Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: Techniques for providing data protection in an integrated circuit are provided. An example method according to these techniques includes determining that an unauthorized update has been made to software or firmware associated with the integrated circuit, and corrupting an anti-replay counter (ARC) value, maintained in a one-time programmable memory of the integrated circuit and used by the integrated circuit to protect contents of a non-volatile memory, responsive to determining that the unauthorized update has been made to the software or the firmware.

Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: Techniques for authenticating a biometric input are disclosed. An example of a biometric authentication system is configured to receive a biometric input, perform a first authentication process on the biometric input with an application processor, such that the first authentication process generates one or more authentication parameters, provide the one or more authentication parameters to a secure processor, perform a second authentication process on the biometric input on the secure processor, such that the second authentication process utilizes the one or more authentication parameters, and output an authentication score based on the second authentication process.

Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: Techniques for providing data protection in an integrated circuit are provided. An example method according to these techniques includes determining that an unauthorized update has been made to software or firmware associated with the integrated circuit, and corrupting an anti-replay counter (ARC) value, maintained in a one-time programmable memory of the integrated circuit and used by the integrated circuit to protect contents of a non-volatile memory, responsive to determining that the unauthorized update has been made to the software or the firmware.

Abstract: Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes.

Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: Techniques for authenticating a biometric input are disclosed. An example of a biometric authentication system is configured to receive a biometric input, perform a first authentication process on the biometric input with an application processor, such that the first authentication process generates one or more authentication parameters, provide the one or more authentication parameters to a secure processor, perform a second authentication process on the biometric input on the secure processor, such that the second authentication process utilizes the one or more authentication parameters, and output an authentication score based on the second authentication process.

Abstract: Techniques for authenticating a biometric input are disclosed. An example of a biometric authentication system is configured to receive a biometric input, perform a first authentication process on the biometric input with an application processor, such that the first authentication process generates one or more authentication parameters, provide the one or more authentication parameters to a secure processor, perform a second authentication process on the biometric input on the secure processor, such that the second authentication process utilizes the one or more authentication parameters, and output an authentication score based on the second authentication process.

Abstract: Aspect may relate to a device that comprises a sensor and a first secure processor. The sensor may receive an input and generate raw data from the input. The first secure processor may control a first execution environment to perform operations including receiving the raw data from the sensor. Further, the device may include a second processor to control a second execution environment to perform operations including: receiving the raw data; performing data processing to determine normalized data from the raw data and additional data; performing feature extraction to the normalized data to determine features; and sending the features to the first execution environment. The first execution environment may use the features to match the features with stored reference features to authenticate a user.

Abstract: Techniques for authenticating a biometric input are disclosed. An example of a biometric authentication system is configured to receive a biometric input, perform a first authentication process on the biometric input with an application processor, such that the first authentication process generates one or more authentication parameters, provide the one or more authentication parameters to a secure processor, perform a second authentication process on the biometric input on the secure processor, such that the second authentication process utilizes the one or more authentication parameters, and output an authentication score based on the second authentication process.

Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: Techniques for authenticating a biometric input are disclosed. An example of a biometric authentication system is configured to receive a biometric input, perform a first authentication process on the biometric input with an application processor, such that the first authentication process generates one or more authentication parameters, provide the one or more authentication parameters to a secure processor, perform a second authentication process on the biometric input on the secure processor, such that the second authentication process utilizes the one or more authentication parameters, and output an authentication score based on the second authentication process.

Abstract: Techniques for providing data protection in an integrated circuit are provided. A method according to these techniques includes exchanging messages with an off-chip, non-volatile memory to securely initialize an anti-replay counter (ARC) value in the integrated circuit based on an ARC value stored in the off-chip, non-volatile memory, and maintaining the ARC value stored in the integrated circuit such that the ARC value stored in the integrated circuit remains synchronized with the ARC value stored in the off-chip, non-volatile memory.

Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.

Abstract: Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes.

Abstract: Aspects may relate to a device that comprises: a non-volatile storage medium (NVM) to store a signature and a device key, the device key based on a symmetric master key and an identifier; an interface; and a processor coupled to the interface and the NVM. The processor may be configured to: apply a key derivation function (KDF) to the device key to generate a derivative key; apply a key generation function to the derivative key to generate at least one public key; and command transmission of the signature and the at least one public key through the interface to a service provider.

Abstract: Techniques for authenticating a biometric input are disclosed. An example of a biometric authentication system is configured to receive a biometric input, perform a first authentication process on the biometric input with an application processor, such that the first authentication process generates one or more authentication parameters, provide the one or more authentication parameters to a secure processor, perform a second authentication process on the biometric input on the secure processor, such that the second authentication process utilizes the one or more authentication parameters, and output an authentication score based on the second authentication process.