Abstract: A method and an apparatus for camouflaging an application specific integrated circuit are disclosed. The ASIC comprises a circuit comprising a plurality of interconnected functional logic cells performing a logical function. In one embodiment, the method comprises accepting a coded description of the circuit, wherein the coded description describes the circuit in terms of components comprising a sequential logic component and a virtual camouflage component, generating a logical description of the circuit, the logical description of the circuit comprising a logical description of the virtual camouflage component, and replacing, in the logical description of the circuit, the logical description of the virtual camouflage component with a logical description of a functionally equivalent technology-dependent camouflaged component.

Abstract: A camouflaged FinFET is disclosed. The camouflaged FinFET comprises a fin and a gate, disposed over and perpendicular to the fin. The fin includes a source region of a first conductivity type, a drain region of the first conductivity type, a channel region of a second conductivity type, the channel region disposed between the source region and the drain region, and a camouflaged fin region of the second conductivity type, the camouflaged Fin region at least partially rendering the camouflaged FinFET in an always-on condition and having a planar layout substantially indistinguishable from a fin region of an uncamouflaged FinFET.

Abstract: A method, apparatus, article of manufacture, and a memory structure for providing a security infrastructure that permits the programming of limited hardware resources that can accept newly downloaded applications and securely support a very large number of services offered by content providers each have the potential to utilize their own independent CAS/DRM system. The CE device owner can consume content from a variety of sources and enable switching among different and existing CAS/DRM security profiles as required by the content provider applications loaded in CE devices.

Abstract: In a general aspect, a method for sharing a memory between two functional entities can include assigning, to the first functional entity, a first data transformation function and a first inverse transformation function, and assigning, to the second functional entity a second data transformation function and a second inverse transformation function. The second inverse data transformation function can be incompatible with the first data transformation function and the first inverse data transformation function can be incompatible with the second data transformation function.

Abstract: A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

Abstract: A method and apparatus for controlling a group of the client devices to switch at least one client device of the group of client devices from a first conditional access system to a second conditional access system is disclosed. In one embodiment, the method comprises generating a group identifier identifying the group of the client devices, transmitting a first client device signaling message having the group identifier only to each client device of the identified group of client devices, the group identifier for storage in each client device of the identified group of client devices in non-volatile memory, and transmitting a second client device signaling message to plurality of client devices, the second client device message comprising the group identifier and signaling a switch of each of the identified group of client devices from the first conditional access system to the second conditional access system.

Abstract: A method and apparatus for obfuscating at least a portion of an integrated circuit is disclosed. In one embodiment, the method comprises computing a number of observable points (COP) for each net of the portion of the integrated circuit, computing a selection weight (WS) for each net, and selecting one or more nets for insertion of at least one protection element based on the computed selection weights (WS).

Abstract: In a general aspect, a method for authenticating a plurality of slave devices connected to a master device can include: generating and sending by the master device a respective challenge to each slave device; in each slave device, generating a response to the respective challenge and transmitting it to the master device; verifying by the master device the response of one of the slave devices; returning by the master device the remaining responses to respective slave devices distinct from those that generated the responses; and verifying by each slave device the response returned thereto by the master device and transmitting the result of the verification to the master device.

Abstract: A method and apparatus for controlling a group of the client devices to switch at least one client device of the group of client devices from a first conditional access system to a second conditional access system or to update conditional access parameters such as keys or watermarking parameters is disclosed.

Abstract: A method, apparatus, article of manufacture, and a memory structure for providing a security infrastructure that permits the programming of limited hardware resources that can accept newly downloaded applications and securely support a very large number of services offered by content providers each have the potential to utilize their own independent CAS/DRM system. The CE device owner can consume content from a variety of sources and enable switching among different and existing CAS/DRM security profiles as required by the content provider applications loaded in CE devices.

Abstract: In a general aspect, a method of generating a protected implementation of an algorithm includes: expanding an original source code implementing the algorithm into a single set of real operations; combining each real operation using real data with the real data it uses, to obtain a combination represented in a way which uses an actual real data fragment in a form different from an original form; producing a set of duplicated and mutated decoy operations representing an alternative implementation of the algorithm, applied to decoy data; combining the set of decoy operations with the set of real operations including the combinations, to obtain an implementation where the decoy operations interact with the real operations and the real data processed by the real operations, such that a real data flow of in the implementation is difficult to analyze; and transforming the implementation into a resulting code that can be executed.

