This application discloses a supply chain security technique that enrolls an integrated circuit with a security server and subsequently utilizes the enrollment to authenticate the integrated circuit. The integrated circuit can include security circuitry to enroll the integrated circuit with the security server by generating an enrollment messageincluding a fingerprint code having an encoded version of a private value generated by the security circuitryfor transmission to the security server. The security circuitry can authenticate the integrated circuit by replying to a request to verify authentication of the integrated circuit from the security server. The response can confirm to the security server that the integrated circuit includes the private value, which can authenticate the integrated circuit.

Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes one or more trusted execution environments (TEEs). A TEE generates a request to program the cryptographic engine with respect to a DMA channel. The computing device may verify a signed manifest that indicates the TEEs permitted to program DMA channels and, if verified, determine whether the TEE is permitted to program the requested DMA channel. The computing device may record the TEE for a request to protect the DMA channel and may determine whether the programming TEE matches the recorded TEE for a request to unprotect a DMA channel. The computing device may allow the request to unprotect the DMA channel if the programming TEE matches the recorded TEE. Other embodiments are described and claimed.

A computing device is provided including a motherboard including a control module, a first trusted platform module (TPM), and a second TPM. The control module directs security operations to the first TPM, wherein the control module is operable to detect whether or not the first TPM is damaged, and wherein the control module, in response to detecting that the first TPM is damaged, is operable to direct subsequent security operations to be performed by the second TPM. A computer program product is also provided including non-transitory computer readable storage media embodying program instructions executable by a processor to direct security operations to a first TPM coupled to a motherboard of the computing device, detect whether or not the first TPM is damaged, and, responsive to detecting that the first TPM is damaged, direct subsequent security operations to a second TPM coupled to the motherboard of the computing device.

A method includes receiving a break-glass ticket scope identifying one or more secure containers of a secure container system. The secure containers are instantiated in a non-debuggable state and execute corresponding secure execution environments for contents of the corresponding secure containers. The method also includes generating a pending break-glass ticket having the break-glass ticket scope and transmitting the pending break-glass ticket to a break-glass approver for approver. In response to receiving an approved break-glass ticket from the break-glass approver, the method includes altering an access setting of the one or more secure containers defined in the break-glass ticket scope. The altered access setting allows debugging of the respective contents of the one or more secure containers executing the corresponding secure execution environments.

An elliptic curve random number generator avoids escrow keys by choosing a point on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point , wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Methods and integrated circuit architectures for assuring the protection of intellectual property between third party IP providers, system designers (e.g., SoC designers), fabrication entities, and assembly entities are provided. Novel design flows for the prevention of IP overuse, IP piracy, and IC overproduction are also provided. A comprehensive framework for forward trust between 3PIP vendors, SoC design houses, fabrication entities, and assembly entities can be achieved, and the unwanted modification of IP can be prevented.

An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

An IC for adaptive PUF stabilization process includes a PUF stabilizer and a non-volatile memory. The PUF stabilizer has PUF units, a statistic processor, a majority voting generator, and a dark-bit masker. The statistic processor is connected to the PUF units, and performs measurements on the PUF units to output results. The majority voting generator is connected to the statistic processor to accumulate the results into a statistic result, which is output as a PUF bit. The dark-bit masker is connected to the PUF units, and marks unstable PUF units bit as dark-bit and create dark-bit masks. The non-volatile memory is connected to the PUF stabilizer to store the dark-bit masks, and the dark-bits are replaced by specific bit sequences provided by the PUF stabilizer. This decreases bit error rates of the PUF measurement results, and allows customization of the quantity of dark bits per dark-bit mask used.

Embodiments of the present disclosure provide example key obtaining methods and apparatus. One example method includes receiving, by a terminal, a selected key generation capability from a network element, where the selected key generation capability is used to indicate a key generation capability that is determined by the network element based on a first key generation capability combination, and where the first key generation capability combination includes at least one key generation capability of the terminal. The terminal can then generate a first key parameter and a first base key based on the selected key generation capability.

A data storage device utilized for confirming firmware data includes a flash memory and a controller. The controller is coupled to the flash memory to receive first firmware data and first sorting hash data related to the first firmware data, and it divides a first hash data generated from the first firmware data into a plurality of data groups, and re-assembles the data groups according to a mapping and sorting algorithm to generate second sorting hash data. The controller includes an efuse region for writing the mapping and sorting algorithm. When the controller determines that the second sorting hash data is identical to the first sorting hash data, the first firmware data is allowed to update the controller.