Abstract: In a method for protecting an exponentiation calculation by means of the Chinese remainder theorem, in particular the combining step (16), wherein the Garner combination algorithm is preferably used, is verified for its correctness prior to outputting (24) the results of the combining step (18). In doing so, the combination algorithm is verified directly prior to outputting the result of the exponentiation calculation, so as to eliminate the outputs of an incorrect result, for example due to a hardware error attack, so as to ward off the error attack.

Abstract: Techniques for protecting content to ensure its use in a trusted environment are disclosed. The stored content is protected against harmful and/or defective host (or hosted) environments. A trusted security component provided for a device can verify the internal integrity of the stored content and the host before it allows the content to come in contact with the host. As a counter part, a trusted security component provided for the host can verify and attest to the integrity of the host and/or specific host computing environment that can be provided for the content stored in the device. The trusted security component provided for a device effectively verify the host integrity based on the information attested to by the trusted security component provided for the host. If the trusted security component trusts the host, it allows the trusted host to provide a trusted host computing environment trusted to be safe for the content stored in the device.

Abstract: A device for converting a term comprising a product of a first operand and a second operand into a representation having an integer quotient regarding a modulus and a remainder, the integer quotient being defined by T/N, T being the term and N being the modulus, and the remainder being defined by T mod N, N being the modulus. The device modularly reduces the term using the modulus on the one hand and modularly reduces the term using an auxiliary modulus, which is greater than the modulus, on the other hand to obtain the remainder on the one hand and the auxiliary remainder on the other hand. Both the remainder and the auxiliary remainder are combined to obtain the integer quotient. The inventive device makes it possible to calculate even the integer quotient, that is the result of the divide (DIV) operation, by performing a command for a modular multiplication existing on conventional cryptoprocessors two times.

Abstract: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase to populate a data structure. Then, a first random number multiplied by a public key is added to each value in the data structure, in modulo of a second random number multiplied by the public key. Then an exponentiation phase is performed, wherein each modular multiplication and square operation in the exponentiation phase is performed in modulo of the second random number multiplied by the public key, producing a result. Then the result of the exponentiation phase is reduced in modulo of the public key. The introduction of the random numbers aids in the prevention of potential security breaches from the deduction of operands in the table initiation phase by malicious individuals.

Abstract: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. Then an exponentiation phase is performed, wherein the exponentiation phase includes two or more parsing steps, wherein each of the parsing steps includes parsing a part of a cryptographic key into a window of size n, wherein n is a difficult to predict number.

Abstract: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. This may be accomplished by creating a permutation of an order of powers and then performing a table initiation phase using a part of a key and the permuted order of powers to populate a data structure.

Abstract: A processor includes a calculator, a plurality of electronic fuses for storing secret data and reader for reading out the plurality of electronic fuses to determine the secret data. By storing the secret data, like for example a secret key for the identification of the processor or a chip card, respectively, in which the processor is arranged, in electronic fuses, a secure and efficient and simultaneously flexible way for introducing sensitive information into an integrated circuit is achieved.

Abstract: In a method for protecting a calculation in a cryptographic algorithm, the calculation obtaining input data so as to create output data, input data for the calculation are initially provided. Subsequently, the calculation is performed so as to obtain the output data of the calculation. After the calculation has been performed, a verification is carried out as to whether the input data was changed during the calculation, to be precise using a verification algorithm which differs from the calculation itself. If the verification proves that the input data was changed during the calculation, forwarding of the output data is suppressed. By doing so, outputting of incorrect results of the calculation of the cryptographic algorithm is prevented with a high degree of certainty, since the input data is particularly susceptible to hardware attacks. In addition, the input data may be examined with a view to their integrity with little expenditure compare to calculating the cryptographic algorithm itself.

Abstract: For a secure encryption of original data the original data are first of all encrypted using an encryption key or an encryption algorithm. The thus obtained data are then again decrypted using a decryption algorithm and a decryption key in order to obtain decrypted data. These data are again used together with the original data in order to calculate an auxiliary key. The decrypted data are then encrypted using the calculated auxiliary key in order to obtain output data. In case of a DFA attack no output of the device is suppressed, but the output result is encrypted using the auxiliary key which deviates from the original encryption key in case of the DFA attack so that an attacker cannot use the output data anymore and the DFA attack is useless.

Abstract: A processor includes a source register having a source register content, a destination register, a calculating unit for performing a calculation using the source register content, wherein the calculation is performed in several calculation cycles, and wherein in each cycle only one portion of the source register content is useable, a data bus connected to the source register, the destination register and the calculating unit, and a processor controller. The processor controller is operable to supply the source register content in portions to the calculating unit on the one hand and to the destination register on the other hand during the calculation via the data bus, so that after an execution of the calculation the source register content is written into the destination register. Therefore it is possible to obtain a register copy of a source register the destination register via a limited data bus without additional machine cycles for long operands to be processed in portions.

