An integrated circuit device includes encryption circuitry to encrypt a data packet and scheduler circuitry to receive the encrypted data packet from the encryption circuitry. The scheduler circuitry monitors a duration of time associated with egress of the encrypted data packet, holds the encrypted data packet until the duration of time matches a threshold duration of time, and transmits the encrypted data packet in response to the duration of time matching the threshold duration of time.

A receiver apparatus and method for optimized decryption and despreading of a very low frequency (VLF) bitstream is disclosed. In embodiments, the receiver includes antenna elements for receiving a transmission security (TRANSEC) encoded bitstream associated with an uncertainty window size and a spread factor. The receiver includes cryptographic processors that, when the spread factor is sufficiently large, select key section numbers A and data section numbers B based on the window size and spread factor. The cryptographic processors generate an output sequence of correlation windows, each correlation window associated with a symbol of the bitstream, via pipelined sectional mirrored-key convolution based on a key section number A and data section number B chosen to optimize performance (e.g., processor performance, memory performance).

The present invention relates to a method to protect a data file to be used by a white-box cryptography software application installed in memory of a device to prevent the malevolent use of a digital copy of the data file by a white-box cryptography software application installed in memory of another device, said method comprising the steps of extracting an unique identifier for the device from the environment of the device and modifying data in the data file according to the unique identifier, the available white-box cryptography software application being such that it comprises a software security layer adapted to, when the WBC software application is executed, retrieve the unique identifier from the environment of the device in which it is installed and to use this unique identifier in combination with the stored data file in its execution, the result of the execution being correct only in case where the correct unique identifier has been extracted by the executed WBC software application.

An external trusted time source is implemented over a network for conditional access system (CAS)/digital rights management (DRM) client devices. A client device includes untrusted software and a trusted execution environment (TEE) for processing an entitlement management message (EMM) that includes an epoch sequence number (ESN) transmitted from an EMM server using a first network connection. A remaining client key set (CKS) lifetime value is stored and updated in the TEE based on the ESN processed.

Techniques are disclosed for the protection and accuracy of system time used in systems, such as automotive systems, from attacks. In some embodiments, a cumulative trustworthiness score is determined for available time sources, other than a real time clock, by adding together trustworthiness scores associated with the available time sources after a system time is initialized to time of the real time clock during booting. The cumulative trustworthiness score is then used to determine an appropriate technique for updating the system time based on time from one of the available time sources, depending on whether the cumulative trustworthiness score is greater than a maximum threshold, between a minimum threshold and the maximum threshold, or less than the minimum threshold.

In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.

According to one embodiment, a DP accelerator includes one or more execution units (EUs) configured to perform data processing operations in response to an instruction received from a host system coupled over a bus. The DP accelerator includes a security unit (SU) configured to establish and maintain a secure channel with the host system to exchange commands and data associated with the data processing operations. The DP accelerator includes a time unit (TU) coupled to the security unit to provide timestamp services to the security unit, where the time unit includes a clock generator to generate clock signals locally without having to derive the clock signals from an external source. The TU includes a timestamp generator coupled to the clock generator to generate a timestamp based on the clock signals, and a power supply to provide power to the clock generator and the timestamp generator.

A method of determining whether a received message at a communications device is from a legitimate second device may include building a message intended for a legitimate second device, generating a time delay using a secret key known to the device and the legitimate second device, sending the built message to the legitimate second device, starting a timer at the time of sending the built message, receiving a response to the sent message, determining a response time of the received response based on a time value of the timer, determining an acceptable receive window of time based on the generated time delay, determining whether the determined response time is within the determined acceptable receive window of time, and when the determined response time is within the determined acceptable receive window of time, recognizing the received response as a legitimate message from the legitimate second device.

A system, method, and computer-readable medium are disclosed for providing auditability of a distributed ledger technology (DLT) of de-identified data of entities, stored in the DLT. In certain embodiments, data related to an entity is de-identified. The de-identified data is stored in the DLT. Access to the de-identified data is determined. Instances of access to the de-identified data is recorded to the DLT. In certain embodiments, information used to re-identify the de-identified data is store on the DLT. Access to the information can also be determined and recorded to the DLT.

An external trusted time source is implemented over a network for conditional access system (CAS)/digital rights management (DRM) client devices. A client device includes untrusted software and a trusted execution environment (TEE) for processing an entitlement management message (EMM) that includes an epoch sequence number (ESN) transmitted from an EMM server using a first network connection. A remaining client key set (CKS) lifetime value is stored and updated in the TEE based on the ESN processed.