The present invention extends to methods, systems, and computer program products for configuring, enforcing, and monitoring separation of trusted execution environments. Firmware images consistent with configuration of multiple separate execution domains can be generated without requiring changes to existing application source code. A cryptographically signed firmware image can be loaded at a processor to form multiple separate execution domains at the processor. Communications can be secured across separate execution domains without using shared memory.

A method of cryptographically secured decentralized testing includes receiving, by a computing device and from a secure test apparatus, an output of a cryptographic function of a secret test result identifier, authenticating the output, and recording, in a data repository, an indication of a test result as a function of the output.

This disclosure describes techniques for analyzing statistical quality of bitstrings produced by a physical unclonable function (PUF). The PUF leverages resistance variations in the power grid wires of an integrated circuit. Temperature and voltage stability of the bitstrings are analyzed. The disclosure also describes converting a voltage drop into a digital code, wherein the conversion is resilient to simple and differential side-channel attacks.

To provide a mutual authentication system which is not required to erase master key when a slave device is replaced. The storage part stores a temporary key which is key data used temporarily and a master key which is key data used for authentication. The storage part stores the temporary key. The key confirmation unit inquires whether the slave device stores the master key. The key confirmation response unit confirms whether the master key has already been stored in the storage part for an inquiry from the master device and responds. The key introduction unit encrypts the master key by using the temporary key and transmits to the slave device. The key storage unit decrypts the encrypted master key by using the temporary key and stores in the storage part. The main authentication unit and the sub-authentication unit authenticate with each other by using the master key.

A process of linking a key to a component is disclosed herein. In various aspects, the key may be a password, hash, key, encryption key, decryption key, seed value, unlock code, or other alphanumeric identifier, and the component includes a computer in networked communication, and may further include a specific user of the computer. The process may include the step of identifying a component using environmental variables associated with the component, and the process step of forming a representation of the key unique to the component. The representation is tested to determine that the identified component is the source of the representation, in various aspects. Accordingly, the process may include the step of testing the representation against previous representations thereby determining the representation is not statistically duplicative of previous representations, and the process may include the step of testing the representation against possible representations from the component where the possible representations are unique to the component.

There are provided a method and system for assessing latency of ciphering end point of secure communication channel. The method comprises: generating a test traffic comprising a series of original data packets, wherein, for each original data packet, size of a given packet is uniquely indicative of the packet's place in a sequence of data packets in the series and enables unique correspondence with a size of the given packet upon its encryption; successively transmitting the original packets to the ciphering end point, whilst associating with respective departure time stamps; receiving encrypted packets from the ciphering end point and associating them with respective arrival time stamps; using a size of a given encrypted packet with a timestamp TS.sub.a to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TS.sub.d, thus giving rise to a plurality of timestamp pairs (TS.sub.d; TS.sub.a).

A computer-implemented method includes retrieving, by a bridge device communicatively linked to a blockchain network node of a blockchain network, a first set of blockchain blocks from the blockchain network node using a first set of threads of the bridge device; storing, by the bridge device, the first set of blockchain blocks in the bridge device; and verifying, by the bridge device, a second set of blockchain blocks that are stored in the bridge device using a second set of threads of the bridge device; and wherein retrieving the first set of blockchain blocks and verifying the second set of blockchain blocks are performed asynchronously using the first set of threads and the second set of threads.

A method for examining connection parameters during establishing of a cryptographically protected communication connection between a first communication device and a second communication device, comprising the method steps: transmitting an attestation data structure, which contains at least one connection parameter of the first and/or second communication device as attestation information, from the first and/or second communications devices to the second and/or first communication device, eavesdropping on the attestation data structure by means of a monitoring device arranged within a data transmission path of the communication connection, examining the attestation information in a comparison to a specified guideline, and a corresponding communication system, a communication device, a monitoring device and a computer program product for carrying out the method.

Provided are an apparatus and a method for generating an identification key with improved reliability by: providing a plurality of resistances which are generated according to a random connection state between conductive layers of a semiconductor due to process variation of the semiconductor; discriminating a first group which has a resistance value greater than a first threshold value and less than a second threshold value among the plurality of resistances; and reading at least one resistance which does not belong to the first group out of the plurality of resistances and reading an identification key in the form of a digital value.

Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.