Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.

A microprocessor and method are provided for securely decrypting and executing encrypted instructions within a microprocessor. A plurality of master keys are stored in a secure memory. Encrypted instructions are fetched from an instruction cache. A set of one or more master keys are selected from the secure memory based upon an encrypted instruction fetch address. The selected set of master keys or a decryption key derived therefrom is used to decrypt the encrypted instructions fetched from the instruction cache. The decrypted instructions are then securely executed within the microprocessor. In one implementation, the master keys are intervolved with each other to produce a new decryption key with every fetch quantum. Moreover, a new set of master keys is selected with every new block of instructions.

Antialiasing for picture passwords and other touch displays is disclosed. In some embodiments a client device for authenticating a user is operable to obtain a sequence of input actions for an image and obtain a partial hash from a Proof of Knowledge (PoK) server where the partial hash is part of a hash used for authentication of the user. The client device is also operable to calculate a hash for the sequence and determine if a part of the hash matches the partial hash. If the part of the hash matches the partial hash, the client device sends a communication to the PoK server to authenticate the user based on the hash for the sequence of the one or more input actions and obtain a response indicating whether the user is authenticated. In this way, sending some hashes to the proof of knowledge server may not be necessary, saving resources.

A processing system includes a processor to construct an input message comprising a target value and a nonce and a hardware accelerator, communicatively coupled to the processor, implementing a plurality of circuits to perform stage-1 secure hash algorithm (SHA) hash and stage-2 SHA hash, wherein to perform the stage-2 SHA hash, the hardware accelerator is to perform a plurality of rounds of compression on state data stored in a plurality of registers associated with a stage-2 SHA hash circuit using an input value, calculate a plurality of speculative computation bits using a plurality of bits of the state data, and transmit the plurality of speculative computation bits to the processor.

Procedures, methods, architectures, apparatuses, systems, devices, and computer program products for concealing a subscription identifier. The subscription identifier may be padded with a random number of characters. The padding may use characters not usable for the subscription identifier. The padded subscription identifier may be encrypted and output, possibly with an indication of the padding method used and, in an embodiment, an indication of the number of padding characters. The subscription identifier may be a user identifier, e.g., in a 5G network in which a wireless transmit/receive unit can conceal its identifier.

This disclosure relates to systems and methods for performing cryptographic operations in connection with the management of electronic content using multiple license services. In some circumstances, a content service may not wish to share unencrypted content keys with a single license service for a variety of security reasons. Embodiments of the disclosed systems and methods may use multi-party cryptographic methods in connection with the management of protected content keys and/or associated licenses and/or the distribution of content keys and/or licenses to authorized users and/or devices. In various embodiments, a content service may split a content key into a plurality of key shares and may transmit the key shares to a plurality of different license services. The license services may coordinate operations to generate a protected content key without revealing unencrypted content key to any of the participating license services.

A processor with a Hash cryptographic algorithm and a data processing method are shown. In response to one single Hash cryptographic instruction of an instruction set architecture, the processor reads a first storage space within a system memory to obtain an input message of a limited length, and processes the input message in accordance with the Hash cryptographic algorithm to generate a final Hash value of a specific length.

A method for secure portable operating system interface (POSIX) directory traversing for opening and accessing files by inode number. The method includes receiving, by a process executed by a processor, a request for a ticket for traversing a file system. The process generates a secure key for a unique handle object based on the request for the ticket. An authentication code is generated for the ticket using a numeric file identifier and the secure key. In response to reading a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), the ticket is returned including ticket information including the numeric file identifier, generation information and the authentication code. In response to a request to open a directory, the ticket information is validated based on the secure key. A directory is opened for reading using the validated ticket information and the unique handle.

A method is to detect a message compatible with the OTA (Over The Air) standard and affected by a wrong ciphering. The method may include receiving the ciphered OTA message; deciphering the OTA message; and reading a counter field of padding bytes in the deciphered OTA message and reading corresponding padding bytes in the OTA message deciphered. The method may also include detecting at least one bit in at least one of the padding bytes of the OTA message deciphered, with the at least one bit being indicative of the wrong ciphering.

Disclosed is a method for protecting message data. In the method, the message data is padded with padding bits generated based on a deterministic function performed on the message data. The padded message data is compressed to generate compressed data. A length of the compressed data is dependent on the padding bits. The compressed data is encrypted to generate encrypted message data.