Abstract: A Security Enhanced Linux (SELinux) system implementing extended policy models and method for their enforcement, is provided. Extended attributes are defined to specify extended policies. The SELinux policy model is extended to include the extended policies. The extended policies are enforced in addition to SELinux Type Enforcement. In one implementation, defining extended attributes involves defining TC-related attributes to specify TC-related policies. Further, extending the SELinux policy model includes extending the SELinux policy model to include the TC-related policies, in addition to SELinux Type Enforcement. Furthermore, enforcing the extended policies includes enforcing the TC-related policies in addition to SELinux Type Enforcement.

Abstract: Methods and apparatuses enable countermeasures to obstruct a fault-based attack on an authentication procedure. A digital message M, a signature S, and a modulus N are received, where the signature S is to sign the digital message M, and the modulus N is a public modulus for modular authentication operations. In one embodiment, the message and signature are compliant with the RSA algorithm. The signature S is validated, and after validation of the signature S, one or more N-based computations are performed that validate N. In one embodiment, N is validated prior to validating the signature S, and a double-validation countermeasure provides for re-validating N after validating S. In one embodiment, N is validated or re-validated in conjunction with validation of S. N can be validated in conjunction with validation of S through the use of computations with intermediate values derived from a trusted copy of N.

Abstract: A method, apparatus, and system, the apparatus including, in some embodiments, a printed circuit board (PCB), an integrated circuit (IC) positioned over and electrically connected to the PCB, a chip positioned between the PCB and the IC, and a closed boundary barrier between and contacting the PCB and the IC to define an inner containment area that completely contains the chip within the inner containment area.

Abstract: Apparatus and methods for reducing information leakage between processes sharing a cache are disclosed. In one embodiment, an apparatus includes execution logic, a cache memory, and cache security logic. The execution unit is to execute a plurality of processes. The cache memory is to be shared between the plurality of processes. The cache security logic is to cause a stored cache state to be loaded into the cache memory.

Abstract: In a method for modular multiplication using a multiplication look-ahead process for computing a multiplication shift value and a reduction look-ahead process for computing a reduction shift value, a modulus is first transformed into a transformed modulus that is greater than said modulus. The transformation is carried out such that a predetermined fraction of the transformed modulus has a higher-order digit with a first predetermined value that is followed by at least one low-order digit having a second predetermined value. During the iterative working off of the modular multiplication using the multiplication look-ahead process and the reduction look-ahead process, the transformed modulus is utilized so as to obtain at the end of the iteration a transformed result for the modular multiplication. Finally, the transformed result is re-transformed by modular reduction using the original modulus.

Abstract: In a method of determining a pair of numbers comprising a first number and a second number, in which the first number may be a first key and the second number may be a second key of an encryption system and the second number is the multiplicative inverse with respect to a modulus of the first number, said modulus being equal to the product of a first prime number and a second prime number, the first number is selected first. Thereafter, a first sub-number for the second number is computed as a multiplicative inverse of the first number with respect to a first sub-modulus that is equal to the first prime number minus 1 divided by the greatest common divisor of the first prime number minus 1 and the second prime number minus 1. Then, a second sub-number for the second number is computed as multiplicative inverse of the first number with respect to a second sub-modulus that is equal to the second prime number minus 1, with said first sub-modulus and said second sub-modulus being relatively prime.

Abstract: In a device for calculating a result of a modular exponentiation, the Chinese Residue Theorem (CRT) is used, wherein two auxiliary exponentiations are calculated using two auxiliary exponents and two sub-moduli. In order to improve the safety of the RSA CRT calculations against cryptographic attacks, a randomization of the auxiliary exponents and/or a change of the sub-moduli are performed. Thus, there is a safe RSA decryption and RSA encryption, respectively, by means of the calculating time efficient Chinese Residue Theorem.

Abstract: Executing a program on a processor based system, the program including an implementation of an algorithm including one or more modular multiplication operations and one or more modular squaring operations, such that the program performs the execution of each of the one or more modular multiplication operations in a first thread of execution, and performs the execution of each of the one or more modular squaring operations in a second thread of execution distinct from the first thread.

Abstract: Methods, software/firmware and apparatus for implementing a tamper-aware virtual trusted platform module (TPM). Under the method, respective threads comprising a virtual TPM thread and a security-patrol threads are executed on a host processor. In one embodiment, the host processor is a multi-threaded processor having multiple logical processors, and the respective threads are executed on different logical processors. While the virtual TPM thread is used to perform various TPM functions, the security-patrol thread monitors for physical attacks on the processor by implementing various numerical calculation loops, wherein an erroneous calculation is indicative of a physical attack. In response to detection of such an attack, various actions can be taken in view of one or more predefined security policies, such as logging the event, shutting down the platform and/or informing a remote management entity.

Abstract: A processor circuit includes a logic chip with a logic circuit and a non-volatile memory as well as a memory chip with a non-volatile memory. A key is stored in the non-volatile memory of the logic chip by using electronic fuses. Further, personalization information is stored, which signalizes that the logic chip is allocated to a memory chip. A chip identification encrypted with the key is stored in the memory chip at an ID memory area. During starting up the processor, it is first verified whether the encrypted logic chip identification stored in the memory chip is authentic or not. Thereby, a simple and inexpensive personalization of a memory chip to a logic chip can be obtain in order to ward off attacks with regard to the removal or manipulation, respectively, of the memory chip.