Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value.

Abstract: Embodiments of an invention for using dark bits to reduce physically unclonable function (PUF) error rates are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and dark bit logic. The PUF cell array is to provide a raw PUF value. The dark bit logic is to select PUF cells to mark as dark bits and to generate a dark bit mask based on repeated testing of the PUF cell array.

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor/apparatus. In one embodiment, the apparatus includes a physically unclonable functions (PUF) circuit to generate a hardware key based on at least one manufacturing variation of the apparatus and a nonvolatile memory coupled to the PUF circuit, the nonvolatile memory to store an encrypted key, the encrypted key comprising a first key encrypted using the hardware key. The apparatus further includes a hardware cipher component coupled to the nonvolatile memory and the PUF circuit, the hardware cipher component to decrypt the encrypted key stored in the nonvolatile memory with at least the hardware key to generate a decrypted copy of the first key and fixed logic circuitry coupled to the PUF circuit and the hardware cipher component, the fixed logic circuitry to verify that the decrypted copy of the first key is valid.

Abstract: A method, of an aspect, includes challenging a set of Physically Unclonable Function (PUF) cells, of an integrated circuit device, and receiving a set of PUF bits from the PUF cells in response. A PUF key is generated based on the set of PUF bits. An encryption of the PUF key with an embedded key is output from the integrated circuit device. The integrated circuit device receives an encryption of a fuse key with the PUF key. Fuses of the integrated circuit device are programmed with at least one of the fuse key and the received encryption of the fuse key with the PUF key. Other methods, apparatus, and systems are also disclosed.

Abstract: A method for a terminal to display an animation, including: generating one or more supplementary image frames on a moving path between first and second adjacent original image frames of an animation; and displaying the animation with the generated one or more supplementary image frames at a predetermined frame rate.

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processor. In one embodiments, a key provisioner/tester apparatus may include a memory device to receive a unique hardware key generated by a first logic of a processor. The key provisioner/tester apparatus may further include a cipher device to permanently store an encrypted first key in nonvolatile memory of the processor, detect whether the stored encrypted first key is valid, and to isolate at least one of the first logic and the nonvolatile memory of the processor from all sources that are exterior to the processor in response to detecting that the stored encrypted first key is valid.

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract: Technologies for securely pairing a first computing device with a second computing device include the first computing device to generate a session message key based on a key exchange with the second computing device. The first computing device receives a message including a hardware key certificate, 5 a cryptographically-signed communication, and a message authentication code from the second computing device. The cryptographically-signed communication is signed with a private hardware key of the second computing device. The first computing device validates the message authentication code, the certificate, and the signature received from the second computing device. After validation, the first computing device 10 identifies a user of the second computing device based on user-identifying data received from the second computing device.

Abstract: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor.

Abstract: Various embodiments are generally directed to hardening the performance of calculations of a digital signature system for authenticating computing devices against side-channel attacks. An apparatus comprises a processor circuit and an interface operative to communicatively couple the processor circuit to a network; a storage communicatively coupled to the processor circuit and arranged to store instructions operative on the processor circuit to digitally sign a message to create a first signature using a modular arithmetic operation arranged to compensate for a value of a variable greater than a modulus without use of a branching instruction; and transmit the first signature to a verifying server via the network. Other embodiments are described and claimed herein.

Abstract: In an embodiment, an apparatus includes a processor including a first core. The first core includes multi-biometric logic to output first biometric data wi (i=1 to n, n?2), each wi determined based on a corresponding one of first biometric input Mi (i=1 to n, n?2) received during a first time period. The apparatus also includes setup logic to transform a cryptographic key k via a transformation that uses the first biometric data wi, where transformation of the cryptographic key k results in output of helper data hi (i=1 to n). Other embodiments are described and claimed.

Abstract: A processor of an aspect includes root key generation logic to generate a root key. The root key generation logic includes a source of static and entropic bits. The processor also includes key derivation logic coupled with the root key generation logic. The key derivation logic is to derive one or more keys from the root key. The processor also includes cryptographic primitive logic coupled with the root key generation logic. The cryptographic primitive logic is to perform cryptographic operations. The processor also includes a security boundary containing the root key generation logic, the key derivation logic, and the cryptographic primitive logic. Other processors, methods, and systems are also disclosed.

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

Abstract: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value.

Abstract: Dark-bit masking technologies for physically unclonable function (PUF) components are described. A computing system includes a processor core and a secure key manager component coupled to the processor core. The secure key manager includes the PUF component, and a dark-bit masking circuit coupled to the PUF component. The dark-bit masking circuit is to measure a PUF value of the PUF component multiple times during a dark-bit window to detect whether the PUF value of the PUF component is a dark bit. The dark bit indicates that the PUF value of the PUF component is unstable during the dark-bit window. The dark-bit masking circuit is to output the PUF value as an output PUF bit of the PUF component when the PUF value is not the dark bit and set the output PUF bit to be a specified value when the PUF value of the PUF component is the dark bit.

Abstract: A method and system computes a basepoint for use in a signing operation of a direct anonymous attestation scheme. The method and system includes computing a basepoint at a host computing device and verifying the base point at a trusted platform module (TPM) device.

Abstract: The present disclosure provides a method for processing a transaction order of virtual resources. The order for the virtual resources is received by a server from a first client, and the order records a specified quantity of the virtual resources to be purchased. All commodities including the virtual resources offered for sale are acquired from a database of a transaction system. All the commodities are traversed to select a commodity combination matching the specified quantity. The commodity combination comprises one or more of the commodities. A corresponding suborder is generated for each commodity in the selected commodity combination. The suborder is processed according to demand. Also provided are a transaction server and a computer readable storage medium.