Abstract: Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with an authorized code to determine that the code is authorized, the information being stored within the security device. In response to determining that the code is authorized, the security device enables to access data stored within the security device and generate a property of a message based on the data.

Abstract: Systems, methods, and devices of the disclosure relate, generally, to secure boot assist for devices. In one or more embodiments, a first device includes firmware that needs to be verified as secure as part of a secure boot process, and a second device assists the first device to secure the secure boot process. In some embodiments the second device verifies security of the firmware responsive to security data provided by the first device, or verifies security of a program provided by the first device, the program for verifying security of the firmware. In some embodiments the second device provides a program for verifying security of the firmware to the first device.

Abstract: Systems, methods, and devices of the disclosure relate, generally, to secure boot assist for devices. In one or more embodiments, a first device includes firmware that needs to be verified as secure as part of a secure boot process, and a second device assists the first device to secure the secure boot process. In some embodiments the second device verifies security of the firmware responsive to security data provided by the first device, or verifies security of a program provided by the first device, the program for verifying security of the firmware. In some embodiments the second device provides a program for verifying security of the firmware to the first device.

Abstract: Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with an authorized code to determine that the code is authorized, the information being stored within the security device. In response to determining that the code is authorized, the security device enables to access data stored within the security device and generate a property of a message based on the data.

Abstract: Systems, methods, and devices of the disclosure relate, generally, to secure boot assist for devices. In one or more embodiments, a first device includes firmware that needs to be verified as secure as part of a secure boot process, and a second device assists the first device to secure the secure boot process. In some embodiments the second device verifies security of the firmware responsive to security data provided by the first device, or verifies security of a program provided by the first device, the program for verifying security of the firmware. In some embodiments the second device provides a program for verifying security of the firmware to the first device.

Abstract: Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with the code to determine that the code is an authorized code, the information being stored within the security device. In response to determining that the code is the authorized code, the security device enables to access data stored within the security device and generate a property of a message based on the data.

Abstract: Systems, methods, circuits and computer-readable mediums for a network message translator are disclosed. In an embodiment, a device includes a host processor and a translator. The host processor is configured to process messages and the translator is operable to: receive a first message from the host processor, the first message having a first frame format that is associated with a data time window; translate the first message into a first translated message having a second frame format such that the first translated message includes additional bits based on the second frame format; and sending the first translated message on a bus based on the second frame format such that the first translated message is sent on the bus during the data time window.

Abstract: Systems, methods, circuits and computer-readable mediums for a network message translator are disclosed. In an embodiment, a device includes a host processor and a translator. The host processor is configured to process messages and the translator is operable to: receive a first message from the host processor, the first message having a first frame format that is associated with a data time window; translate the first message into a first translated message having a second frame format such that the first translated message includes additional bits based on the second frame format; and sending the first translated message on a bus based on the second frame format such that the first translated message is sent on the bus during the data time window.

Abstract: Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with the code to determine that the code is an authorized code, the information being stored within the security device. In response to determining that the code is the authorized code, the security device enables to access data stored within the security device and generate a property of a message based on the data.

Abstract: An integrated circuit device comprises a processor and a secure protection zone with security properties that can be verified by a remote device communicating with the integrated circuit device. The secure protection zone includes a persistent storage that is configured for storing cryptographic keys and data. The secure protection zone also includes instructions that are configured for causing the processor to perform cryptographic operations using the cryptographic keys. In addition, the secure protection zone includes an ephemeral memory that is configured for storing information associated with the cryptographic operations. The instructions are configured for causing the processor to perform the cryptographic operations on the data stored in the persistent storage and the information in the ephemeral memory as part of a secure communication exchange with the remote device.

Abstract: A hardware authentication device is disclosed that uses a cryptographic signature verification operation to authorize a subsequent cryptographic operation to be performed using the same or different keys and stores that authorization status in protected memory. The cryptographic algorithm may be an ECDSA signature, SHA-based Message Authentication Code (MAC) or any other cryptographic algorithm. The authorization status may be stored for a number of uses for a period of time or until a certain event occurs. In some implementations, the authorization status and the key that was authorized are stored in the same protected location in memory to preserve their relation to each other and prevent modification of either of them. Depending on system policy, the authorization mechanism might be a static stored external token that authorizes key use or an authorization process that is regenerated using a random (e.g., unique) number.

