A system and method for signing data is presented. In one embodiment, the method comprises: generating a data signing key; transforming the data signing key into a first subkey and a second subkey; encrypting the first subkey according to a secret key of an ODSS; generating a signature verification public key; providing the signature verification public key, the encrypted first subkey, and the second subkey for storage in a client device; accepting a request to sign the data, the request having a representation of the data and the encrypted first subkey; generating a partially computed signature of the data according to the representation of the data and the encrypted first subkey; and providing the partially computed signature of the data to the client device.

A homomorphic encryption-based testing computing system provides a risk-based, automated, one-directional push of production data through a homomorphic encryption tool and distributes the encrypted data to use in testing of applications. Data elements and test requirements are considered when automatically selecting a homomorphic encryption algorithm. A decisioning component selects an algorithm to use to homomorphically encrypt the data set and a push mechanism performs one or both of the homomorphic encryption and distribution of the encrypted data set to at least one intended host. Once delivered, the testing software and/or testing procedures proceed using the encrypted data set, where results of the testing may be stored in a data store. A validation mechanism may validate the test data against production data and communicates whether testing was successful.

Provided are a system on chip, a security system, and a method of performing authentication. The system-on-chip includes a non-volatile memory a key storage region and a key indicator region, and an authenticator configured to identify a storage location by using key indicator data in response to an authentication request received from an external device, obtain key data stored in the storage location from the non-volatile memory, and perform an encryption algorithm by using an input key received from the external device and an asymmetric key of the key data as inputs.

An assigning device (100) for assigning fixed identifiers to fuzzy identifiers, the assigning device comprising a database storing multiple fuzzy identifiers, and a matching unit (130) arranged to determine if a matching fuzzy identifier exists in the database that matches a fuzzy input identifier according to a matching criterion and to determine if a matching fuzzy identifier does not exist in the database according to an absent criterion.

An apparatus for decrypting an encrypted bit sequence comprises a test device configured to subject the bit sequence to a statistical test in view of an expected distribution of the bits in the bit sequence in order to obtain a test result. The apparatus is configured to decrypt the bit sequence should the test result indicate that the distribution follows the expected distribution, and to not decrypt the bit sequence should the test result indicate that the distribution does not follow the expected distribution.

There is provided a method for testing a Physically Unclonable Function (PUF) implemented in a device, said PUF being configured to receive at least one challenge, each challenge comprising a set of bits, and to produce a set of responses, each response comprising at least one bit and corresponding to one challenge, said PUF comprising a circuitry including a set of PUF elements, each PUF element being controlled by at least one input bit corresponding to at least one bit of said challenge, wherein the method comprises the steps of: applying at least one bit of the challenge to the PUF instance; determining (300) identifiers for at least some of the PUF elements, the identifier of each PUF element being determined from the response output by said PUF element in response to said at least one bit of the challenge; applying a statistical randomness test (304) to a group of identifiers comprising at least some of the identifiers determined for said PUF elements, which provides a test indicator; and testing said PUF based on said test indicator.

An analysis system that is able to obtain correct encryption key is provided. The analysis system includes a processing circuitry configured to function as a cryptanalysis processing unit. The cryptanalysis processing unit includes: a key candidate extraction unit that is configured to extract, from second data, one or more candidates of key data that include an encryption key that enables to decrypt first data encrypted by a specific encryption scheme, based on data indicating a feature of the key data; and a decryption unit that is configured to extract, from the extracted candidates of key data, correct key data that enables to correctly decrypt the encrypted first data, based on a result of decrypting the first data by use of the extracted candidates of key data.

An assigning device (100) for assigning fixed identifiers to fuzzy identifiers, the assigning device comprising a database storing multiple fuzzy identifiers, and a matching unit (130) arranged to determine if a matching fuzzy identifier exists in the database that matches a fuzzy input identifier according to a matching criterion and to determine if a matching fuzzy identifier does not exist in the database according to an absent criterion.

Various systems and methods for implementing secure system-on-chip (SoC) debugging are described herein. A method of providing secure system-on-a-chip (SoC) debugging, comprises: receiving, from a remote host at a debug companion circuit, a debug initiation request to initiate a debugging session with an SoC associated with the debug companion circuit; encrypting, at the debug companion circuit, a debug handshake command; transmitting the debug handshake command to the SoC from the debug companion circuit, wherein the SoC is configured to authenticate the debug companion circuit, and configure intellectual property (IP) blocks on the SoC to expose debug data to the debug companion circuit in response to authenticating the debug companion circuit; and managing a secure connection with the SoC to obtain debug data and report the debug data to the remote host.

The disclosure relates to a method and a device for authenticating an FPGA configuration. The method includes at least partly reading the configuration of a FPGA by the FPGA itself and calculating a first checksum using the read configuration. The method further includes providing an authentication response which confirms that the FPGA configuration is authentic when the first checksum matches a specified checksum, wherein the reading, calculating, and providing are carried out in an obfuscated manner. The authentication response confirming that the FPGA configuration is authentic is not provided or is only provided with a very low degree of probability when the first checksum and the specified checksum do not match. In this regard, an FPGA may check its own configuration.