An electronic circuit includes an interface, a read-only memory in which encrypted data are stored, and cryptographic circuitry coupled to the interface. In operation, the cryptographic circuitry uses a decryption key received via the interface to decrypt the encrypted data. The electronic circuit performs one or more operations using the decrypted data.

A system and method may simplify API design maintenance by providing an interface for configuring cryptographic parameters in the development of secure APIs to allow configuring MLE and X-Pay parameters, testing MLE and X-Pay-supported APIs, and directly viewing decrypted output of APIs which requires MLE. Rather than a pre-configured key store or creating a key store for each API, the system may refer to stored credentials and certificates to make, Mutual SSL and X-Pay token calls within the developer playground and create the key store programmatically. The configuration may be saved in a JSON format so that it may be reused at a later stage for retesting and also may allow saving the complete configuration including credentials, end point, request and response payload so that there is no need to update credentials in a centralized place. The solutions described herein may also eliminate sharing the private key over a network.

In the present invention, a system and method is provided for the self-certification of third party software products for use on medical products by the customer. The system enables the customer to test, qualify, and certify a third party software product for use on a controlled medical device independent of any testing or other intervention by the manufacturer. The system can be located on the particular medical device and provides internal testing and certification mechanisms to promote/authorize third party software products onto to the device/software authorization catalog, as well as notification to the manufacturer of the customer approved addition to the device certified third party software product catalog.

An authentication system includes a vehicle onboard ECU, an update tool for vehicle control software, and an authentication server for the update tool. The update tool substitutes predetermined-constant and first-random-number into predetermined-function to generate first-value and send it to the authentication server. The authentication server signs the first-value using secret-key and send it to the update tool. The update tool transmits the first-value and signature to the ECU upon connection. The ECU verifies the signature using public-key and substitutes the predetermined-constant and second-random-number into the predetermined-function to generate second-value and send it to the update tool. The update tool substitutes the second-value and first-random-number into the predetermined-function to generate third-value. The ECU substitutes the first-value and second-random-number into the predetermined-function to generate fourth-value upon verification of the signature. The ECU allows vehicle control software update by the update tool when the third-value and fourth-value are identical.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for recovering and verifying a public key. One of the methods includes accepting information encoding parameters of an elliptic curve, a published public key, a hash value of a message, a digital signature, and an identification parameter; generating a recovered public key based on the parameters of the elliptic curve, the hash value of the message, the digital signature, and the identification parameter; comparing the published public key and the recovered public key to verify the published public key.

There is disclosed a silicon integrated circuit comprising a Physically Unclonable Function and an online or embedded test circuit, said online test circuit comprising one or more circuit parts being physically adjacent to said PUF and said one or more circuits embodying one or more tests which can be performed to determine one or more quality properties of said PUF or otherwise characterize it. Different tests with specific associated method steps are described.

Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.

Methods, systems, and computer programs encoded on computer storage medium, for identifying a virtual desktop infrastructure (VDI) that includes a plurality of components; identifying a secure boot state of each of the components; aggregating the secure boot state of each of the components to define an aggregated secure boot state of the VDI; comparing the aggregated secure boot state of the VDI with a secure boot lookup table to identify a measure of trust of the VDI; identifying access control policies for the VDI for the identified measure of trust of the VDI; and enabling access to one or more resources based on the identified access control policies for the VDI.

An inspection target apparatus includes a generating circuit and a processing unit. The generating circuit generates a value depending on hardware. The processing unit generates, in response to a first request, encoding result data using the generated value and an error-correction encoding method and outputs the encoding result data. The processing unit generates, in response to a second request, decoding result data using designated encoding result data, the generated value, and an error-correction decoding method and outputs the decoding result data. An inspection apparatus includes a storing unit and a processing unit. The storing unit stores encoding result data generated by a different inspection target apparatus and reference data. The processing unit designates encoding result and receives decoding result data from the inspection target apparatus. The processing unit determines whether the decoding result data matches the reference data in comparison with each other.

An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.