Abstract: A method for secure key exchange. The method comprises receiving a request to certify a key from a communication partner at an interface between an access and tamper resistant circuit block and exposed circuitry. Within the access and tamper resistant circuit block, a first random private key is generated. A corresponding public key of the first random private key is derived, and a cryptographic digest of the public key and attributes associated with the first random private key is generated. The generated cryptographic digest is signed using a second random private key that has been designated for signing by one or more associated attributes. The public key and the signature are then sent to the communication partner via the interface.

Abstract: A method for secure key exchange. The method comprises receiving a request to certify a key from a communication partner at an interface between an access and tamper resistant circuit block and exposed circuitry. Within the access and tamper resistant circuit block, a first random private key is generated. A corresponding public key of the first random private key is derived, and a cryptographic digest of the public key and attributes associated with the first random private key is generated. The generated cryptographic digest is signed using a second random private key that has been designated for signing by one or more associated attributes. The public key and the signature are then sent to the communication partner via the interface.

Abstract: A method for secure key exchange. The method comprises receiving a request to certify a key from a communication partner at an interface between an access and tamper resistant circuit block and exposed circuitry. Within the access and tamper resistant circuit block, a first random private key is generated. A corresponding public key of the first random private key is derived, and a cryptographic digest of the public key and attributes associated with the first random private key is generated. The generated cryptographic digest is signed using a second random private key that has been designated for signing by one or more associated attributes. The public key and the signature are then sent to the communication partner via the interface.

Abstract: Disclosed is a cryptographic key management system implemented in access and tamper resistant circuitry. The circuitry includes processing circuitry to perform cryptographic processing based cryptographic keys. Cryptographic key registers include key portions and attribute portions. An interface receives commands from exposed circuitry that controls the processing circuitry to perform cryptographic processing based on the keys and associated attributes. The attributes indicate what operations may be performed on, or using, the associated keys. of the associated keys. The attributes indicate intended uses of the keys.

Abstract: Disclosed is a cryptographic key management system implemented in access and tamper resistant circuitry. The circuitry includes processing circuitry to perform cryptographic processing based cryptographic keys. Cryptographic key registers include key portions and attribute portions. An interface receives commands from exposed circuitry that controls the processing circuitry to perform cryptographic processing based on the keys and associated attributes. The attributes indicate what operations may be performed on, or using, the associated keys. of the associated keys. The attributes indicate intended uses of the keys.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: A non-linear transformation including a plurality of non-linear logical operations is masked to a second or higher order. The masking includes receiving a set of random bits, and machine-masking two or more of the plurality of non-linear logical operations with a same random bit from the set of random bits.

Abstract: A non-linear transformation including a plurality of non-linear logical operations is masked to a second or higher order. The masking includes receiving a set of random bits, and machine-masking two or more of the plurality of non-linear logical operations with a same random bit from the set of random bits.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: An integrated circuit comprises logic circuitry, organized in a multi-level hierarchy of modules. The integrated circuit comprises multiple sensing circuits. In operation, each sensing circuit senses an instantaneous current consumption IC of a respective one of the modules that draws current entirely through that sensing circuit. The integrated circuit comprises a concealing circuit for each of the sensing circuits. In operation, the concealing circuit receives as input a voltage VC corresponding to the sensed instantaneous current consumption IC of its respective module, and the concealing circuit dissipates an instantaneous power PL such that an instantaneous power sum PTOTAL of the instantaneous power PL and the instantaneous power PC to be dissipated by its respective module is substantially independent of activity of its respective module.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: An integrated circuit comprises logic circuitry, organized in a multi-level hierarchy of modules. The integrated circuit comprises multiple sensing circuits. In operation, each sensing circuit senses an instantaneous current consumption IC of a respective one of the modules that draws current entirely through that sensing circuit. The integrated circuit comprises a concealing circuit for each of the sensing circuits. In operation, the concealing circuit receives as input a voltage VC corresponding to the sensed instantaneous current consumption IC of its respective module, and the concealing circuit dissipates an instantaneous power PL such that an instantaneous power sum PTOTAL of the instantaneous power PL and the instantaneous power PC to be dissipated by its respective module is substantially independent of activity of its respective module.

Abstract: An integrated circuit comprises logic circuitry driven by a clock and reference circuitry. In operation, logic elements of the reference circuitry are synchronized to the clock. In operation, a first sensing circuit outputs a voltage VC proportional to an instantaneous current consumption IC of the logic circuitry, and a second sensing circuit outputs a voltage VR proportional to an instantaneous fluctuating current consumption IR of the reference circuitry. In operation, differential circuitry outputs a voltage difference ?VR?VC between a scaled-up version ?VR of the voltage VR and the voltage VC, the scaled-up version scaled to approximately the scale of the voltage VC. In operation, a square root circuit receives the voltage difference as input and outputs a square root of the voltage difference. A current source is controllable by the output of the square root circuit to generate current through a dissipative load.

Abstract: There is disclosed a system for detecting the assertion of a reset signal. A plurality of circuit elements is configurable by a reset signal to output a string of data values in a predetermined pattern. A comparator receives the string of data values and determines whether the string of data values matches the predetermined pattern. If so, the comparator generates an output signal indicative of a reset. In one embodiment, the output signal of the comparator can be used to automatically trigger a reset if the reset signal has not been asserted.

Abstract: There is disclosed a system for detecting the assertion of a reset signal. A plurality of circuit elements is configurable by a reset signal to output a string of data values in a predetermined pattern. A comparator receives the string of data values and determines whether the string of data values matches the predetermined pattern. If so, the comparator generates an output signal indicative of a reset. In one embodiment, the output signal of the comparator can be used to automatically trigger a reset if the reset signal has not been asserted.

Abstract: A system for detecting the assertion of a reset signal. A plurality of circuit elements is configurable by a reset signal to output a string of data values in a predetermined pattern. A comparator receives the string of data values and determines whether the string of data values matches the predetermined pattern. If so, the comparator generates an output signal indicative of a reset. In one embodiment, the output signal of the comparator can be used to automatically trigger a reset if the reset signal has not been asserted.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: There is disclosed a system for detecting the assertion of a reset signal. A plurality of circuit elements is configurable by a reset signal to output a string of data values in a predetermined pattern. A comparator receives the string of data values and determines whether the string of data values matches the predetermined pattern. If so, the comparator generates an output signal indicative of a reset. In one embodiment, the output signal of the comparator can be used to automatically trigger a reset if the reset signal has not been asserted.