Abstract: An asymmetric cryptographic integrated circuit 20 and a data processing device 10 in which the integrated circuit 20 is used are disclosed. A security boundary 44 is confined to the interior of integrated circuit 20. A random number generator 50 with a hardware entropy source 54 and an arithmetic unit 62 programmed through microcode 38? to perform a variety of cryptographically useful functions are included within security boundary 44. One of these functions is a primality tester 72. A controller 36 for integrated circuit 20 may cause cryptographically sensitive data, such as large random prime numbers and a clear private key to be generated within the confines of security boundary 44. A symmetric key encryption engine 56 is included within security boundary 44 and used to encrypt the clear private key so that a resulting encrypted private key may be stored outside security boundary 44 in a non-volatile memory 12.

Abstract: An asymmetric cryptographic integrated circuit 20 and a data processing device 10 in which the integrated circuit 20 is used are disclosed. A security boundary 44 is confined to the interior of integrated circuit 20. A random number generator 50 with a hardware entropy source 54 and an arithmetic unit 62 programmed through microcode 38? to perform a variety of cryptographically useful functions are included within security boundary 44. One of these functions is a primality tester 72. A controller 36 for integrated circuit 20 may cause cryptographically sensitive data, such as large random prime numbers and a clear private key to be generated within the confines of security boundary 44. A symmetric key encryption engine 56 is included within security boundary 44 and used to encrypt the clear private key so that a resulting encrypted private key may be stored outside security boundary 44 in a non-volatile memory 12.

Abstract: An electronic device as described herein implements a scheme to secure a data mapping function from scan access. The protection scheme can be used as a security measure for proprietary lookup tables, secret constants, digitally implemented algorithms, and the like. The electronic device employs a reconfigurable data mapping arrangement that can be reconfigured for a normal operating mode and a scan testing mode. While in the normal operating mode, a normal data mapping arrangement generates valid output data in accordance with the data mapping function. While in the scanning mode, however, a scanning data mapping arrangement generates invalid but testable output data in accordance with a data masking function that conceals, hides, masks, or obfuscates the data mapping function. Using the data masking function in this manner protects the data mapping function against reverse engineering attacks that attempt to derive the data mapping function from scan testing results.