Abstract: Systems and techniques for performing cryptographic operations based on public key validity registers are described. A described system includes a controller and a memory structure to store one or more public keys. The memory structure includes one or more validity registers that respectively correspond to the one or more public keys. The controller has exclusive write access to the validity register. The controller can be configured to perform an authentication of a public key, write an authentication status value to the corresponding validity register based on a result of the authentication, and perform one or more cryptographic operations using the public key that are conditional on the validity register indicating an authenticated status for the public key.

Abstract: A hardware authentication device is disclosed that uses a cryptographic signature verification operation to authorize a subsequent cryptographic operation to be performed using the same or different keys and stores that authorization status in protected memory. The cryptographic algorithm may be an ECDSA signature, SHA-based Message Authentication Code (MAC) or any other cryptographic algorithm. The authorization status may be stored for a number of uses for a period of time or until a certain event occurs. In some implementations, the authorization status and the key that was authorized are stored in the same protected location in memory to preserve their relation to each other and prevent modification of either of them. Depending on system policy, the authorization mechanism might be a static stored external token that authorizes key use or an authorization process that is regenerated using a random (e.g., unique) number.

Abstract: Apparatus, systems, and methods send an interrogation command from an interrogation and timing apparatus to a timed identification (TID) apparatus. The TID apparatus receives the interrogation command, performs a series of logical operations to calculate a response, and returns the response within a maximum length of time established by the interrogation and timing apparatus. The interrogation and timing apparatus confirms that the length of time between sending the interrogation command and receiving the response is within the maximum length of time and that the response is correct. If so, the TID apparatus is authenticated. Additional embodiments are disclosed and claimed.

Abstract: Methods and systems are disclosed for verifying the use of a client device by a host device in a secure system. In one aspect, a method for authenticating a client device includes receiving, by the client device, a message from a host device, accessing, by the client device, a private key and a unique code stored on the client device, where the unique code is different than the private key, generating, by the client device, a digital signature for the message using the private key and the unique code, and providing, by the client device, the digital signature to the host device for verification of the use of the client device by the host device.

Abstract: A method and device include a power pin, a ground pin, and a communications pin. A communications module receives power from the power pin and utilizes an edge counting communication protocol over the communication pin.

Abstract: An integrated circuit device comprises a processor and a secure protection zone with security properties that can be verified by a remote device communicating with the integrated circuit device. The secure protection zone includes a persistent storage that is configured for storing cryptographic keys and data. The secure protection zone also includes instructions that are configured for causing the processor to perform cryptographic operations using the cryptographic keys. In addition, the secure protection zone includes an ephemeral memory that is configured for storing information associated with the cryptographic operations. The instructions are configured for causing the processor to perform the cryptographic operations on the data stored in the persistent storage and the information in the ephemeral memory as part of a secure communication exchange with the remote device.

Abstract: Systems and techniques for performing cryptographic operations based on public key validity registers are described. A described system includes a controller and a memory structure to store one or more public keys. The memory structure includes one or more validity registers that respectively correspond to the one or more public keys. The controller has exclusive write access to the validity register. The controller can be configured to perform an authentication of a public key, write an authentication status value to the corresponding validity register based on a result of the authentication, and perform one or more cryptographic operations using the public key that are conditional on the validity register indicating an authenticated status for the public key.

Abstract: A method and device include a power pin, a ground pin, and a communications pin. A communications module receives power from the power pin and utilizes an edge counting communication protocol over the communication pin.

Abstract: Apparatus, systems, and methods send an interrogation command from an interrogation and timing apparatus to a timed identification (TID) apparatus. The TID apparatus receives the interrogation command, performs a series of logical operations to calculate a response, and returns the response within a maximum length of time established by the interrogation and timing apparatus. The interrogation and timing apparatus confirms that the length of time between sending the interrogation command and receiving the response is within the maximum length of time and that the response is correct. If so, the TID apparatus is authenticated. Additional embodiments are disclosed and claimed.