of each of the segments and the identifier code to generate an access sequence. The CPU reads the storage circuit and outputs the segments to the external memory according to the access sequence.

A control device is provided, in which the control device is coupled to an external memory and includes a storage circuit, a memory mapping circuit, and a central processing unit (CPU). The storage circuit stores a firmware image. The memory mapping circuit divides the firmware image into a plurality of segments and calculates the start address of each of the segments and the identifier code to generate an access sequence. The CPU reads the storage circuit and outputs the segments to the external memory according to the access sequence.

An apparatus and system for remote attestation of a power delivery network is disclosed. Embodiments of the disclosure enable remote attestation of the power delivery network by storing a trusted golden reference waveform in secure memory. The trusted golden reference waveform characterizes a power delivery network in response to a load generated on the power delivery network. A remote cloud server generates a server-generated remote attestation of the power delivery network by receiving an attestation packet from the power delivery network and verifying whether the attestation packet is consistent with an expected power delivery network identity.