Abstract: In one or more embodiments, an integrated circuit includes a programmable memory, a key generation module and a module. The programmable memory is to maintain a first key portion. The key generation module is to generate a key using the first key portion from the programmable memory and a second key portion received via a memory interface. The module is to encrypt or decrypt data using the key.

Abstract: A hardware architecture for encryption and decryption device can improve the encryption and decryption data rate by using parallel processing, and pipeline operation, and save footprint by sharing hardware components. The hardware architecture can also be associated with a memory to protect the information stored at the memory. The encryption device can include a tweaking value manager to generate an array of tweaking values corresponding to the array of data blocks based on a tweaking encryption key, a first encryption unit to encrypt a first portion of the array of data blocks into a first portion of encrypted data blocks based on corresponding tweaking values and a data encryption key, a second encryption unit to encrypt a second portion of the array of data blocks, and a data block combiner to combine the first portion of encrypted data blocks and the second portion of encrypted data blocks.

Abstract: Devices, systems, methods, and other embodiments associated with processing commands according to authorization are described. In one embodiment, a chip includes an unsecure module configured to control unsecure firmware to process a command on data flowing in a datapath. The unsecure module processes commands from untrusted sources and trusted sources. The chip includes a secure module configured to determine if a command is from a trusted source and when the command is from a trusted source, the secure module controls secure firmware to further process the data flowing in the datapath. When the command is from an untrusted source, the secure module controls the secure firmware to not process the data flowing in the datapath.

Abstract: A cryptographic device includes a first state module, a key addition module, a byte substitution module, and a column mixing module. The first state module stores a first data block. The key addition module adds a key to the first data block to generate a second data block. The byte substitution module replaces each byte of the second data block to generate a third data block. The byte substitution module includes a first byte substitution sub-module that generates an intermediate data block in response to the second data block, a pipeline register that stores the intermediate data block, and a second byte substitution sub-module that generates the third data block in response to the intermediate data block. The column mixing module generates a fourth data block based on the third data block and provides the fourth data block to the first state module for storage.

Abstract: The present disclosure describes apparatuses and techniques for fail-safe key zeroization. In some aspects a periodic counter is activated that is configured to indicate an amount of time that content of a one-time-programmable (OTP) memory is accessible and overwriting of the content of the OTP is caused when the periodic counter reaches a predetermined value effective to zeroize the content. In other aspects a periodic counter is started in response to a power event and one or more encryption keys stored in OTP memory are zeroized if an indication of media drive security is not received within a predetermined amount of time.

Abstract: Cryptographic apparatus having corresponding methods and computer-readable media comprise: a mailbox memory module to store cryptographic commands received from a client over a client bus, wherein the client is external to the cryptographic apparatus; and a secure processor to obtain the cryptographic commands from the mailbox memory module over a first secure internal bus, execute the cryptographic commands, and store a status of execution of the cryptographic commands in the mailbox memory module over the first secure internal bus, wherein the client obtains the status of the cryptographic commands from the mailbox memory module over the client bus.

Abstract: An encryption device can include a tweaking value manager that is configured to generate an array of tweaking values corresponding to the array of data blocks based on a tweaking encryption key, a first encryption unit that is configured to encrypt a first portion of the array of data blocks into a first portion of encrypted data blocks based on corresponding tweaking values and a data encryption key, a second encryption unit that is configured to encrypt a second portion of the array of data blocks into a second portion of encrypted data blocks based on corresponding tweaking values and the data encryption key, and a data block combiner that is configured to combine the first portion of encrypted data blocks and the second portion of encrypted data blocks into an array of encrypted data blocks.

Abstract: In one or more embodiments, an integrated circuit includes a programmable memory, a key generation module and a module. The programmable memory is to maintain a first key portion. The key generation module is to generate a key using the first key portion from the programmable memory and a second key portion received via a memory interface. The module is to encrypt or decrypt data using the key.

Abstract: Devices, systems, methods, and other embodiments associated with processing commands according to authorization are described. In one embodiment, a chip includes a secure module configured to store secure firmware, and to execute the secure firmware. The secure firmware prevents the secure module from at least partially processing a command that originated from an untrusted source. The chip also includes an unsecure module configured to store unsecure firmware, and to execute the unsecure firmware. The unsecure firmware permits the unsecure module to process a command having originated from an untrusted source. The chip is configured where the unsecure firmware is separately updateable from the secure firmware.

Abstract: Secure memory controlled access is described. In embodiment(s), memory stores encrypted data and the memory includes a secure memory partition to store cryptographically sensitive data utilized to control access to the encrypted data stored on the memory. Controller firmware can access the encrypted data stored on the memory, but is precluded from access to the secure memory partition and the cryptographically sensitive data. Secure firmware can access the cryptographically sensitive data stored on the secure memory partition to control access by the controller firmware to the encrypted data stored on the memory.

Abstract: A cryptographic device comprises a first pipeline stage, a pipeline register, and a second pipeline stage. The first pipeline stage comprises a first byte substitution module that performs mathematical operations on a received byte and outputs an intermediate value based on the mathematical operations. The pipeline register stores the intermediate value. The second pipeline stage comprises a second byte substitution module and a column mixing module. The second byte substitution module generates a replacement byte corresponding to the received byte based on mathematical operations performed on the stored intermediate value. The column mixing module transforms groups of four bytes of a plurality of replacement bytes including the replacement byte.

Abstract: The disclosure provides a hardware architecture for encryption and decryption device. The hardware architecture can improve the encryption and decryption data rate by using parallel processing, and pipeline operation. Further, the hardware architecture can save footprint by sharing hardware components. Additionally, the hardware architecture can be associated with a memory to protect the information stored at the memory.

Abstract: In a device having a data channel, in which random numbers are needed, such as a data storage device that uses random numbers to generate keys for cryptographic applications, random numbers are generated by a deterministic random bit generator seeded by bits derived from noise on the channel itself. The bits may be extracted from the least significant bits of the data signal after it is digitized, because those bits correspond to the noise in the signal. The extraction may occur immediately after digitization, or after subsequent filtering. A data signal emulator may be provided to simulate a data signal if a seed is required at a time when there is no data activity on the channel. The extracted bits may be post-processed to remove bias before the seed is provided to the deterministic random bit generator.

Abstract: Methods and systems for document image decoding incorporating a Stack algorithm improve document image decoding. The application of the Stack algorithm is iterated to improved decoding. A provisional weight is determined for a partial path to reduce template matching. In addition, semantically equivalent hypotheses are identified to reduce redundant hypotheses.

Abstract: Methods and systems for document image decoding incorporating a Stack algorithm improve document image decoding. The application of the Stack algorithm is iterated to improve decoding. A provisional weight is determined for a partial path to reduce template matching. In addition, semantically equivalent hypotheses are identified to reduce redundant hypotheses.

Abstract: Methods and systems for document image decoding incorporating a Stack algorithm improve document image decoding. The application of the Stack algorithm is iterated to improve decoding. A provisional weight is determined for a partial path to reduce template matching. In addition, semantically equivalent hypotheses are identified to reduce redundant hypotheses.

Abstract: Methods and systems for document image decoding incorporating a Stack algorithm improve document image decoding. The application of the Stack algorithm is iterated to improved decoding. A provisional weight is determined for a partial path to reduce template matching. In addition, semantically equivalent hypotheses are identified to reduce redundant hypotheses.