Abstract: Described herein is a device for autonomously monitoring a battery is provided. The device is integrated with the battery (e.g., by being electrically coupled to the battery). The device obtains measurement data by injecting electrical signals into the battery and measuring an electrical response of the battery. The device participates in an authentication protocol with a computing device to verify a unique identity of the device to the computing device. After performing the authentication protocol verifying the unique identity of the device, the device transmits battery data to the computer. Further, techniques for verifying the identity of the battery using measurement data obtained by the device are described herein. The techniques generate a battery signature using the measurement data that is then used to verify the identity of the battery. For example, the battery signature may be used to determine whether the battery is counterfeit or defective.

Abstract: Herein disclosed are approaches for protecting sensitive information within a fingerprint authentication system that can be snooped and utilized to access the device, secured information, or a secured application. The approaches can utilize encryption keys and hash functions that are unique to the device in which the fingerprint authentication is being performed to protect the sensitive information that can be snooped.

Abstract: Herein disclosed are approaches for protecting sensitive information within a fingerprint authentication system that can be snooped and utilized to access the device, secured information, or a secured application. The approaches can utilize encryption keys and hash functions that are unique to the device in which the fingerprint authentication is being performed to protect the sensitive information that can be snooped.

Abstract: Remote keyless entry (RKE) systems and devices are described. The RKE devices include one or more passive radios that respond to an interrogation signal from an interrogating device such as a vehicle. The passive radio sends a responsive signal that can include a decaying portion representing a ringdown signal. The passive radio includes a SAW resonator in some situations.

Abstract: A passive wireless sensor may be wirelessly coupled with an interrogator. The sensor uses multiple antennas to receive an interrogation signal from the interrogator and compares a path length difference between the signal received at each antenna. The path length difference changes based on the relative position of the sensor and interrogator. Using the path length difference, the sensor transmits a response signal to the interrogator. The interrogator analyzes the response signal to determine sensor position. The interrogator compares the determined sensor position to a previous known sensor position to determine if an attack has occurred, such as a replay, counterfeit, or tampering attack. The sensor may include cryptographic circuitry that scrambles the response signal, thwarting an attack such as a sniffing attack. The interrogator may include multiple antennas and determine a position of the sensor by calculating an angle-of-arrival that enhances a signal from the sensor, via beamforming.

Abstract: Described herein are techniques of remotely performing key revocation on a device that cannot communicate outside of a local network of the device. The techniques involve including key revocation instructions in software update instructions that are sent to the device. The device may verify the software update instructions using one or more keys to determine whether they are safe for execution on the device. For example, the device may verify that the software update instructions have been sent by a trusted software provider. The device may execute the key revocation instructions included in the software update instruction to revoke use of a key of the key(s), and initiate use of a new key in place of the revoked key.

Abstract: Described herein is a device for autonomously monitoring a battery is provided. The device is integrated with the battery (e.g., by being electrically coupled to the battery). The device obtains measurement data by injecting electrical signals into the battery and measuring an electrical response of the battery. The device participates in an authentication protocol with a computing device to verify a unique identity of the device to the computing device. After performing the authentication protocol verifying the unique identity of the device, the device transmits battery data to the computer. Further, techniques for verifying the identity of the battery using measurement data obtained by the device are described herein. The techniques generate a battery signature using the measurement data that is then used to verify the identity of the battery. For example, the battery signature may be used to determine whether the battery is counterfeit or defective.

Abstract: A passive wireless sensor may be wirelessly coupled with an interrogator. The sensor uses multiple antennas to receive an interrogation signal from the interrogator and compares a path length difference between the signal received at each antenna. The path length difference changes based on the relative position of the sensor and interrogator. Using the path length difference, the sensor transmits a response signal to the interrogator. The interrogator analyzes the response signal to determine sensor position. The interrogator compares the determined sensor position to a previous known sensor position to determine if an attack has occurred, such as a replay, counterfeit, or tampering attack. The sensor may include cryptographic circuitry that scrambles the response signal, thwarting an attack such as a sniffing attack. The interrogator may include multiple antennas and determine a position of the sensor by calculating an angle-of-arrival that enhances a signal from the sensor, via beamforming.

Abstract: According to various aspects, systems and methods are provided for improving a computer system's resistance to tampering. A PUF may be one component of a system. Other components of the system may not have the same level of protection against tampering as the PUF. According to one aspect, tamper protection provided by the PUF may be extended to one or more other components of the system, thus creating a network of tamper-resistant components. The system may include a tamper detection circuit that receives signals from the component(s). The tamper detection circuit generates an output signal based on the received signals that indicates whether any of the components has been tampered with. The PUF may be configured to use the output signal to generate secret information. If the output signal indicates that one of the components has been tampered with, the PUF may prevent generation of the correct secret information.

Abstract: Systems and methods permit automatic joining of a network associated with a specified area within which wireless nodes reside. Network managers located in or near the specified area use wireless proximity detection to estimate distances to wireless nodes requesting to join the network. The network managers can use the estimated distances to determine whether or not a requesting wireless node is located within the specified area. If the requesting wireless node is located within the specified area, the network managers can permit the wireless node to join the wireless network associated with the respective specified area.

Abstract: Herein disclosed are approaches for protecting sensitive information within a fingerprint authentication system that can be snooped and utilized to access the device, secured information, or a secured application. The approaches can utilize encryption keys and hash functions that are unique to the device in which the fingerprint authentication is being performed to protect the sensitive information that can be snooped.

