Abstract: An apparatus is provided for varying paths from power sources to components in order to inhibit side channel attacks. The power source provides power. The circuit component consumes the power to perform a function and a power grid provides a plurality of redundant paths by which the power can flow from between the circuit component and one of a power source and ground, to perform the function. The power grid is dynamically selects at least one active path of the redundant paths through which the power flows to perform the function.

Abstract: Apparatuses and methods for memory protection are disclosed. A memory protection apparatus is interposed between a system cache and a memory system. The apparatus comprises encryption circuitry, which encrypts data item in dependence on encryption metadata and decrypts encrypted data items in dependence on the encryption metadata. In response to a change in a metadata item of the encryption metadata, when no cached copy of an affected data item is currently in the system cache, the affected data item is retrieved from the memory system, re-encrypted using the updated metadata item and returned to the memory system. When there is a cached copy, in dependence on update control data, the copy is retrieved from the system cache, encrypted using the updated metadata item and written out to the memory system.

Abstract: An apparatus comprises counter tree circuitry configured to store, in a first node of a counter tree, a representation of a parent counter value and in a second node of the counter tree, wherein the second node is a child node of the first node, an encrypted representation of two or more counter values. The encryption operation for forming the encrypted representation of the two or more counter values takes as an input the parent counter value. The apparatus also comprises integrity checking circuitry to check the integrity of an item of data retrieved from memory based on a comparison between a stored authentication code and a generated authentication code generated based on the item of data and a decrypted counter value determined from an encrypted representation of a counter value retrieved from the second node, decrypted using a parent counter value retrieved from the first node.

Abstract: An apparatus comprises counter integrity tree circuitry to maintain a counter integrity tree having a plurality of nodes. The counter integrity tree circuitry is configured to store, in a first node of the counter integrity tree, an encrypted representation of two or more non-repeating counters and in a second, parent, node, an indication of a function value equal to a non-repeating function of the two or more non-repeating counters of the first node. The apparatus comprises integrity checking circuitry configured to check the integrity of the first node using the function value retrieved from the second node.

Abstract: Embodiments of the present disclosure advantageously provide a secure boot integrity verification system that is protected against future quantum attacks without relying on correctly functioning hardware security modules (HSMs) for the expected lifetime of the computer system or embedded device.

Abstract: A data processing apparatus includes a requester, a completer and a cache. Data is transferred between the requester and the cache and between the cache and the completer. The cache implements a cache eviction policy. The completer determines an eviction cost associated with evicting the data from the cache and notifies the cache of the eviction cost. The cache eviction policy implemented by the cache is based, at least in part, on the cost of evicting the data from the cache. The eviction cost may be determined, for example, based on properties or usage of a memory system of the completer.

Abstract: Systems, devices and methods are provided for operating a skewed-associative cache in a data processing system and, in particular, for changing address-to-row mappings in a skewed-associative cache.

Abstract: Systems, devices and methods are provided for operating a skewed-associative cache in a data processing system and, in particular, for changing address-to-row mappings in a skewed-associative cache.

Abstract: A data processing apparatus includes a requester, a completer and a cache. Data is transferred between the requester and the cache and between the cache and the completer. The cache implements a cache eviction policy. The completer determines an eviction cost associated with evicting the data from the cache and notifies the cache of the eviction cost. The cache eviction policy implemented by the cache is based, at least in part, on the cost of evicting the data from the cache. The eviction cost may be determined, for example, based on properties or usage of a memory system of the completer.

Abstract: Embodiments of the present disclosure advantageously provide a secure boot integrity verification system that is protected against future quantum attacks without relying on correctly functioning hardware security modules (HSMs) for the expected lifetime of the computer system or embedded device.

Abstract: System, device, and method of authenticated encryption of messages. A message intended for authenticated encryption is stored; and a secret authentication key and a secret encryption key are stored. A key-stream set of blocks is generated, each block including pseudo-random bits. The aggregate length of the key-stream is equal to or greater than the message-length of the message. Each block of the key-stream is generated by a deterministic pseudo-random number generator function that is instantiated with the secret encryption key. The key-stream is generated on a block-by-block basis, until the key-stream reaches in aggregate the message-length of the message. Each block of bits of the message is encrypted, on a per-block basis, with a corresponding block from the key-stream. Authentication is performed on the result of the encrypting operation, or on the message, by applying a keyed cryptographic checksum function that ascertains integrity and that utilizes the secret authentication key.

Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

Abstract: System, device, and method of provisioning cryptographic assets to devices.

Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

Abstract: System, device, and method of provisioning cryptographic assets to devices.

Abstract: Methods of detecting influenza, including differentiating between type and subtype are disclosed, for example to detect, type, and/or subtype an influenza infection. A sample suspected of containing a nucleic acid of an influenza virus, is screened for the presence or absence of that nucleic acid. The presence of the influenza virus nucleic acid indicates the presence of influenza virus. Determining whether the influenza virus nucleic acid is present in the sample can be accomplished by detecting hybridization between an influenza specific probe, influenza type specific probe, and/or subtype specific probe and an influenza nucleic acid. Probes and primers for the detection, typing and/or subtyping of influenza virus are also disclosed. Kits and arrays that contain the disclosed probes and/or primers also are disclosed.

Abstract: Methods of detecting influenza, including differentiating between type and subtype are disclosed, for example to detect, type, and/or subtype an influenza infection. A sample suspected of containing a nucleic acid of an influenza virus, is screened for the presence or absence of that nucleic acid. The presence of the influenza virus nucleic acid indicates the presence of influenza virus. Determining whether the influenza virus nucleic acid is present in the sample can be accomplished by detecting hybridization between an influenza specific probe, influenza type specific probe, and/or subtype specific probe and an influenza nucleic acid. Probes and primers for the detection, typing and/or subtyping of influenza virus are also disclosed. Kits and arrays that contain the disclosed probes and/or primers also are disclosed.

Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

Abstract: System, device, and method of provisioning cryptographic assets to devices.

Abstract: Methods of detecting influenza, including differentiating between type and subtype are disclosed, for example to detect, type, and/or subtype an influenza infection. A sample suspected of containing a nucleic acid of an influenza virus, is screened for the presence or absence of that nucleic acid. The presence of the influenza virus nucleic acid indicates the presence of influenza virus. Determining whether the influenza virus nucleic acid is present in the sample can be accomplished by detecting hybridization between an influenza specific probe, influenza type specific probe, and/or subtype specific probe and an influenza nucleic acid. Probes and primers for the detection, typing and/or subtyping of influenza virus are also disclosed. Kits and arrays that contain the disclosed probes and/or primers also are disclosed.