An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

A smart hardware security engine using biometric features and hardware-specific features is provided. The smart security engine can combine one or more entropy sources, including individually distinguishable biometric features, and hardware-specific features to perform secret key generation for user registration and authentication. Such hybrid signatures may be distinct from person-to-person (e.g., due to the biometric features) and from device-to-device (e.g., due to the hardware-specific features) while varying over time. Thus, embodiments described herein can be used for personal device authentication as well as secret random key generation, significantly reducing the scope of an attack.

Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

Authentication that leverages a Physical Unclonable Function (PUF) to generate bitstrings, session keys and long-lived keys (LLK).

The generation of “fingerprints”, also called challenge-response pairs (CRPs) of Physically Unclonable Functions (PUFs), can often stress electronic components, leaving behind traces that can be exploited by crypto-analysts. A non-intrusive method to generate CRPs based on Resistive RAMs may instead be used, which does not disturb the memory cells. The injection of small electric currents (magnitude of nanoAmperes) in each cell causes the resistance of each cell to drop abruptly by several orders of magnitudes through the formation of temporary conductive paths in each cell. A repeated injection of currents into the same cell, results in an almost identical effect in resistance drop for a single cell. However, due to the small physical variations which occur during manufacturing, the cells are significantly different from each other, in such a way that a group of cells can be used as a basis for PUF authentication.

There is provided a framework to record to a blockchain unique identification (signatures) of physical items which have unique, random properties. Physical items are analysed using spectral imaging to determine the unique identifications. Hardware is shown to perform the analysis and various nodes of a peer-to-peer network are shown and described, which nodes may be configured to provide proof of location, privacy, trust and authentication. The solution can work even if the item is modified in some way if a subset of the unique properties remain.

A method of determining a confidence level associated with a device using heuristics of trust includes receiving, by an evaluating device, at least a communication from a first remote device, determining, by the evaluating device, an identity of the first remote device as a function of the at least a communication, calculating, by the evaluating device, at least a heuristic of trust as a function of the at least a communication and the identity, assigning, by the evaluating device, a first confidence level to the first remote device as a function of the at least a heuristic of trust, and assigning, by the evaluating device, an access right as a function of the first confidence level.

An information processing device comprises an electronic device, an averaging circuit acquiring output signals from the electronic device multiple times in a predetermined period and averaging the signals acquired multiple times, a memory circuit storing an averaged signal averaged by the averaging circuit and a PUF-ID extraction circuit generating a unique identifier based on the averaged signal.

A security device includes a physical unclonable function (PUF) cell array that includes a plurality of PUF cells connected with a first word line, a controller that selects a target PUF cell of the plurality of PUF cells and outputs a control signal based on the target PUF cell, a decoder that applies a first voltage to the first word line in response to the control signal, a bit line selection circuit that outputs a target current across a bit line connected with the target PUF cell and a sum current corresponding to a sum of currents across the remaining bit lines connected with other PUF cells, and a bit determiner that outputs a target bit of the target PUF cell based on the target current and the sum current, and the security device generates a security key based on the target bit for responding to an authentication requests.

This disclosure provides techniques for recovering a root key from measurement of a circuit function. In some embodiments, a checkpointing feature is used to periodically mark measurements of this function and thereby track drift in the value of the root key over the life of a digital device; the checkpointing feature permits rollback of any measurement of the function in a manner that negates incremental drift and permits recovery of the root key for the life of a device (e.g., an IC circuit or product in which the IC is embedded). This disclosure also provides novel PUF designs and applications.