Abstract: This document discloses data security systems and methods of securing data. A cache memory can be connected between a decryption engine and a central processing unit (“CPU”) to increase security of encrypted data that is stored in a datastore. The decryption engine can retrieve the encrypted data from the datastore, decrypt the data, and store the decrypted data in the cache. In turn, the decrypted data can be accessed by the CPU. The data can be encrypted with a secret key, so that decryption can be performed with the secret key. The key can be varied based on a memory address associated with the data. The key can be protected by restricting direct access to the decryption engine by the CPU.

Abstract: This document discloses one-time-programmable (“OTP”) memory emulation and methods of performing the same. OTP memory can be emulated by managing reads and writes to a memory array in response to an instruction to write data to a OTP memory location and selectively setting a security flag that corresponds to the memory locations. The memory array can be a NAND Flash memory array that includes multiple pages of memory. The memory array can be defined by memory blocks that can include multiple pages of memory. When an OTP write instruction is received, previously stored data can be read from a first page of memory, combined with the new data and stored to a target page of memory. A security flag can be set to prevent the target page from being reprogrammed prior to an erase.

Abstract: A method of processing programming instructions may include identifying an instruction to be fetched; determining if the identified instruction is protected; if the identified instruction is protected, selecting an alternate instruction from a plurality of alternate instructions corresponding to the identified protected instruction, and fetching the selected alternate instruction; and if the identified instruction is not protected, fetching the identified instruction. Identifying the instruction to be fetched may include identifying an address stored in a program address pointer. Determining if the identified instruction is protected may include comparing the address stored in the program address pointer to one or more addresses stored in a first memory portion, and determining if there is a correspondence.

Abstract: Software can be downloaded securely using a multi-encryption method, where the decryption is completed when the software is executed. In one aspect, a multi-encrypted data item is received. One or more of the encryptions on the multi-encrypted data item is decrypted, yielding a partially decrypted data item. The partially decrypted data item is stored in a reserved portion of a storage medium. The partially decrypted data item is fetched from the storage medium and decrypted to yield the data item. The decryption can be performed using one or more circuits that implement multiple decryption processes, including multiple algorithm-key combinations.

Abstract: A multi-interface integrated circuit (IC) comprises a plurality of transistors, and a level detection block. At least one transistor of the plurality of transistors is in communication with a first terminal and either a first or a second lead of the multi-interface IC, and at least one of the plurality of transistors is in communication with the first terminal, a second terminal and either the first or a second lead of the multi-interface IC. The level detection block is in communication with at least one of the plurality of transistors and the first and second leads.

Abstract: Systems, methods and program products for a first central processing unit (CPU) configured to perform tasks that do not require manipulation of sensitive information and a second CPU that is configured to perform tasks that manipulate the sensitive information on behalf of the first CPU. The first CPU and the second CPU can communicate through a secure interface. The first CPU cannot access the sensitive information within the second CPU.

Abstract: A multi-interface integrated circuit (IC) comprises a plurality of transistors, and a level detection block. At least one transistor of the plurality of transistors is in communication with a first terminal and either a first or a second lead of the multi-interface IC, and at least one of the plurality of transistors is in communication with the first terminal, a second terminal and either the first or a second lead of the multi-interface IC. The level detection block is in communication with at least one of the plurality of transistors and the first and second leads.

Abstract: A multi-interface integrated circuit (IC) comprises a plurality of transistors, and a level detection block. At least one transistor of the plurality of transistors is in communication with a first terminal and either a first or a second lead of the multi-interface IC, and at least one of the plurality of transistors is in communication with the first terminal, a second terminal and either the first or a second lead of the multi-interface IC. The level detection block is in communication with at least one of the plurality of transistors and the first and second leads.

Abstract: A method and system for checking data stored in a memory of in a computer system is disclosed. The memory includes a plurality of memory addresses. The method and system include providing a signature generator coupled with the memory, providing a checker memory coupled with the signature generator and separate from the memory, and providing an address remapper coupled with the checker memory and the memory. The signature generator provides at least one signature corresponding to the data, which resides in a protection window of the memory. The protection window includes at least one memory address of the plurality of memory addresses. The checker memory stores the at least one signature in at least one checker address, which corresponds to the at least one memory address. The address remapper for translates between the at least one memory address and the at least one checker address.

Abstract: A secure communication interface for a secure multi-processor system is disclosed. The secure communication interface can include a secure controller that is operable to transfer data between a first memory that is directly accessible by a first (master) processor and a second memory that is directly accessible by a secure second (slave) processor in the multi-processor system. One or more control and status registers accessible by the processors facilitate secure data transfer between the first memory and a memory window defined in the second memory. One or more status and violation registers shared by the processors can be included in the secure communication interface for facilitating secure data transfer and for reporting security violations based on a rule set.

