Abstract: In one example, a circuit includes a secure chip storing one of an enclave of key values linked to an update code; a memory to store an updatable data set including the update value which corresponds to and is revised with the update code; and a logic circuit. The logic circuit is to: provide a key value, based to a revision to the update code, from among the enclave of key values, generate an authentication tag as a function of the provided key value, use the authentication tag to verify that the updatable data set is valid and up to date before using the updatable data set in an application specified for the updatable data set, and update the data set by storing a replacement updatable data set in the memory circuit and including, in the replacement updatable data set, a revised update value which corresponds to a revised update code that is used to provide another key value from among the enclave of key values.

Abstract: A system, method, and apparatus are provided for securely controlling operations of a data processing system by activating a security subsystem to control startup behavior of application subsystems, installing SMR parameters which include an initial authenticity proof for use with an initial verification process for the SMR and calculating an alternate authenticity proof for use with a subsequent verification process for the SMR, and then by subsequently verifying the SMR using the alternate authenticity proof for the subsequent verification process applied to the SMR so that the security subsystem can apply a comprehensive system reaction for the application subsystem based on the SMR verification results.

Abstract: A method for securing an integrated circuit chip includes obtaining a first value from a first storage area in the chip, obtaining a second value from a second storage area in the chip, generating a third value based on the first value and the second value, and converting a first opcode command obfuscated as a second opcode command into a non-obfuscated form of the first opcode command based on the third value. The first value corresponds to a physically unclonable function (PUF) of the chip. The second value is a key including information indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command. The third value may be an inversion flag indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command.

Abstract: An apparatus configured to: receive a digital input signal; receive a processing-direction-signal that can have a forward-value or a backward-value; and provide a digital output signal. The apparatus comprising a processor configured to apply an involutional cryptographic function to the digital input signal by: for a first operation: apply a first step of the involutional cryptographic function to the digital input signal in order to implement a forward calculation to move to the next step in the sequence; and perform a plurality of further operations until the forward calculation of a last step is performed. Each further operation comprises: if the processing-direction-signal has a forward-value: then perform the forward calculation for the current step; or if the processing-direction-signal has a backward-value: then perform a backward calculation for the current step.

Abstract: A system, method, and apparatus are provided for securely controlling operations of a data processing system in which security subsystem is activated to provide security services by responding to a security service request, evaluating the request against an adjustable set of system security policies to determine if the security service request is granted access to a protected asset, by generating a response to the security service request using the protected asset if the security service request is granted access to the protected asset, by adjusting a security access policy for the protected asset in the adjustable set of system security policies, and by sending the response from the security subsystem to the external application subsystem.

Abstract: A system, method, and apparatus are provided for securely controlling operations of a data processing system by activating a security subsystem to control startup behavior of application subsystems, installing SMR parameters which include an initial authenticity proof for use with an initial verification process for the SMR and calculating an alternate authenticity proof for use with a subsequent verification process for the SMR, and then by subsequently verifying the SMR using the alternate authenticity proof for the subsequent verification process applied to the SMR so that the security subsystem can apply a comprehensive system reaction for the application subsystem based on the SMR verification results.

Abstract: A method for securing an integrated circuit chip includes obtaining a first value from a first storage area in the chip, obtaining a second value from a second storage area in the chip, generating a third value based on the first value and the second value, and converting a first opcode command obfuscated as a second opcode command into a non-obfuscated form of the first opcode command based on the third value. The first value corresponds to a physically unclonable function (PUF) of the chip. The second value is a key including information indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command. The third value may be an inversion flag indicating a type of obfuscation performed to obfuscate the first opcode command as the second opcode command.

Abstract: A fixed logic integrated circuit is disclosed. The integrated circuit comprises a unique code generator configured to generate a code having a value which is intrinsically unique to the integrated circuit, an enrolment pattern generator configured to generate an enrolment pattern based on the unique code. The integrated circuit is configured to transmit the enrolment pattern to an external enrolment device and to receive enabling data from the external enrolment device. Optionally, the integrated circuit may include memory for storing remotely-generated enabling data. The integrated circuit comprises a configuration file generator configured to generate configuration data using the remotely-generated enabling data and the unique code, and a feature activation module configured to activate and/or disable features of the integrated circuit and/or customise the integrated circuit in dependence upon the configuration data.

Abstract: A fixed logic integrated circuit is disclosed. The integrated circuit comprises a unique code generator configured to generate a code having a value which is intrinsically unique to the integrated circuit, an enrolment pattern generator configured to generate an enrolment pattern based on the unique code. The integrated circuit is configured to transmit the enrolment pattern to an external enrolment device and to receive enabling data from the external enrolment device. Optionally, the integrated circuit may include memory for storing remotely-generated enabling data. The integrated circuit comprises a configuration file generator configured to generate configuration data using the remotely-generated enabling data and the unique code, and a feature activation module configured to activate and/or disable features of the integrated circuit and/or customise the integrated circuit in dependence upon the configuration data.