Abstract: In an aspect, a cache memory device receives a request to read an instruction or data associated with a memory device. The request includes a first realm identifier and a realm indicator bit, where the first realm identifier enables identification of a realm that includes one or more selected regions in the memory device. The cache memory device determines whether the first realm identifier matches a second realm identifier in a cache tag when the instruction or data is stored in the cache memory device, where the instruction or data stored in the cache memory device has been decrypted based on an ephemeral encryption key associated with the second realm identifier when the first realm identifier indicates the realm and when the realm indicator bit is enabled. The cache memory device transmits the instruction or data when the first realm identifier matches the second realm identifier.

Abstract: In an aspect, a method for protecting software includes obtaining a payload including at least one of instructions or data, establishing a realm in a memory device, encrypting the payload based on an ephemeral encryption key (EEK) associated with the realm, and storing the encrypted payload in the realm of the memory device. In another aspect, a method for protecting software includes receiving a memory transaction associated with the memory device, the memory transaction including at least a realm identifier (RID) and a realm indicator bit, obtaining the EEK associated with the RID when the RID indicates the realm and when the realm indicator bit is enabled, decrypting an instruction and/or data retrieved from the realm based on the EEK when the memory transaction is a read transaction, and encrypting second data for storage in the realm based on the EEK when the memory transaction is a write transaction.

Abstract: Techniques for preventing side-channel attacks on a cache are provided. A method according to these techniques includes executing a software instruction indicating that a portion of software requiring data protection is about to be executed, setting the cache to operate in a randomized mode to de-correlate cache timing and cache miss behavior from data being processed by the portion of software requiring data protection responsive to the instruction indicating that the portion of software requiring data protection is about to be executed, executing the portion of software requiring data protection, storing the data being processed by the portion of software requiring data protection, and setting the cache to operate in a standard operating mode responsive to an instruction indicating that execution of the portion of software requiring data protection has completed.

Abstract: A method includes: decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, where a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and where the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; decrypting, in the device, the second subset of encrypted data using the cryptographic device key to produce second plain text; encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.

Abstract: Various features pertain to embedded key generation and provisioning systems, such as systems installed within smartphones for generating public-key/private-key pairs for use in encryption/decryption and digital signature generation. In some examples, an embedded system is provided that generates two public-key/private-key pairs—one for encryption/decryption and the other for signing/verification—where the two public-key/private-key pairs share a common modulus but are otherwise distinct or uncorrelated. This allows the two key pairs to be generated more efficiently than if two entirely separate key pairs were generated and yet, at least in the context of embedded systems, satisfactory integrity and confidentiality is achieved.

Abstract: Various aspects include a clock monitoring unit/component that is configured to repeatedly/continuously monitor a clock with the speed required to support automobile automation systems without the use of a reference clock. The clock monitoring unit/component may be configured to identify, report, and/or respond to variations or abnormalities in the monitored clock, and initiate an action to prevent the variation from causing or resulting in a failure or a vulnerability to attack. The clock monitoring unit/component in the various aspects may be configured, organized, or arranged to operate so that the circuit is immune or resistant to manipulation, modification, tampering, hacks, and other attacks.

Abstract: Techniques for preventing side-channel attacks on a cache are provided. A method according to these techniques includes executing a software instruction indicating that a portion of software requiring data protection is about to be executed, setting the cache to operate in a randomized mode to de-correlate cache timing and cache miss behavior from data being processed by the portion of software requiring data protection responsive to the instruction indicating that the portion of software requiring data protection is about to be executed, executing the portion of software requiring data protection, storing the data being processed by the portion of software requiring data protection, and setting the cache to operate in a standard operating mode responsive to an instruction indicating that execution of the portion of software requiring data protection has completed.

Abstract: A piston pump is disclosed suitable to be installed on machines for dispensing fluid products, comprising a jacket, a piston device mobile with alternate motion inside said jacket and comprising a rod and a head. The pump also comprises a pipe for fluids to enter and a pipe for fluids to exit, said pipes being disposed on the same side of the jacket and on opposite sides with respect to the piston device.

Abstract: Disclosed is a method for providing a public key for authenticating an integrated circuit. In the method, the integrated circuit obtains a hardware key and an integrated circuit identifier. The integrated circuit generates a derived key based on the hardware key using a key derivation function (KDF) shared with a manufacturing machine. The integrated circuit generates a private key and a corresponding public key using the derived key as an input to a deterministic function. The integrated circuit then provides the public key and the integrated circuit identifier to a partner service for authentication of the integrated circuit using an anonymized credential database to be provided to the partner service by a manufacturer.

Abstract: Various aspects include a clock monitoring unit/component that is configured to repeatedly/continuously monitor a clock with the speed required to support automobile automation systems without the use of a reference clock. The clock monitoring unit/component may be configured to identify, report, and/or respond to variations or abnormalities in the monitored clock, and initiate an action to prevent the variation from causing or resulting in a failure or a vulnerability to attack. The clock monitoring unit/component in the various aspects may be configured, organized, or arranged to operate so that the circuit is immune or resistant to manipulation, modification, tampering, hacks, and other attacks.

