Abstract: A method for operation of a communication network reduces leakage of data to an adversary that can observe signals transmitted through the communication network. The method includes generating a ranking to order operation of a plurality of nodes that exchange data in a group cryptographic key exchange process based on a leakage map of the nodes. The ranking minimizes leakage of data through a shared communication medium during the group cryptographic key exchange process. The method includes transmitting the ranking to the plurality of nodes through the shared communication medium, and performing, with the plurality of nodes, the group cryptographic key exchange process in an order of operation specified in the ranking to enable the plurality of nodes to exchange a shared cryptographic key through the shared communication medium while minimizing leakage of data.

Abstract: A method for operating at least one node connected to a shared communication medium reduces or eliminates the ability of an adversary node to identify the at least one node based on transient signal characteristics of a signal that the at least one node generates when transmitting a bit through the shared communication medium. The method includes adjusting, with a controller in a first node, an impedance of a variable impedance circuit in the first node to a first impedance level that the controller determines randomly, the variable impedance circuit in the first node being connected to an output of a transceiver in the first node and to a shared communication medium, and transmitting, with the transceiver, a first data bit through the shared communication medium with the variable impedance circuit producing the first impedance level.

Abstract: A method of operating at least one node in a communication network that uses a shared communication medium has been developed. The method includes adjusting, with a controller in a first node, a resistance of a first potentiometer in the first node to a first resistance level that the controller in the first node determines randomly, the first potentiometer in the first node being connected to an output of a transceiver in the first node and to a shared communication medium, and transmitting, with the transceiver in the first node, a first data bit through the output that is connected to the shared communication medium with the first potentiometer producing the first resistance level.

Abstract: A method of operating at least one node in a communication network that uses a shared communication medium has been developed to reduce or eliminate timing side-channel attacks performed by an adversary that is connected to the shared communication medium. The method includes generating, with a controller in a first node, a first jitter time offset randomly generated from within a predetermined time range, and transmitting, with a transceiver in the first node, a first data bit through an output of the transceiver that is connected to a shared communication medium, the first data bit being transmitted at a first time corresponding to the first jitter time offset added to a first predetermined transmission time.

Abstract: A system for authentication of paper sheet and other articles includes an optical sensor configured to generate an image of a first side of an article and a processor operatively connected to the optical sensor. The processor is configured to generate an image of the article with the optical sensor, the image including features that are illuminated by an external illumination source through the article, and generate an output indicating if the article is authentic in response to the features corresponding to a predetermined plurality of features that are generated from another image of the article corresponding to features in the generated image and in response to a cryptographic signature corresponding to feature data that are extracted from the other image corresponding to a valid cryptographic signature of a predetermined party.

Abstract: A system includes a MEMS device and a key generating device formed over the substrate. The key generating device is configured to generate a cryptographic key based on a property of the MEMS device and the MEMS device is configured to output a signal indicative of a sensed parameter. The generated cryptographic key is based on the influenced output signal of the MEMS device.

Abstract: A method for determining a cryptographic key for a MEMS device includes identifying physical properties for the device. A feature vector having a plurality of values is determined. Each of the values correspond to different physical properties. The cryptographic key is determined from the feature vector. The cryptographic key can be determined using a fuzzy extractor. The cryptographic key can be determined using different feature vectors corresponding to different channels in a device or different MEMS structures in the device.

Abstract: In a method of network communication that mitigates denial of service attacks, a server broadcasts cryptographic puzzles with certain time intervals, where each puzzle is only valid for the given time interval. A client receives the puzzle, generates a solution for the puzzle, and sends a network request to the server along with the solution of the puzzle. The server verifies the puzzle solution. If the puzzle solution is valid and received within a designated validity time period, then the server processes the request of the client. The server generates the puzzle and transmits the puzzle to the client before the client generates a request for services from the server.

Abstract: A method for generating a package identifier includes generating an image of a portion of a surface of a substrate of the package, generating a serial number of the package from the image, the serial number being based on at least one surface feature of the portion of the surface, and affixing a visual indicator on the package that is based on the serial number. The visual indicator affixed on the package is therefore based on the at least one surface feature of the package.

Abstract: A package includes a fingerprint panel having a fingerprint area configured for a diffuse transmission of light. An illumination side of the fingerprint area is configured to be directly illuminated with light from a light source. An opposite imaging side of the fingerprint area is configured to be directly imaged with an imaging device. The fingerprint area includes features that represent an identity of the package.

