A communication system has a first and a second communicating device operable to send and receive data units through a communication channel. Some of the data are encrypted using a security key. The first device comprises a first key generator generating a first embodiment of the key independently of a second embodiment of the key generated by a second generator of the second device, the second embodiment being generated independently of the first, which depends on parameter(s) characterizing a first transmission quality of the channel when receiving a first set of unencrypted data sent by the second device. The second embodiment depends on parameter(s) characterizing a second transmission quality of the channel when receiving a second set of unencrypted data sent by the first device, the first set being different from the second set.

A data processing device comprises a protection key unit, a dummy key unit, and a control unit. The protection key unit provides a protection key. The dummy key unit provides a dummy key. The dummy key unit has a set of two or more allowed dummy key values associated with it and is configurable by a user or a host device to set the dummy key to any value selected from said set of allowed dummy key values. The control unit is connected to the dummy key unit and to the protection key unit and arranged to set the protection key to the value of the dummy key in response to a tamper detection signal (fatal_sec_vio) indicating a tamper event. The value of the dummy key may notably be different from zero. A method of protecting a data processing device against tampering is also described.

The present disclosure is directed to a system and method for applying unique routing rules to encrypted data packets being transmitted via a tunneling protocol. Because encrypted data packets are unintelligible at intermediary points along a secured link or “tunnel,” a multi-path router located between the tunnel endpoints is typically unable to apply unique routing rules. To enable unique routing, the disclosed method relies on a unique identifier that is associated with the secured link established between an initiator and a receiver (i.e., the tunnel endpoints). The unique identifier is transmitted with one or more encrypted data packets and is used at intermediary points to differentiate the encrypted data packets so that unique routing rules can be applied.

Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.

A method for providing an update of code on a memory-constrained device includes a) determining a minimum necessary compressed code space (MNCCS) of the update of code, b) dividing the update of code into a plurality of chunks, c) applying an All-Or-Nothing Encryption scheme (AONE) on each chunk, d) providing integrity information of least one intermediate ciphertext block of each AONE encrypted chunk, e) verifying integrity of the one or more intermediate ciphertext blocks based on the provided integrity information, f) providing the encryption key of the AONE for decryption of the update of code if integrity was verified, and g) decrypting the intermediate ciphertext blocks using the provided encryption key and updating the code.

A system and method for securing a resource includes a combination code generator configured to receive a first input sequence and a first panel context and generate a first computed combination code. A second computed combination code is generated from a received second input sequence and a second panel context. A set panels module receives the first computed combination code and the first panel context and re-orders the panels of the first panel context to set the second panel context. a hash key generator converts the received second panel context and the second combination code into a first hash key.

A method of executing a program operating on data encrypted by a homomorphic encryption. Execution of a program instruction includes the homomorphic evaluation of an associated function in the ciphertext space, homomorphic masking of the result of the evaluation with a previously encrypted random sequence decryption of the evaluation result thus masked followed by a new encryption and then homomorphic unmasking in the ciphertext space. The result of execution of the instruction does not appear in plain text at any time during execution of the instruction.

In a general aspect, a method for executing a target operation combining a first input data with a second input data, and providing an output data can include generating at least two pairs of input words each comprising a first input word and a second input word and applying to each pair of input words a same derived operation providing an output word including a part of the output data resulting from the application of the target operation to first and second input data parts present in the pair of input words, and a binary one's complement of the output data part.

According to an embodiment of the present disclosure, a device and a method are provided. The device includes one or more resistive random access memory (ReRAM) elements. The device further includes a random number generator configured to generate a random number in dependence on impedance values of the one or more ReRAM elements.

Methods, systems, and apparatuses for defending against cryptographic attacks using clock period randomization. The methods, systems, and apparatuses are designed to make side channel attacks and fault injection attacks more difficult by using a clock with a variable period during a cryptographic operation. In an example embodiment, a clock period randomizer includes a fixed delay generator and a variable delay generator, wherein a variable delay generated by the variable delay generator is based on a random or pseudorandom value that is changed occasionally or periodically. The methods, systems, and apparatuses are useful in hardware security applications where fault injection and/or side channel attacks are of concern.