Provided is a method for masking a sensitive signal by injecting noise into planes of a printed circuit board (PCB). The method comprises detecting, by a secondary integrated circuit (IC), a noise signal on a shared plane of a PCB that includes the secondary IC. The noise signal may be analyzed to determine the characteristics of the noise signal. A masking signal may be generated based on the characteristics. The masking signal may then be injected onto the shared plane.

A sender and a receiver includes first and second arrays of coupled oscillators, respectively, that are substantially identically constructed so as to exhibit substantially the same dynamical response to excitation. A chaotic waveform generated at the sender is transmitted to the receiver, which generates a second chaotic waveform, and compares the received waveform with the generated second waveform. If the first and second waveforms match the sender is an authorized sender. An integrated circuit includes an array of coupled oscillators that in combination generate a waveform in response to at least one excitation signal. The array of coupled oscillators represents, in response to application of the excitation signals, a multi-dimensional security key that is shared between the sender of the waveform and the receiver of the waveform.

An electronic chip and a method of making thereof is provided, where the electronic chip includes at least: an electronic circuit arranged at a front face of a substrate; a first protective layer arranged on a rear face of the substrate; a resistive element arranged on the first protective layer and facing at least one part of the electronic circuit, mechanically supported by the first protective layer and connected electrically and/or in an inductive manner to the electronic circuit; a second protective layer covering at least the resistive element; and in which the first protective layer comprises at least one dielectric material having a resistance to chemical etching by at least one chemical etching agent less than or equal to that of a dielectric material of the second protective layer.

A client device is fabricated using a semiconductor fabrication process. One or more uncontrollable random physical processes in the semiconductor fabrication process can cause small differences between the client device and other client devices. When the client device is presented with a challenge from a server device, the client device generates a random response that depends on its physical properties. The server device stores this random response as a part of a virtual PUF circuitry storage device having other random responses from the other client devices. The server device uses the random response of the client device stored in the virtual PUF circuitry storage device for one or more encryption algorithms to encrypt information to be provided to the client device.

An assigning device (100) for assigning fixed identifiers to fuzzy identifiers, the assigning device comprising a database storing multiple fuzzy identifiers, and a matching unit (130) arranged to determine if a matching fuzzy identifier exists in the database that matches a fuzzy input identifier according to a matching criterion and to determine if a matching fuzzy identifier does not exist in the database according to an absent criterion.

An authentication system is provided for authenticating users in accordance with an encryption/decryption algorithm using first and second separately unique encryption keys that are time variable and are uniquely associated with each user, having a first user controlled computing device under the control of the user for generating said first encryption key using an encryption key generating algorithm. The first user controlled computing device includes a key transmitter for transmitting wirelessly within the immediate vicinity of the user the first encryption key, a second user controlled computing device, operating as a coordinating device under the control of the user, for generating the second encryption key using the encryption key generating algorithm. The second user controlled computing device includes a key receiver for receiving the first encryption key.

An anti-tamper assembly is disclosed for a circuit board which comprises one or more electronic components. The assembly comprises a container having side walls, a first closed end and a second, opposing open end, the container being configured to be mounted on said circuit board at said open end, over at least one of the electronic components to form, in use, a sealed cavity around said at least one of said electronic components. The assembly further comprises a source of radioactive particles mounted within the container, an image sensor for capturing image frames within said sealed cavity, in use. The image sensor comprises a detector region defining an array of pixels, a screen member located, in use, within the cavity between the radioactive source and the detector, said screen member having at least one aperture, and a processor for retrieving said captured image frames, monitoring said image frames for changes in the statistical distribution of active pixels and, in the event that statistical distribution of active pixels indicates the presence of a feature in an image frame, generating a tamper alert.

Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack. In several such embodiments, a second ISA instruction implemented by microcode may enable untrusted software to verify the validity of the wrapped blobs and program registers associated with the platform resource with policy information provided via the wrapped blobs.

A method for sharing secret data between multiple containers. In response to the initial booting of an operating system instance in a container, a unique operating system identifier is generated for the operating system instance. A grant authority stores the unique operating system identifier in a reserved area of a secure storage device. In response to a request from the operating system instance to access secret data in the secure storage device, the grant authority determines whether the unique operating system identifier is stored in the secure storage device. The operating system instance may be granted access to secret data in the non-reserved area of the secure storage device.

A distributed technique for implementing a cryptographic process performs operations in parallel on both valid and irrelevant data to prevent differentiation of the operations based on an encryption key content. A control entity switches or points valid data to appropriate CPU(s) that are responsible for operations such as squaring or multiplying. Irrelevant data is also switched or pointed to appropriate CPU(s) that execute operations in parallel with the CPU(s) operating on the valid data. The distributed technique contributes to obscuring side channel analysis phenomena from observation, such that cryptographic operations cannot easily be tied to the content of the encryption key.