Abstract: In a general aspect, an integrated circuit can include a network configured to detect fault-injection attacks on the integrated circuit, the network including a plurality of optical sensors. The integrated circuit can also include a surveillance flip-flop coupled with the network, the surveillance flip-flop being configured to signal a fault when one or more optical sensors of the plurality of optical sensors changes state. The integrated circuit can further include at least one inductive winding included in the network, the at least one inductive winding being configured to generate an induced voltage that causes switching of at least one optical sensor of the plurality of optical sensors when the at least one inductive winding is subjected to an electromagnetic flux capable of causing a fault-injection in the integrated circuit.

Abstract: A method for sending data by inductive coupling includes: extracting an antenna signal from an antenna circuit, extracting from the antenna signal a first periodic signal, producing a second periodic signal by way of a synchronous oscillator, placing the oscillator in a free oscillation mode and applying to the antenna circuit the second periodic signal, modifying the impedance of the antenna circuit, restoring the amplitude of the antenna signal, then resynchronizing the oscillator on the first periodic signal.

Abstract: A method, apparatus, article of manufacture, and a memory structure for inserting a watermark in a media program is described. In an exemplary embodiment, the method comprises the steps of receiving data comprising the media program in the receiver disposed at a subscriber station, generating a watermark, the watermark generated at least in part according to a secure data processor-unique identifier irreversibly stored in the secure data processor, processing the received data to reproduce the media program, and inserting portions of the generated watermark in the reproduced media program at locations determined at least in part according to the secure data processor-unique identifier to produce a watermarked media program provided for display.

Abstract: A near field transaction system includes a first transaction device having near field communication circuitry, and a portable device having near field communication circuitry. The system also includes at least one transaction server having a memory area with at least one application program, and a mechanism for establishing a data link between the server and the near field communication circuitry of the portable device. The application program is configured to perform a transaction with the first transaction device, using the near field communication circuitry of the portable device as a proximity relay to communicate with the first transaction terminal.

Abstract: In a general aspect, a method for transmitting data by inductive coupling can include applying, at a rate of a data-carrying signal, a plurality of bursts of a periodic signal to a tuned inductive antenna circuit. The method can also include producing, in the tuned inductive antenna circuit, an antenna signal. The antenna signal can generate a magnetic field. The method can further include delimiting an amplitude of each burst of the plurality of bursts of the periodic signal in accordance with an envelope signal having a rising edge and a falling edge. The delimiting the amplitude of each burst of the plurality of bursts of the periodic signal can include generating the plurality of bursts of the periodic signal using a set of points. The set of points can define, by discrete values, a burst of the plurality of bursts of the periodic signal.

Abstract: A method for performing a transaction between a portable device and a transaction terminal includes establishing a communication channel between the portable device and the transaction terminal; establishing a first data link between the transaction terminal and the transaction server; and using an application program in the transaction server to perform the transaction with the transaction terminal through the data link, on behalf of the portable device.

Abstract: In a general aspect, a method for adjusting an oscillator clock frequency can include applying a first control value to a first oscillator, applying a second control value, different from the first control value, to a second oscillator, measuring a frequency of each of the first and second oscillators, determining, by interpolation, a corrected frequency measurement of the second oscillator depending on a frequency deviation measured between the first and second oscillators when subjected to a third control value, on the third control value, and on the control value applied to the second oscillator, determining by interpolation a new first control value depending on the measured frequency of the first oscillator, on the corrected frequency, on the first and second control values, and on a desired frequency, and applying the new first control value to the first oscillator.

Abstract: A method, apparatus, article of manufacture, and a memory structure for inserting a watermark in a media program is described. In an exemplary embodiment, the method comprises the steps of receiving data comprising the media program in the receiver disposed at a subscriber station, generating a watermark, the watermark generated at least in part according to a secure data processor-unique identifier irreversibly stored in the secure data processor, processing the received data to reproduce the media program, and inserting portions of the generated watermark in the reproduced media program at locations determined at least in part according to the secure data processor-unique identifier to produce a watermarked media program provided for display.

Abstract: In an aspect, a method can include generating a cyclic redundancy check code for a binary data item, using a generator polynomial; and masking, using polynomial addition, the binary data item with a binary mask. The method can also include at least one of: storing, by a microcircuit, the masked binary data item in a memory of an electronic device; or transferring, by the microcircuit, the masked data item to another device. The cyclic redundancy check code for the binary data item can be generated from the masked binary data item to prevent discovery of the binary data item by a side-channel attack during the generating the cyclic redundancy check. The binary mask can be a multiple of a random number and the generator polynomial, such that respective cyclic redundancy check code of the masked data item and the binary data item have a same result.