Abstract: A system receives, from a first provisioning entity, a request for first secure device data related to a semiconductor device. The first secure device data is associated with one or more provisioning operations performed, on the semiconductor device, by a second provisioning entity. Based on determining that the first provisioning entity has permission to access the first secure device data, the first secure device data is provided to the first provisioning entity. Second secure device data associated with one or more provisioning operations performed by the first provisioning entity on the semiconductor device is received from the first provisioning entity.

Abstract: A first device receives, from a second device, a request to provision a security context for the second device. The first device transmits a nonce value to the second device and receives, from the second device, a data structure encoding the security context and a cryptographically signed digest of a combination of the data structure, the nonce value, and a public key. The first device determines a first digest using the nonce value and cryptographically signed digest, and a second digest using the data structure, the nonce value, and the public key. Responsive to determining that the first digest matches the second digest, the first device provisions the security context for the second device by storing the security context on the volatile memory.

Abstract: A random number generator selects addresses while a ‘scoreboard’ bank of registers (or bits) tracks which addresses have already been output (e.g., for storing or retrieval of a portion of the data.) When the scoreboard detects an address has already been output, a second address which has not been used yet is output rather than the randomly selected one. The second address may be selected from nearby addresses that have not already been output.

Abstract: Multiple helper data solutions (a.k.a., helper data blocks), and therefore multiple possible PUF output values, are generated for a given integrated circuit die. These helper data blocks are encrypted and stored in a nonvolatile memory on the integrated circuit die. Each helper data block is encrypted such that each helper data block can only be decrypted by a decryption key that is different from the other encrypted helper data blocks stored on that integrated circuit die. The keys to decrypt the multiple helper data blocks are released one at a time and spread over time. Because the helper data is encrypted, each PUF output value is only discoverable when its associated key is released. Accordingly, counterfeit systems or integrated circuits will need to be re-reverse engineered each time a new key is released.

Abstract: A computing system includes a host device and a root of trust (RoT) device for performing batch encryption and decryption operations facilitated by a direct memory access (DMA) engine. The host device generates a command table for batch processing of a set of address tables that each describe a set of data blocks of a file to be encrypted or decrypted. The DMA engine facilitates a DMA transfer of the command table from the host memory to an RoT memory of the RoT device. The RoT device then performs batch processing of the address tables referenced in the command table. For each address table, the DMA engine copies a set of data blocks from the host memory to the RoT memory, a cryptographic engine encrypts or decrypts the data blocks, and the DMA engine copies the transformed data blocks back to the host memory.

Abstract: A computing system includes a host device and a root of trust (RoT) device for performing batch encryption and decryption operations facilitated by a direct memory access (DMA) engine. The host device generates a command table for batch processing of a set of address tables that each describe a set of data blocks of a file to be encrypted or decrypted. The DMA engine facilitates a DMA transfer of the command table from the host memory to an RoT memory of the RoT device. The RoT device then performs batch processing of the address tables referenced in the command table. For each address table, the DMA engine copies a set of data blocks from the host memory to the RoT memory, a cryptographic engine encrypts or decrypts the data blocks, and the DMA engine copies the transformed data blocks back to the host memory.

Abstract: A random number generator selects addresses while a ‘scoreboard’ bank of registers (or bits) tracks which addresses have already been output (e.g., for storing or retrieval of a portion of the data.) When the scoreboard detects an address has already been output, a second address which has not been used yet is output rather than the randomly selected one. The second address may be selected from nearby addresses that have not already been output.