Abstract: A cryptographic accelerator (processor) retrieves data blocks for processing from a memory. These data blocks arrive and are stored in an input buffer in the order they were stored in memory (or other known order)—typically sequentially according to memory address (i.e., in-order.) The processor waits until a certain number of data blocks are available in the input buffer and then randomly selects blocks from the input buffer for processing. This randomizes the processing order of the data blocks. The processing order of data blocks may be randomized within sets of data blocks associated with a single read transaction, or across sets of data blocks associated with multiple read transactions.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.

Abstract: A cryptographic accelerator (processor) retrieves data blocks for processing from a memory. These data blocks arrive and are stored in an input buffer in the order they were stored in memory (or other known order)—typically sequentially according to memory address (i.e., in-order.) The processor waits until a certain number of data blocks are available in the input buffer and then randomly selects blocks from the input buffer for processing. This randomizes the processing order of the data blocks. The processing order of data blocks may be randomized within sets of data blocks associated with a single read transaction, or across sets of data blocks associated with multiple read transactions.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract: A payment terminal may include payment interfaces to receive payment information from payment devices such as chip cards and NFC payment devices. Monitoring components may monitor these payment interfaces. In addition, test requests may be transmitted to a payment device in order to elicit responses. The monitored information and the responses may be used by the payment terminal to determine whether a transaction is fraudulent or if a tamper attempt is ongoing, based on local test criteria. In addition, the monitored information and responses may be provided to a server, which may store the monitored information and responses, test for fraudulent transactions and tamper attempts based on server test criteria, and determine updates to the local test criteria.

Abstract: A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

Abstract: A payment terminal may include payment interfaces to receive payment information from payment devices such as chip cards and NFC payment devices. Monitoring components may monitor these payment interfaces. In addition, test requests may be transmitted to a payment device in order to elicit responses. The monitored information and the responses may be used by the payment terminal to determine whether a transaction is fraudulent or if a tamper attempt is ongoing, based on local test criteria. In addition, the monitored information and responses may be provided to a server, which may store the monitored information and responses, test for fraudulent transactions and tamper attempts based on server test criteria, and determine updates to the local test criteria.

Abstract: A first and second set of simulation information of a circuit design may be received. Energy consumption values associated with signals may be calculated for each of the first and second sets of simulation information of the circuit design. The energy consumption values associated with the transitions of the plurality of signals for each time point of a plurality of time points may be aggregated based on when each of the transitions of the signals occurs for each of the first and second sets of simulation information. Furthermore, a possible Differential Power Analysis (DPA) leak may be identified at one of the time points based on a difference in aggregated energy consumption values between the first and second sets of simulation information.

Abstract: A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract: A payment terminal may include payment interfaces to receive payment information from payment devices such as chip cards and NFC payment devices. Monitoring components may monitor these payment interfaces. In addition, test requests may be transmitted to a payment device in order to elicit responses. The monitored information and the responses may be used by the payment terminal to determine whether a transaction is fraudulent or if a tamper attempt is ongoing, based on local test criteria. In addition, the monitored information and responses may be provided to a server, which may store the monitored information and responses, test for fraudulent transactions and tamper attempts based on server test criteria, and determine updates to the local test criteria.

Abstract: A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

Abstract: A wireless communication device such as a payment reader has a wireless communication interface and is able to establish wireless pairing with an interactive electronic device such as a merchant device running a point of sale application. In order to establish pairing, the wireless communication device accesses a passkey and encrypts the passkey. The encrypted passkey is transmitted to the interactive electronic device via the wireless communication interface, and the interactive electronic device sends the encrypted passkey to a pairing server. The pairing server decrypts the encrypted passkey and sends the decrypted passkey back to the interactive electronic device via a secure connection. The wireless communication device and the interactive electronic device establish wireless pairing based on the passkey and the decrypted passkey.

Abstract: A wireless communication device such as a payment reader has a wireless communication interface and is able to establish wireless pairing with an interactive electronic device such as a merchant device running a point of sale application. In order to establish pairing, the wireless communication device accesses an identifier. The identifier is transmitted to the interactive electronic device via the wireless communication interface, and the interactive electronic device sends the identifier to a pairing server. The pairing server retrieves a passkey based on the identifier and sends the retrieved passkey to the interactive electronic device via a secure connection. The wireless communication device and the interactive electronic device establish wireless pairing based on the retrieved passkey.

Abstract: A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

Abstract: A first signal and a second signal associated with a circuit may be identified. A first count of a number of times that the second signal is associated with a transition when the first signal is at a first value may be determined. Furthermore, a second count of a number of times that the second signal is associated with a transition when the first signal is at a second value may be determined. A value corresponding to the dependence between the second signal and the first signal may be calculated based on the first count and the second count.

Abstract: In some examples, a system and method for pairing a payment object reader with a point-of-sale (POS) terminal is described herein. The payment object reader includes one or more light indicators configured to display information in an optical pattern of one or more colors, brightness, lightness, and intensities, wherein the light indicators display a first optical pattern representative of an operational status of the payment object reader in a first mode, and a second optical pattern representative of a pairing code in a second mode. A display control component, executed by a processor, is configured to control the light indicators in accordance with the pairing code to generate the second optical pattern, the second optical pattern when shared with the POS terminal enables pairing between the payment object reader and the POS terminal. When paired, the payment object reader allows the POS terminal to accept payments from a customer.

Abstract: A computing device receives a feature name or key name for an integrated circuit comprising a security manager core and an additional component. At least one of a) the additional component is associated with the key name or b) a feature provided by the additional component is associated with the feature name. The computing device receives a specified number of bits associated with the feature name or the key name, and maps the feature name to a feature address space or the key name to a key interface of the security manager core based at on the specified number of bits. The computing device generates at least one hardware description logic (HDL) module based on the mapping, wherein the at least one HDL module is usable to configure the security manager core for delivery of payloads associated with the feature name or the key name to the additional component.

Abstract: A cryptographic accelerator (processor) retrieves data blocks for processing from a memory. These data blocks arrive and are stored in an input buffer in the order they were stored in memory (or other known order)—typically sequentially according to memory address (i.e., in-order.) The processor waits until a certain number of data blocks are available in the input buffer and then randomly selects blocks from the input buffer for processing. This randomizes the processing order of the data blocks. The processing order of data blocks may be randomized within sets of data blocks associated with a single read transaction, or across sets of data blocks associated with multiple read transactions.