A secure element device that is configured to be cryptographically bound to a host device includes a secure element host key slot configured to store host key information that allows only the host device to control the secure element, a secure memory storing binding information, and limited functionality allowing the binding information to be read from the secure memory by the host device during a binding process. The binding information is cryptographically correlated with the host key information. The host key information is generated by the host device using the binding information read from the secure element and a secret key. The secure element device further includes general functionality only accessible to the host device using the host key information that is generated by the host device. The secure memory includes prevention measures impeding unauthorized entities from obtaining information from the secure memory.

Stochastic or near-stochastic physical characteristics of resistive switching devices are utilized for generating data distinct to those resistive switching devices. The distinct data can be utilized for applications related to electronic identification. As one example, data generated from physical characteristics of resistive switching devices on a semiconductor chip can be utilized to form a distinct identifier sequence for that semiconductor chip, utilized for verification applications for communications with the semiconductor chip or utilized for generating cryptographic keys or the like for cryptographic applications.

Unclonable function circuitry includes a plurality of pairs of phase-change memory cells in a virgin state, and sensing circuitry coupled to the plurality of pairs of phase-change memory cells in the virgin state. The sensing circuitry identifies a subset of the plurality of pairs of phase-change memory cells in the virgin state based on a reliability mask. Signs of differences of effective resistance values of the identified subset of the plurality of pairs of phase-change memory cells in the virgin state are sensed by the sensing circuitry. The sensing circuitry generates a string of bits based on the sensed signs of differences in the effective resistance values of the identified subset of the plurality of pairs of phase-change memory cells in the virgin state. Processing circuitry coupled to the unclonable function circuitry, in operation, executes one or more operations using the generated string of bits.

An apparatus is disclosed for storing a private key on an IoT device for encrypted communication with an external user device and includes a proximity-based communication interface, encryption circuitry and IoT functional circuitry. The encryption circuitry includes a memory having a dedicated memory location allocated for storage of encryption keys utilized in the encrypting/decrypting operations, an encryption engine for performing the encryption/decryption operation with at least one of the stored encryption keys in association with the operation of the IoT functional circuitry, an input/output interface for interfacing with the proximity-based communication interface to allow information to be exchanged with a user device in a dedicated private key transfer operation, an internal system interface for interfacing with the IoT functional circuitry for transfer of information therebetween, memory control circuitry for controlling storage of a received private key from the input/output interface for storage in the dedicated memory location in the memory, in a Write-only memory storage operation relative to the private key received from the input/output interface over the proximity-based communication interface, the memory control circuitry inhibiting any Read operation of the dedicated memory location in the memory through the input/output interface. The IoT functional circuitry includes a controller for controlling the operation of the input/output interface and the memory control circuitry in a private key transfer operation to interface with the external user device to control the encryption circuitry for transfer of a private key from the user device through the proximity-based communication interface for storage in the dedicated memory location in the memory, the controller interfacing with the encryption circuitry via the internal system interface, and operational circuitry for interfacing with the user device over a peer to peer communication link and encrypting/decrypting information therebetween with the encryption engine in the encryption circuitry.

The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising storing a plurality of activation codes, each of the activation codes associated with a respective unique identifier (UID) of semiconductor device; receiving, over a network, a request to generate a new storage root key (SRK), the request including a response code and a requested UID; identifying a selected activation code from the plurality of activation codes based on the requested UID; generating the SHRSRK value using the response code and the selected activation code; associating the SHRSRK value with the requested UID and storing the SHRSRK value; and returning an acknowledgement in response to the request.

An example method includes receiving an encrypted biometric enrollment data and user identifier data. The encrypted biometric enrollment data includes at least one biometric enrollment sample from a user encrypted using an encryption key. The encryption key is generated based on a user secret and the user identifier is associated with the user. The user identifier is matched with a stored user secret. A decryption key is generated based on the stored user secret. The encrypted biometric enrollment data is decrypted using the decryption key. The at least one biometric enrollment sample is retrieved from the decrypted biometric enrollment data. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a biometric reference template. A biometric reference template identifier uniquely identifying the biometric reference template is generated. An encryption key is generated based on the stored user secret and encrypts an enrollment confirmation message.

Devices, systems and methods for improving reliability and security of a memory system are described. An example method includes receiving a seed value and a data stream, generating, based on the seed and using a physical unclonable function (PUF) generator, a PUF data pattern, generating, based on the seed, a pseudo-random data pattern, performing a first logic operation on the PUF data pattern and the data stream to generate a result of the first logic operation as a first data sequence, and performing a second logic operation on the pseudo-random data pattern and a second data sequence that is based on the first data sequence to generate a result of the second logic operation as a third data sequence for storage on the memory system, wherein the PUF generator is selected at least in-part based on one or more physical characteristics of the memory system.

A system and method for encrypting communication for networked heating, ventilation, and air conditioning (HVAC) devices. A method includes obtaining a list of network devices of a network, requesting a certificate for each network device in the list of network devices of the network, and generating a shared symmetric key for encrypting communication in the network. A method may also include encrypting the shared symmetric key with a public key for each network device in the list of network devices having a valid certificate, transmitting the encrypted shared symmetric key with each network device having a valid certificate, each network device includes a different certificate, and communicating between the master device and the network device using the shared symmetric key.

Systems and methods for controlling and tracking computer devices using a secure communication path between a central server and a machine control-file watchdog program. One or more machine control-files can be generated to control, limit and track a computer device using a machine control-file watchdog program. The system sets limits on the computer device to ensure the user operating the computer device stays within a restricted set of usage limitations. The machine control-file watchdog program protects the one or more machine control-files and additionally can report on all activities performed by the computer device to the central server.

Systems, methods, and other embodiments for decentralized identity with user biometrics are presented herein. In one embodiment, a method includes, in response to a request to access resources of a cloud service provider by a computing device, transmitting a request for a biometric private key to a mobile device associated with a user; in response to receiving the biometric private key, submitting the biometric private key for validation against a blockchain associated with the user and the mobile device; adding a record of the results of the validation to the blockchain; and controlling access to the resources of the cloud service provider based on the record in the blockchain by (i) denying access where the record indicates that validation has failed (ii) granting access where the record indicates that validation has succeeded.