A physically unclonable function (PUF) device includes a hybrid Boolean network module of a ring of N number of Boolean nodes connected end to end and a sampling module, wherein the hybrid Boolean network module comprises N number of xor logic gates and corresponding N number of multiplexers, wherein a function change module is disposed between an output end of a first xor logic gate of the N number of xor logic gates and an input end of a first multiplexer of the N number of multiplexers, wherein each Boolean node is provided with four input ends and three output ends, the four input ends respectively connected to an output end of each of two juxtaposing Boolean nodes, an initial excitation signal and a control delay signal, the three output ends respectively output to an input of each of two juxtaposing Boolean nodes, and the sampling module.

Cryptographic communication systems and methods can utilize a base interface and a channel interface. Plug-ins can be utilized to provide cryptographic functions configured for either a first customer or a second customer. The first customer can be a United States domestic customer and the second customer can be an international customer.

An electronic cryptographic device (100) comprising a physically unclonable function (PUF) (110) and an enrollment unit (142) arranged to generate a first PUF data during the enrollment phase, the first PUF data being derived from a first noisy bit string of the PUF, the first PUF data uniquely identifying the physically unclonable function, the first PUF data comprising a first helper data. The first PUF data is transmitted to an electronic server during an enrollment phase. The device comprises a use-phase unit (144) arranged to generate a second PUF data derived from a second noisy bit string during a use phase. The first helper data is received from the server in response to transmitting the second PUF data. An error corrector (160) is arranged to apply the first helper data to the second noisy bit string.

A system for securing an electronic circuit including: plural regions, activity of each of which may be controlled; plural sensors integrated into the electronic circuit, each sensor being sensitive to variations in manufacturing process and to provide a measurement representative of a local activity of the electronic circuit; a processing unit including an integrity verification module configured to: determine, based on the measurements provided by the sensors, and for each of the regions, a partition of the sensors between sensors affected and sensors not affected by an activation of the region; compare each of the partitions with a model partition to detect possible presence of a hardware Trojan horse liable to infect the electronic circuit. The system can carry out an authentication of the electronic circuit by its intrinsic physical characteristics by response to a challenge or by generation of a key.

A method, apparatus, article of manufacture, and a memory structure for securely providing data for use by a hardware device of a receiver. The method utilizes a product provisioning key (PPV) held secure from other entities that can be unlocked and used with a secret value securely and unchangeably stored in the hardware device.

A microprocessor conditionally grants a request to switch from a normal execution mode in which encrypted instructions cannot be executed, into a secure execution mode (SEM). Thereafter, the microprocessor executes a plurality of instructions, including a store-key instruction to write a set of one or more cryptographic key values into a secure memory of the microprocessor. After fetching an encrypted program from an instruction cache, the microprocessor decrypts the encrypted program into plaintext instructions using decryption logic within the microprocessor's instruction-processing pipeline.

Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.

Some embodiments relate to an electronic cryptographic device (100) arranged to determine a cryptographic key. The cryptographic device is arranged for an enrollment phase and a later reconstruction phase. The cryptographic device comprising a physically unclonable function (PUF) (110) and a processor circuit. The circuit being configured to determine during the enrollment phase debiasing data (142), first noise reduction data (131) and first noise reduction data. The circuit being configured to during the reconstruction phase compute at least one cryptographic key from first corrected bits and second corrected bits.

The disclosed technology is generally directed to the authentication of software. In one example of the technology, a private attestation key is stored in hardware. In some examples, during a sequential boot process a hash is calculated, in an order in which the software stages are sequentially booted, of each software stage of a plurality of software stages. The hashes of each software stage of the plurality may be cryptographically appended to an accumulation register. The accumulation register may be used to attest to validity of the software stages. The plurality of software stages may include a first bootloader, a runtime for a first core of a multi-core processor, and a runtime for a first execution environment for a second core of the multi-core processor.

A cryptographic circuit performs a substitution operation of a cryptographic algorithm based on a scrambled substitution table. For each set of one or more substitution operations of the cryptographic algorithm, the circuit performs a series of sets of one or more substitution operations of which: one is a real set of one or more substitution operations defined by the cryptographic algorithm, the real set of one or more substitution operations being based on input data modified by a real scrambling key; and one or more others are dummy sets of one or more substitution operations, each dummy set of one or more dummy substitution operations being based on input data modified by a different false scrambling key.