Methods and devices for secure data sharing with granular access control are described. A modified attribute-based encryption (ABE) scheme is used to perform cryptographically-enforced ABE using attributes of a file access policy. A sender sends to a receiver a file encrypted using a file encryption key, the file encryption key encrypted using ABE based on a file access policy set by the sender, and a set of private ABE keys decryptable using a key stored in a trusted execution environment (TEE) of the receiver. The private ABE keys are decrypted by the receiver TEE when the file is accessed, decrypting a file encryption key only when the attributes of the receiver access action satisfy the file access policy. The decrypted file encryption key grants access to the file contents via a trusted viewer application. A user password may also be required and cryptographically enforced as part of the ABE decryption.

Systems, methods and devices for adding key chain and key derivative functions (KDF) support for Network time protocol (NTP) authentication using password based key derivation functions-NTP (PBKDF-NTP) are disclosed. In one embodiment, a method includes generating time bound multiple short lived keys instead of long lived keys for NTP security which ensures that attacker will not get enough time to crack the key values. The usage of time bound multiple short lived keys instead of long lived keys for NTP security will ensure that attacker will not get enough time to crack the key values within key lifetime. Hence man-in-middle attack can be avoided in NTP.

A method for providing an anti-rollback secure timer service includes determining, at a device which includes a processor providing a trusted execution environment (TEE), a trusted memory, and a real time clock (RTC) accessible through an operating system of the device, an initial reference time value, by a secure timer application running in the TEE, the initial reference time value determined based on an initial value of the RTC obtained during booting of the device and a time delta value. The method further includes determining an updated reference time value based on the initial reference time value, a second value of the RTC, and a previously stored old reference time value, determining an updated time delta value based on the second value of the RTC and the updated reference time value, and storing the updated time delta value and the updated reference time value in the trusted memory.

In one form, an integrated circuit includes a plurality of electromagnetic fault injection (EMFI) sensors and a security management circuit. Each EMFI sensor includes a sense loop having a conductor around a corresponding portion of logic circuitry whose operation is affected by an electromagnetic pulse, and a detector circuit coupled to the sense loop and having an output for providing a pulse detection signal in response to a pulse of at least a predetermined magnitude. The security management circuit performs a protection operation to secure the integrated circuit in response to an activation of a corresponding pulse detection signal of one of the plurality of EMFI sensors.

A digital fingerprint generation circuit based on an integrated circuit is provided. In the digital fingerprint generation circuit, a control unit is configured to: generate a first control word and a second control word, and transmit the first control word and the second control word to a first clock generator and a second clock generator respectively, so that the first clock generator generates a first clock signal based on the first control word, and the second clock generator generates a second clock signal based on the second control word; and a frequency detector generates a digital fingerprint of the integrated circuit based on the first clock signal and the second clock signal.

Various embodiments relating to an electronic device are described, and according to an embodiment, the electronic device may comprise a communication module which performs wireless communication; at least one processor which is electrically connected to the communication module; and a memory which stores instructions which cause at least one processor to receive or transmit data via communication with an external electronic device using the communication module on the basis of a first operating system and to process the received data or data to be transmitted to the external electronic device using a designated key on the basis of a second operating system, at the time of execution thereof.

Methods and devices for secure data sharing with granular access control are described. A modified attribute-based encryption (ABE) scheme is used to perform cryptographically-enforced ABE using attributes of a file access policy. A sender sends to a receiver a file encrypted using a file encryption key, the file encryption key encrypted using ABE based on a file access policy set by the sender, and a set of private ABE keys decryptable using a key stored in a trusted execution environment (TEE) of the receiver. The private ABE keys are decrypted by the receiver TEE when the file is accessed, decrypting a file encryption key only when the attributes of the receiver access action satisfy the file access policy. The decrypted file encryption key grants access to the file contents via a trusted viewer application. A user password may also be required and cryptographically enforced as part of the ABE decryption.

Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

Techniques for identifying a fraudulent interaction of a user device using time based risk features are described herein. In embodiments, time stamp information provided by an external clock and time units may be maintained by a user device. The user device may include an authentication component that is communicatively coupled to a clock component that generates the time units. In response to conducting an interaction with an access device and user device first time information may be received from the access device. Second time information may be determined based at least in part on the time units from the clock component and the time stamp information. The second time information may be compared to the first time information. An authentication plan for the interaction may be determined based at least in part on the comparison of the second time information to the first time information.

The present invention relates to a method to create, by a service provider, a trusted pool of security devices adapted to perform cryptographic operations in a secure service, comprising the steps of: for a service provider, setting up a secure service by allocating a first device in the service, setting the first security device's clock to a reliable time source, creating an internal secure-service-object defining at least a service clock-instance and service-specific cryptographic keys and certificates used to protect communication between a resource owner's security application and a security device part of the secure service, said secure-service-object being maintained by the security device internally preventing any service provider from arbitrarily changing it, when additional security devices are required, for the service provider, adding additional security devices to the service through ensuring the two security devices' clocks are synchronized by setting the target security device's clock to an accurate time value and defining, in the secure-service-object, a max-delta-time and a max-daily-correction per day values limiting the drift between two devices of the pool.