An integrated circuit including an electronic fuse for supporting a secure bootstrap process, in which the fuse is queried. The circuit includes a protection against electromagnetic fault injection. The circuit is configured in such a way that the protection extends to the bootstrap process.

Access permissions are set for different requesting circuits on a control bus. The access permissions can be set by the level 1 manager and the level 2 manager, allowing two layers of security to be added. The level 1 manager has priority, allowing it to add access permissions that cannot be removed by the level 2 manager.

Access permissions are set for different requesting circuits on a control bus. The access permissions can be set by the level 1 manager and the level 2 manager, allowing two layers of security to be added. The level 1 manager has priority, allowing it to add access permissions that cannot be removed by the level 2 manager.

According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

According to certain embodiments, a method performed by a trust anchor comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with a hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and receiving a response encrypted using the random value (K). The response is received from the hardware component. The method further comprise encrypting a schema using the random value (K) and sending the encrypted schema to the hardware component. The schema indicates functionality that the hardware component is authorized to enable.

An active attestation apparatus verifies at runtime the integrity of untrusted machine code of an embedded system residing in a memory device while it is being run/used with while slowing the processing time less than other methods. The apparatus uses an integrated circuit chip containing a microcontroller and a reprogrammable logic device, such as a field programmable gate array (FPGA), to implement software attestation at runtime and in less time than is typically possible with comparable attestation approaches, while not requiring any halt of the processor in the microcontroller. The reprogrammable logic device includes functionality to load an encrypted version of its configuration and operating code, perform a checksum computation, and communicate with a verifier. The checksum algorithm is preferably time optimized to execute computations in the reprogrammable logic device in the minimum possible time.

An active attestation apparatus verifies at runtime the integrity of untrusted machine code of an embedded system residing in a memory device while it is being run/used with while slowing the processing time less than other methods. The apparatus uses an integrated circuit chip containing a microcontroller and a reprogrammable logic device, such as a field programmable gate array (FPGA), to implement software attestation at runtime and in less time than is typically possible with comparable attestation approaches, while not requiring any halt of the processor in the microcontroller. The reprogrammable logic device includes functionality to load an encrypted version of its configuration and operating code, perform a checksum computation, and communicate with a verifier. The checksum algorithm is preferably time optimized to execute computations in the reprogrammable logic device in the minimum possible time.

A semiconductor device comprises one or more registers having digital signals stored therein. The semiconductor device is configured for communication with one or more external devices and such communication may involve requests for access to portions of these register or registers. Register shield circuitry is provided comprising access detection circuitry configured to detect requests for access to these register portions in communication with the external device or devices. The register shield circuitry is configured to be selectively activated in a register shield mode to shield these register portions from undesired requests for access. When activated in the register shield mode, the register shield circuitry prevents access to these register portions in response to requests for access detected by the access detection circuitry.

A semiconductor device comprises one or more registers having digital signals stored therein. The semiconductor device is configured for communication with one or more external devices and such communication may involve requests for access to portions of these register or registers. Register shield circuitry is provided comprising access detection circuitry configured to detect requests for access to these register portions in communication with the external device or devices. The register shield circuitry is configured to be selectively activated in a register shield mode to shield these register portions from undesired requests for access. When activated in the register shield mode, the register shield circuitry prevents access to these register portions in response to requests for access detected by the access detection circuitry.

Aspects of the disclosure relate to real-time dynamic securitization of blockchain records. A computing platform may receive record retrieval data comprising record data identifying one or more requested records. The computing platform may decrypt the first requested record to generate a decrypted requested record. The computing platform may parse the decrypted requested record to generate parsed record data. The computing platform may determine that the parsed record data comprises a subset of predetermined textual content. The computing platform may mark one or more predetermined textual content of the subset of predetermined textual content for securitization. The computing platform may generate a securitized record by redacting, from the decrypted requested record, each of the one or more predetermined textual content marked for securitization.