Provided are an operation method and a secure terminal for performing the method. The operation method may include receiving, from a user terminal, a plain text on which an external encoding operation is to be performed, performing the external encoding operation on the plain text, and transmitting the external encoding operated plain text to the user terminal, and the operation method may include receiving, from a user terminal, a cryptogram in which a white-box cryptography operation is performed on an external encoding operated plain text; performing an external decoding operation on the cryptogram; and transmitting the external decoding operated cryptogram to the user terminal.

An embodiment of a method and apparatus for ciphering data. Data is provided for ciphering. The data is ciphered in a plurality of steps. For each step, determining an encoding for error detection of the data being processed within the step. Determining an output error detection encoding for the step. Processing data of the round to provide output error detection encoding. Then, verifying the encoding against a determined output error detection encoding. If the output error detection encoding is not the same as the determined error detection encoding, providing a signal indicating the presence of an error within the cipher process.

A method of encoding and encrypting input data (D1) to generate corresponding encoded and encrypted data (E2) is provided. At least a first data block of the input data (D1) is encoded to generate a first encoded data block. The at least first encoded data block is then encrypted using at least one key to provide a first encoded and encrypted data block for inclusion in the encoded and encrypted data (E2). Moreover, a first seed value is generated for use in encrypting a next encoded data block to provide a next encoded and encrypted data block for inclusion in the encoded and encrypted data (E2). Furthermore, a next seed value is generated for use in encrypting a subsequent encoded data block, in a sequential repetitive manner until each data block of the input data (D1) is encoded and encrypted into the encoded and encrypted data (E2).

A data processing device includes a Physical Unclonable Function value source which is set up to provide a reference Physical Unclonable Function value and a plurality of subsequent Physical Unclonable Function values, the reference Physical Unclonable Function value and each subsequent Physical Unclonable Function value having a multiplicity of binary components, a determination device which is set up to determine a set of components, the value of which is identical in the plurality of subsequent Physical Unclonable Function values, and a Physical Unclonable Function reconstruction device which is set up to reconstruct the reference Physical Unclonable Function value from the subsequent Physical Unclonable Function values assuming that the values of the determined components in the subsequent Physical Unclonable Function value match the values of the determined components in the reference Physical Unclonable Function value.

The present invention relates to a method of transmitting a message comprising an integrity check and a header, between two processing units via a shared memory, comprising steps of: —generation (501), by a first processing unit, of a first pseudorandom binary string; —encryption (502) of the message to be transmitted by applying an involutive transformation dependent on the first pseudorandom binary string generated; —transmission and storage (503) of the encrypted message in the shared memory; —generation (504), by the second processing unit, of a second pseudorandom binary string; —decryption of the message stored by applying an involutive transformation dependent on the second pseudorandom binary string, and by decrypting the header (505) of said message, by verifying the decrypted header (505), and as a function of the result of the verification, by decrypting the complete message (506); —verification (507) of the integrity of the decrypted message on the basis of its integrity check.

Embodiments of an invention for hardening data transmissions against power side channel attacks are disclosed. In one embodiment, a system includes a first agent and a second agent. The first agent is to transmit an encoded datum through an interface in a plurality of encoded packets. The second agent is to receive each of the plurality of encoded packets from the interface and decode each of the encoded packets to generate a plurality of decoded packets. Each of the encoded packets has the same Hamming weight. The Hamming distance between any two consecutively transmitted encoded packets is constant.

This disclosure relates to generating shares of secret data represented by secret data elements based on a first threshold for the number of shares that allow determining the secret data. The shares are determined based on the secret data, one or more random data elements added to the secret data and coefficients of a systematic maximum distance separable (MDS) code. The MDS code has a number of input data elements that is equal to the first threshold and that is also equal to the number of secret data elements plus the number of the one or more random data elements. The method of determining shares can be used for different data sets and multiple pairs of the shares can be generated to allow performing an operation between the first secret data with the second secret data based on distributed processing of each of the multiple pairs.

A system for transmitting data is disclosed that includes a file distribution system operating on a processor that is configured to identify one or more files for distribution to a device, forward error correction data for the one or more files, and a cryptographic key associated with the device. A Merkle tree system operating on the processor is configured to receive the forward error correction data and to generate an encrypted root hash. A data transmission system operating on the processor is configured to transmit the one or more files and the encrypted root hash to a predetermined device.

Providing secure graphics outputs by performing at least the following: receive secure output data corresponding to a digital image, obtain one or more security keys, create a secure output marker for the secure output data, wherein the secure output marker comprises location information corresponding to a trusted output area of the digital image and data information that represents data content found within the trusted output area of the digital image, encrypt the secure output marker using the one or more security keys, embed the secure output marker within the graphics image to create a trusted graphics image; and render the trusted graphics image for exposure onto the display device.

Aspects of a storage device including a memory and a controller are provided. The controller can receive a data stream from a host device, the data stream indicating a plurality of encryption keys associated with the data stream, and segregate the data stream into a plurality of data stream portions based on the plurality of encryption keys. The controller can encode the plurality of data stream portions into a plurality of encoded data stream portions with the plurality of encryption keys. The controller also can generate a mapping indicating an association between each of the plurality of encryption keys with a respective one of the plurality of encoded data stream portions. Thus, the controller may store the plurality of encoded data stream portions and the plurality of encryption keys in the memory based on the mapping, thereby improving security access to data stored in the storage device.