Abstract: According to various aspects, a delay-based physical unclonable function (PUF) device is provided. According to one embodiment, the PUF device includes circuitry for generating output bits of entropy by comparing, or “racing”, a plurality of PUF cells. A PUF cell is a building block of the PUF device. For example, the PUF device may include two identically designed circuits with only process related variations and each circuit can be a PUF cell. According to another aspect, if PUF cells with same history of winning or losing are being compared in a race, adversaries cannot predict the outcome of the current race based on previous race results. Accordingly, systems and methods are described herein for generating multiple rounds of races based on the previous rounds of races. Thus, one PUF cell can be used in multiple pairwise comparisons while maximal entropy is extracted.

Abstract: Systems and methods permit automatic joining of a network associated with a specified area within which wireless nodes reside. Network managers located in or near the specified area use wireless proximity detection to estimate distances to wireless nodes requesting to join the network. The network managers can use the estimated distances to determine whether or not a requesting wireless node is located within the specified area. If the requesting wireless node is located within the specified area, the network managers can permit the wireless node to join the wireless network associated with the respective specified area.

Abstract: According to various aspects, systems and methods are provided for improving a computer system's resistance to tampering. A PUF may be one component of a system. Other components of the system may not have the same level of protection against tampering as the PUF. According to one aspect, tamper protection provided by the PUF may be extended to one or more other components of the system, thus creating a network of tamper-resistant components. The system may include a tamper detection circuit that receives signals from the component(s). The tamper detection circuit generates an output signal based on the received signals that indicates whether any of the components has been tampered with. The PUF may be configured to use the output signal to generate secret information. If the output signal indicates that one of the components has been tampered with, the PUF may prevent generation of the correct secret information.

Abstract: According to various aspects, systems and methods for providing a soft-decoding physical unclonable function are provided. According to one embodiment, PUF circuitry includes circuit elements with impedance values that are used to generate a PUF value. For example, one or more resistors may be connected to a voltage source. The resistors may generate a resulting voltage signal that is measured and indicates a ratio of the impedance values of the resistors. Due to manufacturing variations, each impedance value may be unique, such that the impedance values may be used to provide a unique number sequence. Each ratio value may be converted into a single bit or multi-bit digital value through digitization, for example with a comparator and/or an analog to digital converter, and the series of digital values may represent or be used to generate a unique number sequence.

Abstract: According to various aspects, systems and methods for providing a soft-decoding physical unclonable function are provided. According to one embodiment, PUF circuitry includes circuit elements with impedance values that are used to generate a PUF value. For example, one or more resistors may be connected to a voltage source. The resistors may generate a resulting voltage signal that is measured and indicates a ratio of the impedance values of the resistors. Due to manufacturing variations, each impedance value may be unique, such that the impedance values may be used to provide a unique number sequence. Each ratio value may be converted into a single bit or multi-bit digital value through digitization, for example with a comparator and/or an analog to digital converter, and the series of digital values may represent or be used to generate a unique number sequence.

Abstract: According to various aspects, a delay-based physical unclonable function (PUF) device is provided. According to one embodiment, the PUF device includes circuitry for generating output bits of entropy by comparing, or “racing”,” a plurality of PUF cells. A PUF cell is a building block of the PUF device. For example, the PUF device may include two identically designed circuits with only process related variations and each circuit can be a PUF cell. According to another aspect, if PUF cells with same history of winning or losing are being compared in a race, adversaries cannot predict the outcome of the current race based on previous race results. Accordingly, systems and methods are described herein for generating multiple rounds of races based on the previous rounds of races. Thus, one PUF cell can be used in multiple pairwise comparisons while maximal entropy is extracted.

Abstract: A cryptographic device includes first and second pipeline stages and a pipeline register. The first pipeline stage includes a first byte substitution module configured to (i) receive a first data block including multiple bytes, (ii) perform predetermined mathematical operations on each of the bytes of the first data block, and (iii) for each of the bytes of the first data block, output an intermediate value based on the predetermined mathematical operations. The pipeline register is configured to store the intermediate values. The second pipeline stage includes a second byte substitution module configured to (i) receive the stored intermediate values from the pipeline register, and (ii) generate an output data block, for each intermediate value of the stored intermediate values, by performing predetermined mathematical operations on the intermediate value to generate a corresponding replacement byte of the output data block.

Abstract: A storage drive includes a first memory that stores first text. A first processor generates a first instruction to decrypt the first text. A cryptographic module includes a second memory, a cryptographic device, a memory module, and a second processor. The second memory is inaccessible to the first processor and stores a cryptographic key. The cryptographic device accesses the second memory to obtain the cryptographic key and based on the first instruction, decrypts the first text. The memory module stores a status of execution of the first instruction by the cryptographic device. The second processor, prior to the cryptographic device decrypting the first text, forwards the first instruction to the cryptographic device and stores the status of execution of the first instruction in the memory module. The memory module is connected between the first and second processors and isolates the first processor from the second processor.

Abstract: A hardware implemented system and method of encryption key management may facilitate access to a connected device. In some embodiments, an Input/Output (I/O) controller coupled to a host system may comprise a cryptocontext memory that is only accessible via state machines running on the controller and a key unwrap engine to decrypt wrapped keys associated with commands received from the host system.