Detection and prevention of resource drain from unauthorized wireless device connections is provided. Responsive to receiving of a connection request from a connecting device, a pre-authentication message is sent to the connecting device, the pre-authentication message including a challenge value. A vehicle hash result is computed using a hash function taking the challenge value and the unique identifier of the vehicle as inputs. A device hash result is received from the connecting device. Responsive to a match of the vehicle hash result and the device hash result, additional hardware of the vehicle is activated to perform a secondary authentication of the connecting device. Responsive to a mismatch, authentication of the connecting device is rejected without activation of the additional hardware, thereby avoiding key-off load from the additional hardware in instances where pre-authentication of the connecting device fails.

A semiconductor structure serves to generate a physical unclonable function (PUF) code. The semiconductor structure includes a metal layer, N Titanium (Ti) structures, and N Titanium Nitride (Ti-N) structures, where N is a positive integer. The metal layer forms N metal structures. The Ti structures are respectively formed on one end of each metal structure. The Ti-N structures are respectively formed on top of the Ti structures. The metal structures and the corresponding Ti structures and the corresponding Ti-N structures respectively form a plurality of pillars. The pillars respectively provide a plurality of resistance values, and the resistance values serve to generate the PUF code.

In a general aspect, a GHASH semiconductor intellectual property (IP) core can include circuitry for calculating a GHASH function. The IP core can be configured to calculate the GHASH function by calculating the following quantities:

[00001]$X_0=0;$

[00002]$X_{i+1}=H^k{X}_i+{\displaystyle {.Math.}_{j=0}^{k-1}{\displaystyle {.Math.}_{n=0}^{m-1}{C}_{ki+j}{h}_{ijn},\text{where for any}i\text{and}j;\text{and}}}$

[00003]${\displaystyle {.Math.}_{n=0}^{m-1}{h}_{ijn}=H^j,\text{where}k>1\text{and}m>1.}$

A hardware security accelerator includes a configurable parser that is configured to receive a packet and to extract from the packet headers associated with a set of protocols. The security accelerator also includes a packet type detection unit to determine a type of the packet in response to the set of protocols and to generate a packet type identifier indicative of the type of the packet. A configurable security unit includes a configuration unit and a configurable security engine. The configuration unit configures the configurable security engine according to the type of the packet and to content of at least one of the headers extracted from the packet. The configurable security engine performs security processing of the packet to provide at least one security result.

An approach is provided for distributing a root key to a hardware security module (HSM) of an HSM cluster. A signed first command is transmitted to a source HSM to create a master key. A fingerprint of the master key is received in a response signed by the source HSM using a module signing key hardcoded into the source HSM at manufacturing time. A second command is transmitted to a first HSM to generate an importer key pair. A request is transmitted to the source HSM to create and export a wrapped master key. The master key wrapped with a transport key is received. The wrapped master key is transmitted to the first HSM. The master key is activated in the first HSM.

An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

The present disclosure provides a digital fingerprint generator and a digital fingerprint generation method. The digital fingerprint generator comprises: a control circuit, generating a control word; a first pulse generation circuit, connected to the control circuit, and outputting a first pulse signal in response to the control word; a second pulse generation circuit, connected to the control circuit and having the same structure as the first pulse generation circuit, and outputting a second pulse signal in response to the control word; the first pulse signal and the second pulse signal respectively comprising a first frequency signal and a second frequency signal, and a probabilities of occurrence of the first frequency signal and the second frequency signal being controlled by the control word; and an output circuit, respectively connected to the first pulse generation circuit and the second pulse generation circuit, and outputting a digital fingerprint on the basis of the first pulse signal and the second pulse signal according to a preset first rule.

A method for securing an off-the-shelf smartphone, a secure communication system, and a security insert is provided. The method comprises removing the battery from the off-the-shelf smartphone and inserting the security insert to the battery compartment. The security insert comprises cryptographic module. The method further comprises modifying off-the-shelf smartphone and providing a power and data connection between the security insert and the smartphone. The secure communication system wirelessly transmits outgoing cellular encrypted black data, which is encrypted by the cryptographic module, from the modified off-the-shelf smartphone to a cellular network, and decrypts, by the cryptographic module, incoming cellular black data receives from the cellular network to the modified off-the-shelf smartphone. The security insert enclosure configured to be deployed in a battery compartment.

The present disclosure presents various systems and methods for implementing a physical unclonable function device. One such method comprises providing an integrated circuit having a plurality of set/reset flip flop logic circuits, wherein each of the set/reset flip flop logic circuits enters a metastable state for a particular input sequence. The method includes varying circuit parameters for each of the plurality of set/reset flip flop logic circuits to account for manufacturing variations in the set/reset flip flop logic circuits and enable generating a stable but random output in response to the particular input sequence. Thus, by applying the particular input sequence to the integrated circuit, a unique identifier for the integrated circuit can be derived from an output response of the plurality of set/reset flip flop logic circuits.

A method for cryptographic processing includes: storing an initial value as the current value; implementing a predetermined number of first steps, including one involving obtaining second data by applying a first cryptographic algorithm to first data, the others each involving the application of the first cryptographic algorithm to the current value and the storage of the result as the new current value; implementation of the predetermined number of second steps, including one involving the obtaining of fourth data by applying, to third data, a second cryptographic algorithm that is the inverse of the first cryptographic algorithm, the others each involving the application of the second cryptographic algorithm to the current value and the storage of the result as the new current value; and verification of the equality of the first data and the fourth data, and of the equality of the current value and the initial value.