The described techniques facilitate the secure transmission of sensor measurement data to an ECU by implementing an authentication procedure. The authentication procedure includes an integrated circuit (IC) generating authentication tags by encrypting portions of sensor measurement data. These authentication tags are then transmitted together with the sensor measurement data as authenticated sensor measurement data. The ECU may then use the authentication tags to authenticate the sensor measurement data based upon a comparison of the portions of the sensor measurement data sensor measurement data to the authentication tag that is expected to be generated for those portions of sensor measurement data.

A system and a method for a supply-chain hardware integrity for electronics defense (SHIELD) dielet embedded over a component of a device, a radio frequency identification (RFID) probe system coupled to the SHIELD dielet, and a secure server system communicating with the RFID probe system that can enable security services is provided. Embodiments include a multi-function SHIELD software defined, hardware enabled security system that provides hardware identity, anti-tamper, encryption key generation and management, trusted platform module services, and cryptographic software security services for a device.

Systems, methods, articles of manufacture, and computer-readable media. A server may receive a phone call and generate a uniform resource locator (URL) comprising a session identifier for an account. The server may transmit the URL to a client device. The server may receive, from a web browser, a request comprising the URL. The server may determine that the session identifier in the URL of the request matches the session identifier for the account, and transmit, to the web browser, a web page at the URL. The server may receive, from the web browser, a cryptogram read by the web page via a card reader of the client device and decrypt the cryptogram. The server may authenticate the identity of the caller for the call based on decrypting the cryptogram and the session identifier of the URL matching the session identifier of the account.

A device includes a root of trust and a controller to perform a device function of the device using the root of trust. The root of trust is designed to control and/or observe the controller at least partially for the performance of the device function.

A system and method for providing a providing security credential is disclosed. In one embodiment, the method comprises accepting a request to generate at least one key in an online data signing system; generating, in a hardware security module communicatively coupled to the online data signing system, a first key K.sub.1 as a temporary object; encrypting, by the hardware security module, the first key K.sub.1 according to a wrapping key Kw to produce an encrypted first key E.sub.Kw[K.sub.1]; storing the encrypted first key; and providing a second key K.sub.2 associated with the first key K.sub.1 to a user device communicatively coupled to the online data signing system.

A method of determining a confidence level associated with a device using heuristics of trust includes receiving, by an evaluating device, at least a communication from a first remote device, determining, by the evaluating device, an identity of the first remote device as a function of the at least a communication, calculating, by the evaluating device, at least a heuristic of trust as a function of the at least a communication and the identity, assigning, by the evaluating device, a first confidence level to the first remote device as a function of the at least a heuristic of trust, and assigning, by the evaluating device, an access right as a function of the first confidence level.

A security device includes a physical unclonable function (PUF) cell array that includes a plurality of PUF cells connected with a first word line, a controller that selects a target PUF cell of the plurality of PUF cells and outputs a control signal based on the target PUF cell, a decoder that applies a first voltage to the first word line in response to the control signal, a bit line selection circuit that outputs a target current across a bit line connected with the target PUF cell and a sum current corresponding to a sum of currents across the remaining bit lines connected with other PUF cells, and a bit determiner that outputs a target bit of the target PUF cell based on the target current and the sum current, and the security device generates a security key based on the target bit for responding to an authentication requests.

A method comprises: a first data processing device requesting attestation of a second data processing device; the second data processing device generating a device-specific attestation message in dependence upon a device-specific key, a hardware configuration of the second data processing device and a software configuration of software running on the second data processing device; the second data processing device generating an application-specific attestation message in dependence upon an interaction protocol by which the first data processing device and the second data processing device interact; the second data processing device cryptographically binding the application-specific attestation message to the device-specific attestation message; the first data processing device verifying the application-specific attestation message, the verifying step comprising detecting a trusted status of the application-specific attestation message by verifying the device-specific attestation message cryptographically bound to the application-specific attestation message; and the first data processing device establishing an interaction with the second data processing device according to the interaction protocol, in dependence upon the verified application-specific attestation message.

Various embodiments are directed to securely generating and managing passwords using a near-field communication (NFC) enabled contactless smart card. For example, a secure password may be generated by generating a random number via a random number generator of the contactless smart card and converting the random number to one or more human-readable characters. In another example, a secure cryptographic hash function of the contactless smart card may generate a hash output value, which may be converted to one or more human-readable characters. The human-readable characters may be used as the secure password or it may be transformed to add more layers of security and complexity.

Methods and systems for encrypting and decrypting data comprising sending sensitive information to a first cryptographic processing system in a first cloud region for encryption with a first key encryption key generated by and stored by the first cryptographic processing system. The first encrypted sensitive information received from the first cryptographic processing system is stored in a first database. The sensitive information is also sent to a second cryptographic processing system in a second cloud region different from the first cloud region for encryption with a second key encryption key generated by and stored by the second cryptographic processing system. The second encrypted sensitive information received from the second cryptographic processing system is stored in a second database. If the first encrypted sensitive information cannot be decrypted by the first cryptographic processing system, the second encrypted sensitive information is sent to the second cryptographic processing system.