Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of the operating system when executed by the processor, performs a cryptographic operation when processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory stores the operating system. A communication interface receives data over a communication network. The processor retrieves the boot program code from the first memory area and executes the boot program code to start execution of the operating system. The processor terminates execution of the boot program code. The processor is configured to re-execute the boot program code while the operating system is executed to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of an operating system when executed by the processor, and performs a cryptographic operation when the processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory area stores the operating system. The processor retrieves the boot program code from the first memory area and executes the boot program code to start the execution of the operating system. The processor re-executes the boot program code to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: A method of storing data on target data processing devices, the method comprising: for each target data processing device, using a security data processing device on which first data has been stored to: obtain a device cryptographic certificate from the target data processing device, the device cryptographic certificate having been generated by, and being verifiable as having been generated by, a trusted entity; verify the device cryptographic certificate as having been generated by the trusted entity; generate second data using the first data; and store the second data on the target data processing device.

Abstract: A data provisioning device is arranged for provisioning a data processing entity from a set of data processing entities sharing the same joint decryption key. The data provisioning device comprises: a network interface configured to receive the provisioning data for provisioning the data processing entity, a joint encryption key associated with the joint decryption key, and control information indicating a processing scheme to be deployed by the data provisioning device when provisioning the data processing entity; a processor configured to process the provisioning data according to the control information to obtain processed provisioning data, to cryptographically encrypt the processed provisioning data using the received joint encryption key to obtain encrypted processed provisioning data; and a device interface configured to transmit the encrypted processed provisioning data to the data processing entity.

Abstract: A security profile for programming target devices may be provided. A base security profile may be obtained that defines security parameter(s) having a configurable value. A first security profile, generated from the base security profile, may include security parameter(s) that are assigned with a value of a first set of values by: (i) retrieving the value of the first set of values from a first data storage location coupled to a computing device and setting the configurable value of the security parameter using the retrieved value, or (ii) associating the security parameter with an instruction to obtain the value of the first set of values and set the configurable value of the security parameter using the obtained value, the instruction selected from one or more instructions. A second security profile may be generated from the base security profile in response to receiving further input from for the security parameter(s).

Abstract: A method of enabling program code stored on target data processing devices, the method comprising: receiving an in encrypted value of a permitted number of target data processing devices that are permitted to have program code stored on them enabled, and using a security data processing device to decrypt the encrypted value and store the decrypted value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain a device identifier from the target data processing device; generate a license key from the device identifier; store the license key on the target data processing device; and decrement the value of the permitted number of target data processing devices.

Abstract: A provisioning apparatus for performing a provisioning procedure with an electronic component for an electronic device. The provisioning procedure includes providing provisioning data to the electronic component and processing the provisioning data by the electronic component. The provisioning apparatus has a provisioning and sensing unit electrically connected with the electronic component for performing the provisioning procedure. The provisioning and sensing unit detects a power profile of the electronic component, which represents the electric power consumed by the electronic component and/or the electromagnetic power. The provisioning apparatus has a provisioning control unit configured to receive the power profile from the provisioning and sensing unit and to compare the power profile with a reference power profile for the electronic component.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: A data provisioning device is arranged for provisioning a data processing entity from a set of data processing entities sharing the same joint decryption key. The data provisioning device comprises: a network interface configured to receive the provisioning data for provisioning the data processing entity, a joint encryption key associated with the joint decryption key, and control information indicating a processing scheme to be deployed by the data provisioning device when provisioning the data processing entity; a processor configured to process the provisioning data according to the control information to obtain processed provisioning data, to cryptographically encrypt the processed provisioning data using the received joint encryption key to obtain encrypted processed provisioning data; and a device interface configured to transmit the encrypted processed provisioning data to the data processing entity.

Abstract: A security profile for programming target devices may be provided. A base security profile may be obtained that defines security parameter(s) having a configurable value. A first security profile, generated from the base security profile, may include security parameter(s) that are assigned with a value of a first set of values by: (i) retrieving the value of the first set of values from a first data storage location coupled to a computing device and setting the configurable value of the security parameter using the retrieved value, or (ii) associating the security parameter with an instruction to obtain the value of the first set of values and set the configurable value of the security parameter using the obtained value, the instruction selected from one or more instructions. A second security profile may be generated from the base security profile in response to receiving further input from for the security parameter(s).

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of an operating system when executed by the processor, and performs a cryptographic operation when the processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory area stores the operating system. The processor retrieves the boot program code from the first memory area and executes the boot program code to start the execution of the operating system. The processor re-executes the boot program code to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of the operating system when executed by the processor, performs a cryptographic operation when processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory stores the operating system. A communication interface receives data over a communication network. The processor retrieves the boot program code from the first memory area and executes the boot program code to start execution of the operating system. The processor terminates execution of the boot program code. The processor is configured to re-execute the boot program code while the operating system is executed to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A method of storing data on target data processing devices, the method comprising: for each target data processing device, using a security data processing device on which first data has been stored to: obtain a device cryptographic certificate from the target data processing device, the device cryptographic certificate having been generated by, and being verifiable as having been generated by, a trusted entity; verify the device cryptographic certificate as having been generated by the trusted entity; generate second data using the first data; and store the second data on the target data processing device.

Abstract: A method of enabling program code stored on target data processing devices, the method comprising: receiving an in encrypted value of a permitted number of target data processing devices that are permitted to have program code stored on them enabled, and using a security data processing device to decrypt the encrypted value and store the decrypted value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain a device identifier from the target data processing device; generate a license key from the device identifier; store the license key on the target data processing device; and decrement the value of the permitted number of target data processing devices.