An electronic control device includes a tamper storage unit that stores a secure boot key and a control key, and has tamper resistance, a processor that is able to execute a program, a verification unit that verifies a program by using the secure boot key, performs secure boot causing the processor to execute the program based on a result of the verification, and has tamper resistance, a calculation unit that performs calculation related to encryption using the control key, and has tamper resistance, and a general storage unit that stores a first program that implements a delegated verification unit to which authority of the secure boot is delegated from the verification unit and a second program that implements a control unit that uses the calculation unit, and does not have tamper resistance. The verification unit delegates the authority of the secure boot to the delegated verification unit to end the execution of the secure boot when the verification for the first program and the second program is successful and the processor is caused to execute the first program and the second program, the calculation unit starts an operation when the verification unit ends the execution of the secure boot, and the delegated verification unit is able to simultaneously execute processing with the calculation unit.

Embodiments relate to providing security of scan mode access and data in an integrated circuit. In embodiments, one or both of two layers of security are provided. A first layer includes requiring a complex initialization sequence to be performed in order to access scan mode. A second layer includes scrambling the scan data before it is output from the circuit under test, which prevents unauthorized persons from extracting useful information from the output scan data. Further embodiments relate to methodologies for utilizing these protection layers after manufacture of the integrated circuit and incorporating these protection layers in an integrated circuit design flow.

A data storage system includes an information processing device for transmitting data and a backup server for storing the date transmitted from the information processing device. The data storage system encrypts the data using an encryption key when the data storage system transmits the data from the information processing device to the backup server. The backup server decrypts the received encryption data using the encryption key, and stores the decryption data. The encryption key is stored in a storage area whose access is restricted.

A processing system includes a memory and a cryptographic accelerator module operatively coupled to the memory, the cryptographic accelerator module employed to implement a byte substitute operation by performing: a first mapped affine transformation of an input bit sequence to produce a first intermediate bit sequence, an inverse transformation of the first intermediate bit sequence to produce a second intermediate bit sequence, and a second mapped affine transformation of the second intermediate bit sequence to produce an output bit sequence.

A processing system includes a memory and a cryptographic accelerator module operatively coupled to the memory, the cryptographic accelerator module employed to implement a byte substitute operation by performing: a first mapped affine transformation of an input bit sequence to produce a first intermediate bit sequence, an inverse transformation of the first intermediate bit sequence to produce a second intermediate bit sequence, and a second mapped affine transformation of the second intermediate bit sequence to produce an output bit sequence.

Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

The present invention relates to a security device which performs processes such as authentication or cryptography, for example a security device for securely holding a key used in a cryptographic process, and a security method therefore.

The security device includes: an identifier generation unit to generate an identifier specific to the security device by using a PUF; a PUF key generation unit to generate a PUF key specific to the security device by using the identifier; a reception unit to receive a registration command in which the registration key and a signature generated for the registration key by using a secret key corresponding to the public key are contained; a signature verification unit to verify, using the public key, validity of the signature contained in the registration command received by the reception unit and output the verification result indicating either failure or success in the verification; and a command execution unit to reject execution of the registration command in a case where the verification result outputted from the signature verification unit is failure, and to encrypt the registration key of the registration command with the PUF key and then store the encrypted registration key in the registration key storage unit in a case where the verification result is success.