Computing devices, methods, and systems for corrections to the “almost” binary extended GCD in a cryptographic operation of a cryptographic process are disclosed. Exemplary implementations may: receive, from a cryptographic process, a command to compute a binary extended greatest common denominator of a first input value and a second input value for a cryptographic operation; compute, by a binary extended GCD algorithm, the binary extended GCD using a multiplication with an inverse of two, instead of a division by two, to obtain a first output value; compute, by the binary extended GCD algorithm, a second output value and a third output value; and return, to the cryptographic process, the first output value, the second output value, and the third output value.

A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

System and method to protect the privacy of ADS-B messages transmitted by aircraft. The system includes one or more ground stations with a ground station control unit and a ground ADS-B transponder for receiving an ADS-B message. The ground station control unit includes an aircraft position determination module for retrieving an aircraft position included in the ADS-B message; an operating conditions module for determining the fulfillment of operating conditions including determining if the aircraft position is an actual aircraft position; and a fake aircraft position generator for computing one or more fake aircraft positions. The ground station control unit broadcasts one or more fake ADS-B messages including the fake aircraft positions if the operating conditions are met. With this system only trusted receivers can obtain the real position of the aircraft.

The disclosed embodiments generate a plurality of anomaly detector configurations and compare results generated by these anomaly detectors to a reference result set. The reference result set is generated by a trained model. A correlation between each result generated by the anomaly detectors and the result set is compared to select an anomaly detector configuration that provides results most similar to those of the trained model. In some embodiments, data defining the selected configuration is then communicated to a product installation. The product installation instantiates the defined anomaly detector and analyzes local events using the instantiated detector. In some other embodiments, the defined anomaly detector is instantiated by the same system that selects the anomaly detector, and thus in these embodiments, the anomaly detector configuration is not transmitted from one system to another.

A method and apparatus for securely generating an output is disclosed. In one embodiment, the method comprises generating a white-box implementation having unlocked white-box look up table (LUTs) for node-encoded secrets, the node-encoded secrets to be encoded for operation solely on a node of a network and globally encoded white-box LUTs for globally-encoded secrets to be encoded for operation on the node and at least another node; generating, from the white box implementation, a soft-locked white-box implementation having a plurality of node-specific locked white-box LUTs and modified globally encoded LUTs. The method further comprises receiving a global secret encoded according to the base file; generating the node-encoded secrets by applying node-specific locking transformations to the global secret; and generating, by the node, the output according to at least one of the globally-encoded secrets or the node-encoded secrets.

Embodiments of the present invention are directed to an improved system and method of producing, recording and reporting boot integrity measurements of an Internet of Things (“IoT”) computing device to resource (such as an on-chip software module, an external software module, a printer, a network router, or a server), so the resource can confirm that the IoT computing device can be trusted before access to the resource is granted. Embodiments provide a new and less expensive architecture for reliably collecting and relaying device state information to support trust-sensitive applications. Embodiments leverage crypto-acceleration modules found on many existing microprocessors and microcontroller-based IoT devices, while introducing little additional overhead or additional circuitry. Embodiments provide a Root of Trust module comprising integrated internal control logic that functions as a secure on-chip wrapper for cryptographic primitive modules, which provide secure storage and reporting of the host's platform integrity measurements.

An electronic calculating device (100) arranged to perform obfuscated arithmetic in a commutative ring (Z.sub.M; Z.sub.n[x]/M(x)) defined by a combined modulus (M; M(x)) in a residue number system, the residue number system being defined for a series of moduli (m.sub.1, m.sub.2, . . . , m.sub.N), each modulus defining a commutative ring (Z.sub.M1; Z.sub.n[x]/m.sub.1(x)), for each modulus (m.sub.i) of the series there exists an associated base element (u.sub.i) satisfying the condition that each ring element (x.sub.j) modulo the modulus (m.sub.j) may be expressed as an integer-list ((a.sub.j, b.sub.j)) such that the ring elements equal a linear combination of powers of the base element (xj=u.sub.i.sup.aj−u.sub.i.sup.bj), wherein the powers have exponents determined by the integer-list.

The invention relates to a method of authentication of a contactless communication circuit, PICC, by a contactless communication terminal, PCD. Within the PICC, a first number is generated by encryption of a second random number, and the first number is sent to the PCD. Within the PCD, a third number is generated by decryption of the first number. Also within the PCD, a fourth number is determined and encrypted to generate a fifth number. The fifth number has first and second portions. Back within the PICC, a sixth number is determined, which is used in the determination of a seventh number. The seventh number is determined by encryption by a cipher block chaining operating mode of the sixth number with an initialization vector equal to the first portion. If the seventh number is different from the second portion, the authentication is interrupted.

A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.

A cracking method for cracking a secret key of an encrypting device includes: building up a leakage model for the encrypting device; performing a mathematical calculation on the leakage model, according to a plurality of sets of input data, to generate a mathematical model; generating a plurality of sets of hypothesized keys; generating a plurality of sets of simulation data corresponding to the hypothesized keys using the mathematical model; providing the input data for the encrypting device and detecting a plurality of sets of leakage data generated by the encrypting device; performing the mathematical calculation on the leakage data to generate calculated data; determining a correlation between each of the simulation data and the calculated data; and determining one of the hypothesized keys to be consistent with the secret key according to the correlation.