Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting a timestamp request for a to-be-timestamped block of a blockchain at a time point to a trust time server by a ledger server in a blockchain-based centralized ledger system that stores data in the blockchain, the trust time server being associated with a trust time authority and independent from the blockchain-based centralized ledger system, the blockchain including a plurality of blocks storing transaction data, and disregarding the timestamp request in response to determining that a predetermined time period has lapsed after the time point and that there has been no reply to the timestamp request from the trust time server.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting individual timestamp requests for to-be-timestamped blocks in a blockchain to a trust time server independent from a blockchain-based centralized ledger system that stores data in the blockchain, the blockchain including a plurality of blocks storing transaction data, receiving respective timestamps and associated signatures for the to-be-timestamped blocks from the trust time server, and storing information of the respective timestamps and associated signatures for the to-be-timestamped blocks in respective timestamped blocks in the blockchain, any adjacent two of the timestamped blocks in the blockchain being anchored with each other.

This Application describes devices, and techniques for using them, capable of providing a secure hardware backdoor for digital devices, thus allowing valid access to secure target device data without the owner's consent, while still assuring the owner's knowledge whenever any access has occurred, whether validly or not. Each target device's data is protected by maintaining protected data encrypted on the target device, maintaining encryption keys for protected data in a secure enclave, causing the secure enclave to generate secure data in response to a hardware trigger, the secure data being usable to provide access to the device, and providing relatively difficult yet achievable retrieval of the secure data with physical access to the target device, and using the secure data to access protected data on the target device, while also assuring that the target device's owner can determine when the secure data was retrieved.

A method for determining a behavior of a smart card, which may be implemented by a server. The method includes operations for obtaining a first reference time data corresponding to a time for setting a smart card clock, and a second reference time data corresponding to a time for reading a first time data from the clock, determining a time drift associated with the smart card based on the first reference time data and on the second reference time data, and determining a behavior of the smart card from the time drift.

Provided is a method for remotely uploading certified software from a source to a data update module on an asset via a wireless communications link. The method includes encrypting the communications link between the source and the data update module to form a secure tunnel and verifying credentials of the source via the data update module when a software update file is transmitted. A load assurance check is performed on a portion of the transmitted update file to confirm integrity of the transmitted file when the credentials of the source are verified. The uploading of the certified software is immediately activated when the file integrity is verified, the activating occurring automatically and being devoid of human intervention.

A clock determination apparatus includes a signal wire and a clock determiner. A clock signal is input to the signal wire. A period made up of cycles corresponding to a predetermined number of cycles of the clock signal is referred to as a unit period. The clock determiner includes circuitry configured to perform determination processing whether the clock signal is a random clock signal including a cycle changing substantially irregularly as time proceeds or a regular clock signal including substantially a constant cycle based on a comparison between waveforms of the clock signals in a plurality of unit periods.

Techniques are disclosed for obtaining data using memory timing characteristics. In some embodiments, a physical unclonable function is used to obtain the data. In various embodiments, a computer system programs a timing parameter of a memory accessible by the computer system to a value that is outside of a specified operable range for the timing parameter. In various embodiments, the computer system performs one or more memory operations to a least a portion of the memory and detects a pattern of errors in the portion of the memory. In some embodiments, the computer system generates a response dependent on the pattern of errors. The response may be used to identify the computer system.

The present invention relates to a method to create, by a service provider, a trusted pool of security devices adapted to perform cryptographic operations in a secure service, comprising the steps of: for a service provider, setting up a secure service by allocating a first device in the service, setting the first security device's clock to a reliable time source, creating an internal secure-service-object defining at least a service clock-instance and service-specific cryptographic keys and certificates used to protect communication between a resource owner's security application and a security device part of the secure service, said secure-service-object being maintained by the security device internally preventing any service provider from arbitrarily changing it, when additional security devices are required, for the service provider, adding additional security devices to the service through ensuring the two security devices' clocks are synchronized by setting the target security device's clock to an accurate time value and defining, in the secure-service-object, a max-delta-time and a max-daily-correction per day values limiting the drift between two devices of the pool.

A memory system in an integrated circuit and a method of operation. The system includes multiple magnetic tunnel junction (MTJ) structures, each MTJ structure storing a logic value according to a resistive state. A selection switch device associated with a respective MTJ structure is activated to select one of the multiple MTJ structures at a time. An output circuit is configured to sense the resistive state of a selected MTJ structure, the output circuit having a selectable input reference resistance value according to a selected first reference resistance or a second reference resistance value, and outputting a first logic value of the selected MTJ structure responsive to a resistive state of the MTJ structure and a selected first resistance reference value, or alternately outputting a second logic value of the selected MTJ structure responsive to the resistive state of the MTJ structure and a selected second resistance reference value.