Abstract: Circuit arrangement having a chip card controller with connections which can be used to access the chip card controller in accordance with the ISO standard and which are connected or can be connected to an ISO interface. The connections include at least one first connection, which can be connected to the ISO interface via a switch device. In addition, the circuit arrangement includes a further controller with at least one controller connection which is coupled to the switch device such that the first connection of the chip card controller can be connected to the controller connection via the switch device. The switch device can be switched between a first and a second state, where in the first state the first connection of the chip card controller is decoupled from the controller connection and is connected to the ISO interface, and where in the second state the first connection of the chip card controller is decoupled from the ISO interface and is connected to the controller connection.

Abstract: A data storage medium having a memory unit, a control unit, and an interface having contact pads for at least one voltage supply and one data transmission. Provision is made of a test signal generating device for generating test signals used to test the data storage medium. The data storage medium can be switched into a test mode in which the test signals are used for the test.

Abstract: A microcontroller for security applications includes an encryption unit between a bus and a functional unit. The encryption unit includes a gate and a key register. A memory is provided with a further encryption unit whose gate is connected between the register and the gate of the first encryption unit. As a result, the transferred information item is available in encrypted form at any point on the bus.

Abstract: A data-processing apparatus has a data provider for providing an input datum encrypted by an encryption key. In addition, the data-processing apparatus has a key stream generator for generating a key stream in a predetermined deterministic manner such that the key stream has a decryption key corresponding to the encryption key. Furthermore, the data-processing apparatus has a data processor for processing the encrypted input datum in a masked manner using the decryption key as a temporary key to obtain an output datum encrypted by an output key such that the encrypted output datum corresponds to a result, encrypted by the output key, of a predetermined operation on the encrypted input datum having been decrypted by the decryption key.

Abstract: A cryptographic unit includes a first processing unit for determining an output signal on the basis of the AES algorithm and for determining a first comparison signal, a second processing unit for determining a second comparison signal, and a release unit for providing the output signal, wherein the release unit is designed to perform a defense measure against an external tapping of the output signal when the first comparison signal is not related to the second comparison signal in a predetermined relationship. The first comparison signal is determined in a different way as compared to the second comparison signal, so that, in the case of the injection of faults into the cryptographic unit, these faults may be detected very easily.

Abstract: Method for synchronizing a cache memory with a main memory, the cache memory provided to buffer-store data between a processor and the main memory, and memory entries of the cache memory each having a data area and an identification area. The processor provides a synchronization value to determine which memory entries of the data area are to be synchronized with the main memory. A cache logic circuit of the cache memory then compares the synchronization value with contents of a memory field of each memory entry. When there is a match, the cache logic circuit checks a flag of a third memory field of the identification area for a first state, which indicates that a change was made to the data area of the memory entry since the last synchronization. When the flag is in the first state, the contents of the data area are transferred to the main memory.

Abstract: A shift device for shifting a first place of a data word, which consists of a plurality of places, to a second place so as to obtain a shifted data word, wherein the first place is encrypted using a first encryption parameter and wherein the second place is encrypted using a second encryption parameter, includes a unit for shifting the first place of the data word to the second place of the data word, a unit for re-encrypting the first place from an encryption using the first encryption parameter into an encryption using the second encryption parameter, and a control for controlling the unit for shifting and the unit for re-encryption so that the first place is first shifted to the second place and is then re-encrypted, or that the first place is first re-encrypted and is then shifted to the second place. This ensures that data encrypted either with the first encryption parameter or with the second encryption parameter are always shifted, thus making it harder for attackers to eavesdrop on clear text data.

Abstract: By arranging a redundancy means and a control means upstream from an encryption means which encrypts and decrypts the data to be stored in an external memory, the integrity of data may be ensured when the generation of redundancy information is realized by the redundancy means, and when the generation of a syndrome bit vector indicating any alteration of the data is implemented by the control means. What is preferred is a control matrix constructed from idempotent, thinly populated, circulant square sub-matrices only. By arranging redundancy and control means upstream from the encryption/decryption means, what is achieved is that both errors in the encrypted data and errors of the non-encrypted data may be proven, provided that they have occurred in the data path between the redundancy/control means and the encryption/decryption means.

Abstract: A communication device for transmitting data to a communication partner device includes a transmitter for transmitting transmit data to the communication partner device, a determiner for determining a check value from the transmit data in accordance with a determination specification, a receiver for receiving a verification value from the communication partner device, and a checker configured to compare the check value with the verification value and to provide a fault indication signal as a function of the comparison.

Abstract: A protected chip stack having a first chip and a second chip on the first chip. A functional layer in at least the first chip or the second chip. On the first chip and on the second chip there is in each case a connecting element, the connecting element on the first chip forming with the connecting element on the second chip a mechanical connection between the two chips. The connecting element and the functional layer are made of the same material. At least in the case of the first chip or in the case of the second chip, the connecting element is in direct contact with the functional layer.