Abstract: This document discloses data security systems and methods of securing data. A cache memory can be connected between a decryption engine and a central processing unit (“CPU”) to increase security of encrypted data that is stored in a datastore. The decryption engine can retrieve the encrypted data from the datastore, decrypt the data, and store the decrypted data in the cache. In turn, the decrypted data can be accessed by the CPU. The data can be encrypted with a secret key, so that decryption can be performed with the secret key. The key can be varied based on a memory address associated with the data. The key can be protected by restricting direct access to the decryption engine by the CPU.

Abstract: This document discloses one-time-programmable (“OTP”) memory emulation and methods of performing the same. OTP memory can be emulated by managing reads and writes to a memory array in response to an instruction to write data to a OTP memory location and selectively setting a security flag that corresponds to the memory locations. The memory array can be a NAND Flash memory array that includes multiple pages of memory. The memory array can be defined by memory blocks that can include multiple pages of memory. When an OTP write instruction is received, previously stored data can be read from a first page of memory, combined with the new data and stored to a target page of memory. A security flag can be set to prevent the target page from being reprogrammed prior to an erase.

Abstract: A method and system for controlling timing in a processor is disclosed. In one aspect of the present invention, the method comprises fetching a plurality of instructions, wherein each instruction has a first default execution time during a first condition, and wherein each instruction has a second default execution time during a second condition; during a first mode, executing the plurality of instructions within a same execution time regardless of whether a condition is the first condition or the second condition; and during a second mode, executing the plurality of instructions within random execution time regardless of whether a condition is the first condition or the second condition. According to the system and method disclosed herein, the method effectively modifies the timing of a processor by controlling and/or minimizing variations in the execution times of instructions.

Abstract: Methods and apparatus for identifying a first flow control instruction in an executing program, the first instruction being associated with a first program address at which program execution will continue after execution of the first instruction. A determination is made as to whether the first program address is protected. If the first program address is protected, a first alternate program address is substituted for the first program address such that program execution will continue at the first alternate program address after execution of the first instruction.

Abstract: A multi-interface integrated circuit (IC) comprises a plurality of transistors, and a level detection block. At least one transistor of the plurality of transistors is in communication with a first terminal and either a first or a second lead of the multi-interface IC, and at least one of the plurality of transistors is in communication with the first terminal, a second terminal and either the first or a second lead of the multi-interface IC. The level detection block is in communication with at least one of the plurality of transistors and the first and second leads.

Abstract: Software can be downloaded securely using a multi-encryption method, where the decryption is completed when the software is executed. In one aspect, a multi-encrypted data item is received. One or more of the encryptions on the multi-encrypted data item is decrypted, yielding a partially decrypted data item. The partially decrypted data item is stored in a reserved portion of a storage medium. The partially decrypted data item is fetched from the storage medium and decrypted to yield the data item. The decryption can be performed using one or more circuits that implement multiple decryption processes, including multiple algorithm-key combinations.

Abstract: Systems, methods and program products for a first central processing unit (CPU) configured to perform tasks that do not require manipulation of sensitive information and a second CPU that is configured to perform tasks that manipulate the sensitive information on behalf of the first CPU. The first CPU and the second CPU can communicate through a secure interface. The first CPU cannot access the sensitive information within the second CPU.

Abstract: A method of processing programming instructions may include identifying an instruction to be fetched; determining if the identified instruction is protected; if the identified instruction is protected, selecting an alternate instruction from a plurality of alternate instructions corresponding to the identified protected instruction, and fetching the selected alternate instruction; and if the identified instruction is not protected, fetching the identified instruction. Identifying the instruction to be fetched may include identifying an address stored in a program address pointer. Determining if the identified instruction is protected may include comparing the address stored in the program address pointer to one or more addresses stored in a first memory portion, and determining if there is a correspondence.

Abstract: Methods and apparatus for identifying a first flow control instruction in an executing program, the first instruction being associated with a first program address at which program execution will continue after execution of the first instruction. A determination is made as to whether the first program address is protected. If the first program address is protected, a first alternate program address is substituted for the first program address such that program execution will continue at the first alternate program address after execution of the first instruction.

Abstract: A method and system for checking data stored in a memory of in a computer system is disclosed. The memory includes a plurality of memory addresses. The method and system include providing a signature generator coupled with the memory, providing a checker memory coupled with the signature generator and separate from the memory, and providing an address remapper coupled with the checker memory and the memory. The signature generator provides at least one signature corresponding to the data, which resides in a protection window of the memory. The protection window includes at least one memory address of the plurality of memory addresses. The checker memory stores the at least one signature in at least one checker address, which corresponds to the at least one memory address. The address remapper for translates between the at least one memory address and the at least one checker address.