Apparatus, method and article of manufacture providing a randomized encoding scheme for sequential logics, for resistance to data leakage. Invention employs dual-rail encoding to randomize the information in the chip, and employs three-dimensional integration technology to protect the critical information that is needed to decode the data anywhere on-chip. With the present invention, even when the entire design is completely known to the attacker who also has full access to the outsourced portion, it is still not always possible to identify the information in the chip using data leakage Trojans.

An apparatus and method for performing operation being secure against side channel attack are provided. The apparatus and method generate values equal to values obtained through an exponentiation operation or a scalar multiplication operation of a point using values extracted from previously generated parameter candidate value sets and an operation secure against side-channel attack, thereby improving security against side-channel attack without degrading performance.

The invention discloses a method of authenticating data stored in an integrated circuit. The method includes storing randomized data in the integrated circuit such that the randomized data occupies each address space of the memory circuit that is not occupied by the stored data. The method also includes generating a first digital signature using the integrated circuit in response to authenticating a concatenation of the stored data and the first copy of randomized data. The method further includes generating a second digital signature in response to authenticating concatenation of a manufacturer-provided copy of the stored data and the second copy of randomized data using a computer-implemented authentication application and authenticating the data stored in the integrated circuit according to whether the first signature matches the second signature.

Apparatus and method for defending against a side-channel information attack such as a differential power analysis (DPA) attack. In some embodiments, a cryptographic hardware pipeline circuit performs a selected cryptographic function upon a selected set of data over a processing time interval. The pipeline circuit has a sequence of stages connected in series. The stages are enabled responsive to application of an asserted enable signal. An enable interrupt circuit is configured to periodically interrupt the selected cryptographic function to provide a plurality of processing intervals interspersed with the interrupt intervals. At least a selected one of the processing intervals or the interrupt intervals have random durations selected responsive to a series of random numbers.

Apparatus and method for enacting data security in a data storage device, such as by protecting against a differential power analysis (DPA) attack. In some embodiments, a dithered clock signal is generated having a succession of clock pulse segments. Each of the clock pulse segments has a different respective frequency selected in response to a first random number and a different overall duration selected in response to a second random number. The different segment frequencies are selected by supplying the first random number to a lookup table, and the different segment durations are obtained by initializing a timer circuit using the second random number. The dithered clock signal is used to clock a programmable processor during execution of a cryptographic function.

In general, in one aspect, noise is injected into a bitmap associated with content to be presented on a display to create a noisy bitmap. The noisy bitmap is encrypted using electronic code book (ECB) encryption. The resulting ciphertext does not include recognizable patterns from the content as is typical with ECB encryption. The injection of noise may include modifying pixel values for at least a subset of pixels in the bitmap. The pixel values may be modified by using a counter, a known modification pattern, or a random number generator. The bitmap may be analyzed to determine how the bitmap can be modified to maximize the randomness of the bitmap while ensuring that the noisy bitmap is visually perceptually similar when presented. The noise may be injected into a block of pixels prior to the block being encrypted.

A cryptographic device and a secret key protection method are provided. The cryptographic device protects a secret key of the cryptographic device when processing a message. The cryptographic device includes: a secret key protection circuit, configured to generate an anti-crack protection signal according to the message and the secret key by a hash calculation circuit; and a cryptographic processor, configured to process the message and the secret key according to the anti-crack protection signal to generate an encrypted message.

A key based technique that targets obfuscation of critical circuit parameters of an analog circuit block by masking physical characteristics of a transistor (width and length) and the circuit parameters reliant upon these physical characteristics (i.e. circuit biasing conditions, phase noise profile, bandwidth, gain, noise figure, operating frequency, etc.). The proposed key based obfuscation technique targets the physical dimensions of the transistors used to set the optimal biasing conditions. The widths and/or lengths of a transistor are obfuscated and, based on an applied key sequence, provides a range of potential biasing points. Only when the correct key sequence is applied and certain transistor(s) are active, are the correct biasing conditions at the target node set.

Embodiments of the invention are directed to a computer-implemented method, computer system, and computer program product for authenticating a user. The method includes receiving a userID. The method further includes retrieving a password entry pattern associated with the userID. Each password in the set of password entries is compared to the pre-established password entry pattern.

Briefly stated, the disclosed technology is generally directed to integrated circuit (IC) technology for an IoT processor. In one example, multiple components may be tightly or otherwise integrated onto a single die, e.g., a single monolithic integrated circuit. In one basic example, the components may include a security processing unit and a radio. The components may also include one or more microprocessors (e.g., a processor capable of executing a high-level operating system), microcontrollers, secure memories, encryption components, peripheral interfaces, and/or the like. The security processing unit and/or the configuration of the components may enable, facilitate, or otherwise provide for security features such as tamper resistance, data security, and/or the like.