An article is authenticated by providing a magnetic security mark in the form of an optically-passive randomly-generated nanoscale magnetic pattern. The pattern is pre-imaged and this reference image is uploaded to a secure database along with an identifier for the article such as a serial number. A user of the article verifies its authenticity by scanning it magnetically to obtain a scanned image of the magnetic pattern. The serial number is used to retrieve the previously uploaded reference image which is compared to the scanned image. If the images match, the article's authenticity is confirmed. A single article may have multiple magnetic security marks, each unique, placed at predetermined, non-uniform locations. The magnetic patterns are generated using thin film deposition of yttrium iron garnet. In one embodiment the article is a physical key having additional security features, such as mechanical features and a radio-frequency identification chip.

Example embodiments of systems and methods for data transmission between a contactless card, a client application, and a server are provided. The memory of the contactless card may include a first card number table storing a first plurality of card numbers, each card number associated with a user account. A first applet may cycle through the first card number table and transmit each of the first plurality of card numbers to a second applet. In response to detection of one or more gestures by the card, the client application may read one or more of the first plurality of card numbers from the second applet and transmit a verification request associated with the one or more read card numbers to the server, which may compare the one or more read card numbers to a number from a second card number table and transmit a verification determination to authenticate the card.

A secure processor, comprising a logic execution unit configured to process data based on instructions; a communication interface unit, configured to transfer of the instructions and the data, and metadata tags accompanying respective instructions and data; a metadata processing unit, configured to enforce specific restrictions with respect to at least execution of instructions, access to resources, and manipulation of data, selectively dependent on the received metadata tags; and a control transfer processing unit, configured to validate a branch instruction execution and an entry point instruction of each control transfer, selectively dependent on the respective metadata tags.

In an embodiment the method a includes performing, by an integrated circuit (IC) card hosted in a local equipment, authentication with a contactless subscriber device when the subscriber device is within a communication range of a contactless interface of the local equipment, receiving, by the IC card, an identifier (SID) identifying a software module from the subscriber device, the software module configured to enable a subscription profile for a mobile network operator, performing a checking operation at the IC card whether the SID matches a software module identifier stored in the IC card and selectively performing one of downloading the software module to the IC card, enabling the software module at the IC card or disabling the software module at the IC card as a result of performing the checking operation.

A device stores a first public key of a first cryptographic key pair. A second cryptographic key pair node-locked to and stored on the device is digitally signed with a first private key of the first key pair. A license stored on the device is digitally signed with a second private key of the second key pair to node-lock the license to the device, and the second private key is deleted from the device. The license is time-locked to time of digital signature. The license is authenticated against a second public key of the second key pair, and the second public key is authenticated against the first public key. The license is validated against the device and against a current time.

Extendable vehicle electronics system including a base unit having base electronic components for implementing base electronic functions. An extension module includes a module data transceiver and extension electronic components operable in combination with the base electronic components for implementing extended electronic functions. A base data transceiver is used for communications between the base unit and the module data transceiver. A module locator locates the extension module for communication between the base unit and the module data transceiver. The extension electronic components comprise a processor for processing input data to generate output data within the extension module for transmission to the base unit.

A security system for a programmable electronic device of a vehicle, the electronic device including an interface that can be used for accessing and/or programming the electronic device by means of an external access. The security system includes a sensor configured to detect a position and/or orientation of the electronic device with respect to the vehicle, and a security module. The security module is configured to determine coincidence based on of the position and/or orientation of the electronic device with respect to the vehicle detected by the sensor and an expected position and/or orientation of the electronic device with respect to the vehicle, and in the event of a detected coincidence prevent access and/or programming of the electronic device.

Techniques for providing data protection in an integrated circuit are provided. An example method according to these techniques includes determining that an unauthorized update has been made to software or firmware associated with the integrated circuit, and corrupting an anti-replay counter (ARC) value, maintained in a one-time programmable memory of the integrated circuit and used by the integrated circuit to protect contents of a non-volatile memory, responsive to determining that the unauthorized update has been made to the software or the firmware.

The present disclosure provides systems and methods for timed unlocking and locking of hardware intellectual properties obfuscation. One such method includes determining whether received key inputs match a functional key sequence of an integrated circuit or a test key sequence of the integrated circuit; permanently enabling operation of the integrated circuit responsive to the received key inputs being determined to be a functional key sequence for permanently enabling operation of the integrated circuit; temporarily enabling operation of the integrated circuit responsive to the received key inputs being determined to be the test key sequence for temporarily enabling operation of the integrated circuit to perform testing of the functionality and disable thereafter; and locking sequential logic and combinational logic of the integrated circuit if the received key inputs are determined to not be either the functional key sequence or the test key sequence. Other systems and methods are also provided.

The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.