A secure logic system includes a physically unclonable function, a physically unclonable function configuration register, and an encryption circuit. The physically unclonable function establishes an encryption string according to at least partial random physical characteristics of the physically unclonable function. The physically unclonable function configuration register is coupled to the physically unclonable function, and load the encryption string from the physically unclonable function. The encryption circuit is coupled to the physically unclonable function configuration register, and manipulates a system string with the encryption string to generate encrypted data.

According to a first aspect of the present disclosure, an integrated circuit is provided which comprises an active shield in a first layer and at least one security-critical component in a second layer, said security-critical component being configured to generate an access key for enabling access to at least a part of said security-critical component, wherein said access key is based on an output value of the active shield. According to a second aspect of the present disclosure, a corresponding method for protecting an integrated circuit is conceived. According to a third aspect of the present disclosure, a corresponding computer program product is provided.

A method for protecting against faults in a computation of a point multiplication Q=[k]P on an elliptic curve E defined over a prime field .sub.p, including: defining an integer r and a group ={()|/r} represented with elements having a group law that coincides with a group law used in the representation for E(.sub.p) and isomorphic to an additive group (/r).sup.+ through isomorphism ; forming a combined group E(.sub.p)

A surveillance system includes one or more camera systems at least some of the camera systems including a camera element comprising optical components to capture and process light to produce images, camera processing circuitry that receives the light and processes the light into electrical signals and encodes the signals into a defined format, power management circuitry to power the camera system, the power management system including first and second power interfaces and first and second video output interfaces.

A networked system for managing a physical intrusion detection/alarm includes an upper tier of server devices, comprising: processor devices and memory in communication with the processor devices, a middle tier of gateway devices that are in communication with upper tier servers, and a lower level tier of devices that comprise fully functional nodes with at least some of the functional nodes including an application layer that execute routines to provide node functions, and a device to manage the lower tier of devices, the device instantiating a program manager that executes a state machine to control the application layer in each of the at least some of the functional nodes.

A floating core network for secure isolation of a circuit from an external supply interface is described. Isolation of a core is accomplished through a dynamic current limiting network providing an isolated core voltage to the core; and an isolated supply for the corresponding core that is continuously recharged by the dynamic current limiting network. The dynamic current limiting network can include two control loops, one control loop providing a fixed gate voltage to a p-type transistor supplying current to the isolated supply and another control loop providing a fixed gate voltage to an n-type transistor sinking current from the isolated supply.

A device may include a physically unclonable function (PUF) source that has at least one fuse embedded in the device. The PUF source may be responsive to an input for transmitting a signal through the fuse and providing a PUF value based on a measurement of such signal. The device also has circuitry that is configured to modify the fuse by transmitting a signal of sufficiently high current or voltage through the fuse to change its resistance, thereby changing a response of the PUF source to the input.

An integrated circuit includes a semiconductor substrate having a rear face. A first semiconductor well within the substrate includes circuit components. A second semiconductor well within the substrate is insulated from the first semiconductor well and the rest of the substrate. The second semiconductor well provides a detection device that is configurable and designed, in a first configuration, to detect a thinning of the substrate via its rear face, and in a second configuration, to detect a DFA attack by fault injection into the integrated circuit.

A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults. Other embodiments are described and claimed.

Blind injection attacks can compromise computer systems and their data. These attacks can appear in SQL, XML, LDAP, OS commands, or other contexts. Blind injection attacks may be used to obtain information from a data source based on whether a response is returned within a certain time frame. By introducing intentional delay servicing of commands , however, the efficacy of blind injection attacks can be reduced. SQL query statements or other commands can be analyzed to determine if a conditional delay exists, and randomization effects can be used (sometimes based on length of the conditional delay) to make it difficult for an attacker to use blind injection. These techniques may broadly apply to any data source, and include databases exposed to the public via the internet (e.g. via a web server URL). Blind SQL injection, blind XML injection, and other blind injection attacks can be mitigated using techniques described herein.