Abstract: Techniques for preventing circumvention of digital rights management protections on electronic content are provided. A method according to these techniques includes receiving a content stream, obtaining samples from the content stream, generating a histogram based on the samples from the content stream, classifying the content stream as including audio content or non-audio content based on the histogram, and modifying portions of the content stream responsive to classifying the content stream as including non-audio content. The content stream can be modified such that any video content included in the content stream would be rendered unplayable, while audio content included in the content stream remains playable.

Abstract: Disclosed is an apparatus and method for encrypting plaintext data. The method includes: receiving at least one plaintext data input; applying a Nonce through a function to the at least one plaintext data input to create Nonced plaintext data outputs and/or to intermediate values of a portion of an encryption function applied to the at least one plaintext data input to create intermediate Nonced data outputs; and applying the encryption function to at least one of the Nonced plaintext data outputs and/or the intermediate Nonced data outputs to create encrypted output data. The encrypted output data is then transmitted to memory.

Abstract: In an aspect, a method for protecting software includes obtaining a payload including at least one of instructions or data, establishing a realm in a memory device, encrypting the payload based on an ephemeral encryption key (EEK) associated with the realm, and storing the encrypted payload in the realm of the memory device. In another aspect, a method for protecting software includes receiving a memory transaction associated with the memory device, the memory transaction including at least a realm identifier (RID) and a realm indicator bit, obtaining the EEK associated with the RID when the RID indicates the realm and when the realm indicator bit is enabled, decrypting an instruction and/or data retrieved from the realm based on the EEK when the memory transaction is a read transaction, and encrypting second data for storage in the realm based on the EEK when the memory transaction is a write transaction.

Abstract: A method includes: decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, where a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and where the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; decrypting, in the device, the second subset of encrypted data using the cryptographic device key to produce second plain text; encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.

Abstract: Techniques for protecting software in a computing device are provided. A method according to these techniques includes receiving a request from a non-secure software module to execute an instruction of a secure software module comprising encrypted program code, determining whether the instruction comprises an instruction associated with a controlled point of entry to the secure software module accessible outside of the secure software module, executing one or more instructions of the secure software module responsive to the instruction comprising an instruction associated with the controlled point of entry to the secure software module, and controlling exit from the secure software module to return execution to the non-secure software module.

Abstract: In an aspect, a cache memory device receives a request to read an instruction or data associated with a memory device. The request includes a first realm identifier and a realm indicator bit, where the first realm identifier enables identification of a realm that includes one or more selected regions in the memory device. The cache memory device determines whether the first realm identifier matches a second realm identifier in a cache tag when the instruction or data is stored in the cache memory device, where the instruction or data stored in the cache memory device has been decrypted based on an ephemeral encryption key associated with the second realm identifier when the first realm identifier indicates the realm and when the realm indicator bit is enabled. The cache memory device transmits the instruction or data when the first realm identifier matches the second realm identifier.

Abstract: One feature pertains to an electronic device that includes a memory circuit and a processing circuit. The processing circuit computes a scalar multiplication output Z where Z=k·P by receiving an input multiplier k and a base P, and adds a modifier s to the input multiplier k to generate k?. The processing circuit also computes an intermediate scalar multiplication output Z? where Z?=k?·P by using a digit expansion of k? that includes a sequence of digits ki belonging to a digit set D. Additionally, the processing circuit subtracts s·P from Z? to obtain the scalar multiplication output Z if k? is odd or subtracts (s+1)·P from Z? to obtain the scalar multiplication output Z if k? is even. The scalar multiplier output Z may be used in a cryptographic security algorithm to secure data.

Abstract: An acoustic tracking system is provided that includes receivers that detect first acoustic signals from a first set of transmitters disposed on a digital pen and second acoustic signals from a second set of transmitters disposed on a base station. The acoustic tracking system also includes a processing component that defines a two-dimensional plane on which the base station lies and determines a three-dimensional position of the digital pen relative to the base station. The processing component projects the three-dimensional position of the digital pen onto the two-dimensional plane and records, based on the projected three-dimensional position, the three-dimensional position of the digital pen relative to the base station, where the recorded three-dimensional position of the digital pen represents an object representative of movement of the digital pen.

Abstract: One feature pertains to an electronic device that includes a memory circuit and a processing circuit. The processing circuit computes a scalar multiplication output Z where Z=k·P by receiving an input multiplier k and a base P, and adds a modifier s to the input multiplier k to generate k?. The processing circuit also computes an intermediate scalar multiplication output Z? where Z?=k?·P by using a digit expansion of k? that includes a sequence of digits ki belonging to a digit set D. Additionally, the processing circuit subtracts s·P from Z? to obtain the scalar multiplication output Z if k? is odd or subtracts (s+1)·P from Z? to obtain the scalar multiplication output Z if k? is even. The scalar multiplier output Z may be used in a cryptographic security algorithm to secure data.

Abstract: Techniques for preventing circumvention of digital rights management protections on electronic content are provided. A method according to these techniques includes receiving a content stream, obtaining samples from the content stream, generating a histogram based on the samples from the content stream, classifying the content stream as including audio content or non-audio content based on the histogram, and modifying portions of the content stream responsive to classifying the content stream as including non-audio content. The content stream can be modified such that any video content included in the content stream would be rendered unplayable, while audio content included in the content stream remains playable.