Abstract: A method of shared key generation between three nodes through a shared communication medium includes performing, with a processor in a first node communicatively connected to a second node and a third node through a shared communication medium, a one-way function using a first shared key between the first node and the second node stored in a memory of the node and a predetermined counter as inputs to generate a first plurality of pseudo-random bits. The method includes generating, with the processor and a transceiver in the first node, a second shared key between the first node and the third node by transmitting each bit in the first plurality of pseudo-random bits to the third node through the shared communication medium simultaneously to transmission of random bits from the third node to the first node.

Abstract: A method for shared key generation with authentication in a gateway node includes generating, generating a first set of pseudo-random data corresponding to expected transmissions from a first node that communicates with a second node through a shared communication medium, identifying, with the gateway node, bits transmitted from the second node based on a signals received by the gateway node corresponding to simultaneous transmissions from the first node and the second node, identifying, with the gateway node, expected bit values for the bits from the second node based on a combination of shared secret data stored in a memory of the gateway node with another set of random or pseudo-random data generated by the second node, and authenticating the second node in response to the plurality of bits transmitted from the second node matching the plurality of expected bit values.

Abstract: A system includes a MEMS device and a key generating device formed over the substrate. The key generating device is configured to generate a cryptographic key based on a property of the MEMS device and the MEMS device is configured to output a signal indicative of a sensed parameter. The generated cryptographic key is based on the influenced output signal of the MEMS device.

Abstract: A method of generating cryptographic keys includes generating, with a first processor in a first computing device, error correction data corresponding to first sensor data that are stored in a memory, generating a first cryptographic key with reference to a first hashed value of the first sensor data, generating a first message authentication code (MAC) with reference to the first cryptographic key and the error correction data, and transmitting with a first I/O device in the first computing device the error correction data and the first MAC through a communication channel to a second computing device. The transmitted data enable the second computing device to generate a second cryptographic key with reference to second sensor data.

Abstract: A system for authentication of paper sheet and other articles includes an optical sensor configured to generate an image of a first side of an article and a processor operatively connected to the optical sensor. The processor is configured to generate an image of the article with the optical sensor, the image including features that are illuminated by an external illumination source through the article, and generate an output indicating if the article is authentic in response to the features corresponding to a predetermined plurality of features that are generated from another image of the article corresponding to features in the generated image and in response to a cryptographic signature corresponding to feature data that are extracted from the other image corresponding to a valid cryptographic signature of a predetermined party.

Abstract: A method for operating a computing system with a trusted processor include generating a secret cryptographic key based on a physically unclonable function in at least one hardware component in the trusted processor, generating a first public key and first private key using first secret cryptographic key, and executing instruction code corresponding to a first software program. The method further includes generating output data with the trusted processor during execution of the first software program, generating encrypted data corresponding to the output data using the first public key for at least a portion of the encryption, generating a signature of the encrypted data, and transmitting with an input/output (I/O) interface operatively connected to the trusted processor the encrypted data and the signature for storage in an untrusted memory.

Abstract: A method of searching encrypted data includes generating with a client computing device a search index identifier corresponding to a search term in an encrypted search table and transmitting the search index identifier, a first single use key and a second single use key to a server. The method includes generating a set of decrypted data with the server for a set of data in an encrypted search table corresponding to the search index identifier using the first single use key to decrypt a first portion of the data and the second single use key to decrypt a second portion of the data. The method further includes identifying one or more encrypted files stored on the server that include the encrypted search term based on the decrypted data from the search table, and transmitting the encrypted files or encrypted file identifiers to the client computing device.

Abstract: A method of generating cryptographic keys includes generating, with a first processor in a first computing device, error correction data corresponding to first sensor data that are stored in a memory, generating a first cryptographic key with reference to a first hashed value of the first sensor data, generating a first message authentication code (MAC) with reference to the first cryptographic key and the error correction data, and transmitting with a first I/O device in the first computing device the error correction data and the first MAC through a communication channel to a second computing device. The transmitted data enable the second computing device to generate a second cryptographic key with reference to second sensor data.

Abstract: A method of authenticating a device and a user comprises receiving a user input, generating a first key from the user input, performing a physical measurement of the device, obtaining helper data for the device, computing a second key from the physical measurement and the helper data, and performing an operation using the first and second keys. In a preferred embodiment, the method comprises performing a defined function on the first and second keys to obtain a third key. Additionally security can be provided by the step of receiving a user input comprising performing a biometric measurement of the user and the step of generating a first key from the user input comprises obtaining helper data for the user and computing the first key from the biometric measurement and the user helper data.

Abstract: A method for determining a cyrptographic key for a MEMS device includes identifying physical properties for the device. A feature vector having a plurality of values is determined. Each of the values correspond to different physical properties. The cryptographic key is determined from the feature vector. The cryptographic key can be determined using a fuzzy extractor. The cryptographic key can be determined using different feature vectors corresponding to different channels in a device or different MEMS structures in the device.