A method of boot-loading an electronic device. The method comprises boot-loading a trusted execution environment (TEE) in a trusted security zone of a processor of the electronic device, where the TEE boot-loads before a rich execution environment (REE) boot-loads, launching a boot-loader authentication application by the TEE in the trusted security zone, determining a signature value of an REE boot-loader by the boot-loader authentication application over the instructions of the REE boot-loader, comparing the signature value of the REE boot-loader to an authentication signature value stored in the TEE, and, in response to the signature value of the REE boot-loader not matching the authentication signature value, taking action by the boot-loader authentication application.

An external trusted time source is implemented over a network for conditional access system (CAS)/digital rights management (DRM) client devices. A client device includes untrusted software and a trusted execution environment (TEE) for processing an entitlement management message (EMM) that includes an epoch sequence number (ESN) transmitted from an EMM server using a first network connection. A remaining client key set (CKS) lifetime value is stored and updated in the TEE based on the ESN processed.

Provided is a method for remotely uploading certified software from a source to a data update module on an asset via a wireless communications link. The method includes encrypting the communications link between the source and the data update module to form a secure tunnel and verifying credentials of the source via the data update module when a software update file is transmitted. A load assurance check is performed on a portion of the transmitted update file to confirm integrity of the transmitted file when the credentials of the source are verified. The uploading of the certified software is immediately activated when the file integrity is verified, the activating occurring automatically and being devoid of human intervention.

A method for providing a reliable time signal. In the method, a first time signal from a first time source and a second time signal from a second time source are received and evaluated by an arrangement, the first time source and the second time source being independent of each other, the arrangement including a first unit in the arrangement which fulfills an observer and comparator function, the two time signals are compared with each other and a detected deviation between the two time signals is evaluated, and the reliable time signal is output on the basis of this evaluation.

In general, this disclosure describes scalable, partitionable encryption engines. The partitionable encryption engines of this disclosure yield power savings, such as by controlling operation of partitioned sub-datapaths at reduced clock rates. An apparatus includes an interface configured to receive a block of encrypted data for decryption, and a decryption engine in communication with the interface. The decryption engine includes a plurality of decryption sub-datapaths, where each respective decryption sub-datapath has no data interdependency with any other decryption sub-datapath of the plurality of decryption sub-datapaths. The decryption engine is configured to selectively enable one or more decryption sub-datapaths of the plurality of decryption sub-datapaths to decrypt the block of encrypted data to form a decrypted block of data.

A method of boot-loading an electronic device. The method comprises boot-loading a trusted execution environment (TEE) in a trusted security zone of a processor of the electronic device, where the TEE boot-loads before a rich execution environment (REE) boot-loads, launching a boot-loader authentication application by the TEE in the trusted security zone, determining a signature value of an REE boot-loader by the boot-loader authentication application over the instructions of the REE boot-loader, comparing the signature value of the REE boot-loader to an authentication signature value stored in the TEE, and, in response to the signature value of the REE boot-loader not matching the authentication signature value, taking action by the boot-loader authentication application.

A method of boot-loading an electronic device. The method comprises boot-loading a trusted execution environment (TEE) in a trusted security zone of a processor of the electronic device, where the TEE boot-loads before a rich execution environment (REE) boot-loads, launching a boot-loader authentication application by the TEE in the trusted security zone, determining a signature value of an REE boot-loader by the boot-loader authentication application over the instructions of the REE boot-loader, comparing the signature value of the REE boot-loader to an authentication signature value stored in the TEE, and, in response to the signature value of the REE boot-loader not matching the authentication signature value, taking action by the boot-loader authentication application.

Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

According to one embodiment, a DP accelerator includes one or more execution units (EUs) configured to perform data processing operations in response to an instruction received from a host system coupled over a bus. The DP accelerator includes a security unit (SU) configured to establish and maintain a secure channel with the host system to exchange commands and data associated with the data processing operations. The DP accelerator includes a time unit (TU) coupled to the security unit to provide timestamp services to the security unit, where the time unit includes a clock generator to generate clock signals locally without having to derive the clock signals from an external source. The TU includes a timestamp generator coupled to the clock generator to generate a timestamp based on the clock signals, and a power supply to provide power to the clock generator and the timestamp generator.

Various embodiments include methods and systems performed by a processor of a first function block for providing secure timer synchronization with a second function block. Various embodiments may include storing, in a shared register space, a first time counter value in which the first time counter value is based on a global counter of the second function block, transmitting, from the shared register space, the stored first time counter value to a preload register of the first function block, receiving, by the first function block, a strobe signal from the second function block configured to enable the first time counter value in the preload register to be loaded into a global counter of the first function block, and configuring the global counter with the first time counter value from the preload register.