Abstract: One feature pertains to a method for extracting a secret key during a secure boot flow of an integrated circuit. Specifically, the secure boot flow includes powering ON a first volatile memory circuit to generate a plurality of initial logical state values, deriving secret data based on the plurality of initial logical state values, storing the secret data in a secure volatile memory circuit that is secured by a secure execution environment (SEE), clearing the plurality of initial logical state values in the first volatile memory circuit, executing a cryptographic algorithm at the SEE to extract a secret key based on the secret data, and storing the secret key in the secure volatile memory circuit. The secure boot flow controls access to the first volatile memory circuit to secure the secret data and the plurality of initial logical state values from the insecure applications.

Abstract: A first time software is loaded for execution by a device, the software stored in non-secure storage is authenticated. Authenticating the software may involve a cryptographic operation over the software and a digital signature of the software. A verification tag may be generated for the software if authentication of the software is successful, the verification tag based on the software and at least a device-specific secret data. The verification tag may be stored within the device. Each subsequent time the software is loaded for execution it may be verified (not authenticated) by using the verification tag to confirm that the software being loaded is the same as the one used to generate the verification tag while avoiding authentication of the software.

Abstract: A method is provided for using obtaining a reproducible device identifier from a physically unclonable function. An authentication device may receive a first physically unclonable function (PUF) dataset from the electronic device, the first PUF dataset including characteristic information generated from a physically unclonable function in the electronic device. The authentication device may then identify a pre-stored PUF dataset corresponding to the electronic device. Authentication of the electronic device may be performed by correlating the pre-stored PUF dataset and the first PUF dataset for the electronic device, wherein such correlation is based on a pattern or distribution correlation the pre-stored PUF dataset and the first PUF dataset. Because such correlation is performed on datasets, and not individual points, systematic variations can be recognized by the correlation operation leading to higher correlation than point-by-point comparisons.

Abstract: A first time software is loaded for execution by a device, the software stored in non-secure storage is authenticated. Authenticating the software may involve a cryptographic operation over the software and a digital signature of the software. A verification tag may be generated for the software if authentication of the software is successful, the verification tag based on the software and at least a device-specific secret data. The verification tag may be stored within the device. Each subsequent time the software is loaded for execution it may be verified (not authenticated) by using the verification tag to confirm that the software being loaded is the same as the one used to generate the verification tag while avoiding authentication of the software.

Abstract: One feature pertains to elliptic curve (EC) point multiplication for use in generating digital signatures. In one aspect, a scalar multiplier (k) of a base point (P) of order (n) is selected on an elliptic curve for use with EC point multiplication. An integer value (r) is then randomly generated from within a range of values constrained so that, regardless of the particular value of (r) obtained within the range, EC point multiplication procedures performed using the scalar multiplier (k) summed with a product of the integer multiplier (r) and the order (n) consume device resources independent of the value of the scalar multiplier (k) to thereby reduce or eliminate side-channel leakage. This may be achieved by determining the range of values for r so that the bit position of the most significant bit of k+(r*n) will be even and fixed for a particular elliptic curve.

Abstract: One feature pertains to elliptic curve (EC) point multiplication for use in generating digital signatures. In one aspect, a scalar multiplier k) of a base point (P) of order (n) is selected on an elliptic curve for use with EC point multiplication. An integer value (r) is then randomly generated from within a range of values constrained so that, regardless of the particular value of (r) obtained within the range, EC point multiplication procedures performed using the scalar multiplier (k) summed with a product of the integer multiplier (r) and the order (n) consume device resources independent of the value of the scalar multiplier (k) to thereby reduce or eliminate side-channel leakage. This may be achieved by determining the range of values for r so that the bit position of the most significant bit of k+(r*n) will be even and fixed for a particular elliptic curve.

Abstract: One feature pertains to a method for extracting a secret key during a secure boot flow of an integrated circuit. Specifically, the secure boot flow includes powering ON a first volatile memory circuit to generate a plurality of initial logical state values, deriving secret data based on the plurality of initial logical state values, storing the secret data in a secure volatile memory circuit that is secured by a secure execution environment (SEE), clearing the plurality of initial logical state values in the first volatile memory circuit, executing a cryptographic algorithm at the SEE to extract a secret key based on the secret data, and storing the secret key in the secure volatile memory circuit. The secure boot flow controls access to the first volatile memory circuit to secure the secret data and the plurality of initial logical state values from the insecure applications.

Abstract: A method is provided for using obtaining a reproducible device identifier from a physically unclonable function. An authentication device may receive a first physically unclonable function (PUF) dataset from the electronic device, the first PUF dataset including characteristic information generated from a physically unclonable function in the electronic device. The authentication device may then identify a pre-stored PUF dataset corresponding to the electronic device. Authentication of the electronic device may be performed by correlating the pre-stored PUF dataset and the first PUF dataset for the electronic device, wherein such correlation is based on a pattern or distribution correlation the pre-stored PUF dataset and the first PUF dataset. Because such correlation is performed on datasets, and not individual points, systematic variations can be recognized by the correlation operation leading to higher correlation than point-by-point comparisons.

Abstract: One feature pertains to least one physically unclonable function based on an array of magnetoresistive random-access memory (MRAM) cells. A challenge to the array of MRAM cells may identify some of the cells to be used for the physically unclonable function. Each MRAM cell may include a plurality of magnetic tunnel junctions (MTJs), where the MTJs may exhibit distinct resistances due to manufacturing or fabrication variations. A response to the challenge may be obtained for each cell by using the resistance(s) of one or both of the MTJs for a cell to obtain a value that serves as the response for that cell. The responses for a plurality of cells may be at least partially mapped to provide a unique identifier for the array. The responses generated from the array of cells may serve as a physically unclonable function that may be used to uniquely identify an electronic device.