Abstract: An electronic device may include circuitry and an anti-tamper device having a physical characteristic that changes in response to a tamper attempt. The circuitry is configured to determine physically unclonable function (PUF) data based on the physical characteristic and to perform at least one secure operation based on the PUF data. The circuitry is further configured to detect the tamper attempt based a change to the physical characteristic and to perform at least one action in response to detection of the tamper attempt for protecting the electronic device from the tamper attempt.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

Abstract: A point of sale system has a display for receiving touch inputs, a controller to receive the touch inputs from the display, and a secure controller to receive touch input data from the controller. The system also has a card interface module and a contactless interface module to provide encrypted data to the secure controller. The secure controller can operate in either a secure mode or a non-secure mode. When a non-secure mode is engaged, the secure controller provides the touch input data to a processor. When a secure mode is engaged, the secure controller blocks at least a portion of the touch input data from the processor.

Abstract: A transaction device includes circuitry that provides a power supply to a processor of the transaction device. Attackers may attempt to glitch the processor power supply in a manner that causes processor to operate incorrectly such as by skipping instructions. A monitoring circuit may be coupled to the processor power supply circuitry to identify conditions that are indicative of a glitch attempt. Glitch attempts may be stored in a memory and reported to the processor to induce the execution of counter-measures.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: A device may include a physically unclonable function (PUF) source that has at least one fuse embedded in the device. The PUF source may be responsive to an input for transmitting a signal through the fuse and providing a PUF value based on a measurement of such signal. The device also has circuitry that is configured to modify the fuse by transmitting a signal of sufficiently high current or voltage through the fuse to change its resistance, thereby changing a response of the PUF source to the input.

Abstract: A transaction device includes a bootloader that a processing unit executes during device startup. The bootloader causes the processing unit to access values from a persistent memory that are relevant to whether a glitch has occurred on a power supply for the processing unit. Based on the values that are acquired from the persistent memory, the processing unit may implement countermeasures, such as disabling certain device operations or delaying the device booting process.

Abstract: A device may include a physically unclonable function (PUF) source that has at least one fuse embedded in the device. The PUF source may be responsive to an input for transmitting a signal through the fuse and providing a PUF value based on a measurement of such signal. The device also has circuitry that is configured to modify the fuse by transmitting a signal of sufficiently high current or voltage through the fuse to change its resistance, thereby changing a response of the PUF source to the input.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.

Abstract: A point of sale system has a display for receiving touch inputs, a controller to receive the touch inputs from the display, and a secure controller to receive touch input data from the controller. The system also has a card interface module and a contactless interface module to provide encrypted data to the secure controller. The secure controller can operate in either a secure mode or a non-secure mode. When a non-secure mode is engaged, the secure controller provides the touch input data to a processor. When a secure mode is engaged, the secure controller blocks at least a portion of the touch input data from the processor.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.