An apparatus to facilitate provenance audit trails for microservices architectures is disclosed. The apparatus includes one or more processors to: obtain, by a microservice of a service hosted in a datacenter, provisioned credentials for the microservice based on an attestation protocol; generate, for a task performed by the microservice, provenance metadata for the task, the provenance metadata including identification of the microservice, operating state of at least one of a hardware resource or a software resource used to execute the microservice and the task, and operating state of a sidecar of the microservice during the task; encrypt the provenance metadata with the provisioned credentials for the microservice; and record the encrypted provenance metadata in a local blockchain of provenance metadata maintained for the hardware resource executing the task and the microservice.

A secure method for data exchange between a terminal and a server is described. The server can use a cryptographic module configured to encrypt or decrypt a message based on input parameters comprising the message, a response to a challenge and a symmetric key. The terminal can use a white-box cryptography module constituting a white-box implementation of the cryptographic module of the server for this symmetric key.

A random bit generator includes a voltage source, a bit data cell, and a sensing control circuit. The voltage source provides a scan voltage during enroll operations. The data cell includes a first transistor and a second transistor. The first transistor has a first terminal coupled to a first bit line, a second terminal coupled to the voltage source, and a control terminal. The second transistor has a first terminal coupled to a second bit line, a second terminal coupled to the voltage source, and a control terminal. The sensing control circuit is coupled to the first bit line and the second bit line, and outputs a random bit data according to currents generated through the first transistor and the second transistor during an enroll operation of the bit data cell.

According to a first aspect of the invention, there is provided a method of deriving information from an optically readable security element, comprising: optically reading the optically readable security element, the optically readable security element comprising at least one optically readable structure, optically readable in response to excitation of the optically readable structure; the reading comprising determining data indicative of an optical property of the optically readable security element using first emission electromagnetic radiation, emitted in response to excitation of the optically readable structure; the deriving information further comprising using the determined data indicative of an optical property, in combination with a temporal excitation-emission relationship related to the optically readable structure, to derive the information.

Methods and systems for providing hardware compute resiliency by using a compute fabric that includes sensors and re-programmable data processing components.

A method of identifying primitives for implementing a physical unclonable function providing a response representative of a device comprising a plurality of primitives coupled in pairs, said primitives being configured for being one-time programmable through application of a burning energy to said primitives, by selecting a subset of the pairs, assessing a difference between electrical characteristics values provided by primitives belonging to each pair of said subset, qualifying all pairs of primitives for which the assessed difference is higher than a reference threshold, and identifying said qualified pairs of primitives comprising programming at least one primitive of each pair of primitives for which the assessed difference is lower than said reference threshold, by applying a burning energy to said at least one primitive so as to differentiate qualified pairs of primitives from those that are not qualified.

Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

An imaging device includes an image sensing device, a private key generation unit, and an image encryption unit. The image sensing device includes an image generator configured to generate image data acquired by capturing as image, and a physical unclonable function (PUF) generator configured to generate physical unclonable function (PUF) data including information about at least one fixed pattern noise (FPN) data value and at least one random telegraph noise (RTN) data value. The private key (KEY) generation unit generates a private key based on the at least one FPN data value and the at least one RTN data value that are acquired from the PUF data. The image encryption unit encrypts the image data using the private key. A first transistor included in the PUF generator exhibits different properties from a second transistor that is included in the image generator and corresponds to the first transistor.

The present disclosure belongs to an identity authentication technology in network security field, and relates to a lightweight identity authentication method. The method utilizes lightweight operations of the physical unclonable function, Hash operation, XOR operation, etc. for bidirectional authentication between an authentication server and an Internet of Things resource-limited device, and particularly utilizes uniqueness of an integrated circuit (IC) physical microstructure created by the physical unclonable function in the resource-limited device in a manufacturing process to design an engineering-implementable information desynchronization recovery mechanism of two authentication parties by optimizing an interaction mode of input challenge and output response of the physical unclonable function, thereby solving the problem that the same lightweight identity authentication type solution cannot ensure forward security and resist desynchronization attack, further reducing resource cost for an identity authentication process, and effectively improving security and operation efficiency of identity authentication of the Internet of Things resource-limited device.

A method for remotely programming a programmable device designed to provide an expected sensitive result. The method including transmitting a first program code to the programmable device, the first program code being configured to get at least one distinctive data unique and physically inherent to the programmable device, retrieving the distinctive data, and transmitting a second program code based on the retrieved distinctive data to the programmable device, so as to load the second program code into the programmable device.