A microelectronic assembly is provided, comprising: a first plurality of integrated circuit (IC) dies in a first level, each one of the first plurality of IC dies having respective first physical unclonable function (PUF) circuits; a second IC die having a second PUF circuit and a security circuit; a second plurality of IC dies in a second level, the second level not coplanar with the first level, the first level and the second level being coupled with interconnects having a pitch of less than 10 micrometers between adjacent ones of the interconnects; and conductive pathways between the first plurality of IC dies and the second IC die for communication between the first PUF circuits and the second PUF circuit, the conductive pathways comprising a portion of the interconnects.

An algorithm execution method includes carrying out a first execution of the algorithm by a processing unit, sending at least one first result, which is to be written into a memory, to a memory management circuit, and storing said first result into a first area of the volatile memory. The method also includes carrying out a second execution of the algorithm by the processing unit, sending at least one second result, which is to be written into the memory, to the memory management circuit, and applying, by means of the memory management circuit, a different processing for the at least one second result in the second execution than was applied for the at least one first results in the first execution.

An electronic circuit includes an operator including logic gates configured to perform either one or both of encryption and decryption operations. The electronic circuit further includes a controller configured to control the operator to operate in a first mode in which each of the logic gates outputs a first logic value during a first time period of a clock signal, and operate in a second mode in which a number of first logic gates, each of which outputs the first logic value, among the logic gates, and a number of second logic gates, each of which outputs a second logic value, among the logic gates, are maintained constant during a second time period of the clock signal, in response to a control value indicating that either one or both of the encryption and decryption operations are performed.

A physically unclonable function circuit (PUF) is used to generate a fingerprint value based on the uniqueness of the physical characteristics (e.g., resistance, capacitance, connectivity, etc.) of a tamper prevention (i.e., shielding) structure that includes through-silicon vias and metallization on the backside of the integrated circuit. The physical characteristics depend on random physical factors introduced during manufacturing. This causes the chip-to-chip variations in these physical characteristics to be unpredictable and uncontrollable which makes more difficult to duplicate, clone, or modify the structure without changing the fingerprint value. By including the through-silicon vias and metallization on the backside of the integrated circuit as part of the PUF, the backside of the chip can be protected from modifications that can be used to help learn the secure cryptographic keys and/or circumvent the secure cryptographic (or other) circuitry.

Disclosed are an apparatus and method for public key encryption using a white-box cipher algorithm. An apparatus for public key encryption using a white-box cipher algorithm includes a key table generator configured to generate at least one key table from a cipher key, a hidden-key table generator configured to convert the at least one key table into at least one hidden-key table, and an encryption algorithm generator configured to generate a white-box implemented encryption algorithm by using the at least one hidden-key table and an inverse operation of the conversion and provide the generated encryption algorithm as a public key for encryption.

An authentication apparatus includes: a combination information generator that generates first combination information indicating a combination of physical characteristics of at least two of first elements included in a first semiconductor device; a group identification information generator that generates first group identification information based on the combination of the physical characteristics of the at least two of the first elements, the first group identification information being for identifying the first semiconductor device as belonging to a same group as another semiconductor device manufactured in a same process; a transmitter that transmits the first combination information to an authentication partner; a receiver that receives second group identification information that the authentication partner generates in accordance with the first combination information; and an information verifier that compares the first group identification information with the second group identification information.

A method is provided for securely accessing code in an external memory. In the method, plaintext code may be stored in internal memory as sets of multiple blocks, each of the multiple blocks having N-bits. The code is encrypted and stored in the external memory. A block cipher having an authenticated encryption mode is used to convert the plaintext code to ciphertext code plus an authentication tag corresponding to each set of the multiple blocks. The external memory is formatted to store the ciphertext and the authentication tag. A translated address for the ciphertext is created from a plaintext address. During a read operation, the generated authentication tag is checked with an expected authentication tag. If the check is successful, the ciphertext code is decrypted and provided to a CPU for execution as plaintext code. In one embodiment, the CPU executes the plaintext code “in place” in the external memory.

A system, method and apparatus that uses a quantum event-based, binary data generation apparatus operating in combination with a single-party or two-party, symmetric and/or asymmetric key storage system to create both random numbers and encryption keys to be used for purposes of encryption and decryption of a user's or organization's file data.

Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.

An assigning device (100) for assigning fixed identifiers to fuzzy identifiers, the assigning device comprising a database storing multiple fuzzy identifiers, and a matching unit (130) arranged to determine if a matching fuzzy identifier exists in the database that matches a fuzzy input identifier according to a matching criterion and to determine if a matching fuzzy identifier does not exist in the database according to an absent criterion.