Abstract: In a device for determining a position of a bit error in a bit sequence, a check matrix is used which has a predefined number of rows and a predefined number of columns. The check matrix includes a plurality of square submatrices having a submatrix row number and a submatrix column number corresponding to the predefined number of rows or the predefined number of columns of the check matrix. The device for determining then includes a unit for receiving a bit sequence and a unit for identifying a syndrome using the check matrix and the received bit sequence.

Abstract: An encryption unit and decryption unit located in an encryption/decryption device may be used both for encryption and decryption, without their effects canceling each other out when, between the decryption input of the decrypter and the encryption output of the encrypter. An encryption combiner maps the encryption result data block at the encryption output to a mapped encryption result data block according to an encryption combining mapping and is exemplarily used when encrypting. A decryption combiner maps the encryption result data block at the encryption output to an inversely mapped encryption result data block according to a decryption combining mapping which is inverse to the encryption combining mapping and is exemplarily used when decrypting.

Abstract: Apparatus and method for generating an individual key for accessing a predetermined addressable unit of a memory divided into addressable units. The apparatus includes a calculator for calculating a page pre-key based on a page address, a determiner for determining the individual key based on the page pre-key and a unit address, a memory for storing the calculated page pre-key, and a checker for checking whether during a next access to a further predetermined unit to which a further unique address is associated, an already calculated page pre-key exists in a temporary memory, which has been calculated based on a page address of a unique address, which is identical to the page address of the further unique address, and, if so, transmitting the already calculated page pre-key to the determiner by bypassing the calculator, and, if not, transmitting the page address of the further unique address to the calculator.

Abstract: A device according to the present invention is configured for transmitting data between two semiconductor chips of a data processor in an encrypted manner, wherein a first semiconductor chip is connected to a second semiconductor chip. The device includes a non-volatile memory element in each of the two semiconductor chips, wherein an encryption initial value for an encryption rule is stored in the memory element of the first semiconductor chip and a decryption initial value associated to the encryption initial value for a decryption rule associated to the encryption rule is stored in the memory element of the second semiconductor chip. Additionally, the first semiconductor chip has a first data transmission interface formed to generate an encryption data stream from an input data stream using the encryption initial value according to the encryption rule.

Abstract: A method for determining a physical address from a virtual address, wherein a mapping regulation between the virtual address and the physical address is implemented as hierarchical tree structure with compressed nodes. First, a compression indicator included in the mapping regulation is read, and a portion of the virtual address associated with the considered node level is read. Using the compression indicator and the portion of the virtual address, an entry in the node list of the considered node is determined. The determined entry is read, whereupon the physical address can be determined directly, if the considered node level has been the hierarchically lowest node level. If higher node levels to be processed are present, the previous steps in determining the physical address for compressed nodes of lower hierarchy level are repeated until the hierarchically lowest node level is reached.

Abstract: A circuit configuration for detecting an unwanted attack on an integrated circuit has a signal line to which a clock signal is applied and at least one line pair which is respectively used to code a bit. The signal line and the at least one line pair are connected between a first and a second circuit block in the integrated circuit. The signal line and the at least one line pair are connected to a detector circuit which changes the operating sequence in the integrated circuit on the basis of the signals on the signal line and on the at least one line pair. The detector circuit can be used to the same extent to test for production faults.

Abstract: An apparatus for calculating a representation of a result operand of the non-linear logical operation between a first operand and a second operand includes a first logic gate and a second logic gate. Each operand is represented by two auxiliary operands, which, when linearly combined together result in the respective operand. The first and second logic gates are designed such that an average energy consumption of the first or second logic gate is substantially equal to a plurality of combinations of auxiliary operands at the beginning of a first operation cycle and auxiliary operands at the beginning of a second operating cycle, the average energy being derivable from a plurality of different orders of occurrences of the first to fourth auxiliary operands.

Abstract: A random number generator for generating a sequence of numbers comprises a first shift register with a nonlinear feedback, a first number of memory cells and a first output coupled to the first number of memory cells by a first coupling means. Further, the number generator comprises a similarly constructed second shift register as well as a combiner for combining the first data sequence at the first output and the second data sequence at the second output to obtain the sequence of numbers.

Abstract: A method for operating a microprocessor in which there is at least one program branch and/or program delay which is implemented under random-bit control and as a hardware-based command in order to modulate a program flow and which ensures that every pass through a particular program brings about a respective program execution time which is different than that in preceding program passes.

Abstract: A microprocessor configuration includes a data bus for data transfer between functional units. On the bus side, each unit contains an encryption/decryption unit that is controlled synchronously by a random number generator. The configuration permits a relatively high level of security against monitoring of the data transferred via the data bus, with a feasible level of additional circuit complexity.