Abstract: In some examples, a mobile card reader includes a card interface to read information from a card, an interface to enable the mobile card reader to communicate with a mobile device, and a processor configured to send security related information of the mobile card reader to an application executing on the mobile device. The security related information may be for transmission by the mobile device to a remote server system. The mobile card reader may receive, from the application, an indication that the application has been validated by the remote server system based on validation of the security related information of the mobile card reader and security related information of the application. In response, the mobile card reader generates a secure session key with which to carry out encrypted communication between the application and the mobile card reader.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include processing circuitry positioned on the printed circuit board. The PUF source includes a plurality of traces and each trace includes a first portion and a second portion having an increased surface area relative to the first portion. The PUF source is responsive to an input from the processing circuitry to provide PUF data based on the impedance characteristics of the plurality of traces. The processing circuitry is further configured to process the PUF data from the PUF source to perform an operation within the device.

Abstract: An electronic device, such as a payment reader, may include a physically unclonable function (PUF) source to generate a plurality of PUF values. The electronic device may also include circuitry to compare the plurality of PUF values from the PUF source to determine a degree of randomness of the at least one PUF source in generating the plurality of PUF values. The circuitry can then determine, based on the determined degree of randomness, whether to use the PUF values from the PUF source to perform a secure operation for the electronic device.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

Abstract: In some examples, a mobile card reader includes a card interface to read information from a card, an interface to enable the mobile card reader to communicate with a mobile device, and a processor configured to send security related information of the mobile card reader to an application executing on the mobile device. The security related information may be for transmission by the mobile device to a remote server system. The mobile card reader may receive, from the application, an indication that the application has been validated by the remote server system based on validation of the security related information of the mobile card reader and security related information of the application. In response, the mobile card reader generates a secure session key with which to carry out encrypted communication between the application and the mobile card reader.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

Abstract: Some examples include establishing a secure communication session between a mobile device and a card reader. For instance, a trusted, remote validation server may be used to validate security information of a software module executing on the mobile device prior to the card reader and the software module establishing a secure communication session with each other. In some cases, the software module sends the security information of the software module to the validation server. The secure communication session between the software module and the card reader may be established based on a validation result of a validation process indicating that the security related information of the software module has been determined to be valid by the validation server.

Abstract: Some examples include establishing a secure communication session between a mobile device and a card reader. For instance, a trusted, remote validation server may be used to validate security information of a software module executing on the mobile device prior to the card reader and the software module establishing a secure communication session with each other. In some cases, the software module sends the security information of the software module to the validation server. The secure communication session between the software module and the card reader may be established based on a validation result of a validation process indicating that the security related information of the software module has been determined to be valid by the validation server.

Abstract: A device may include one or more sources such as circuit elements and electrical components that function as sources for physically unclonable function (PUF) data. PUF data may be acquired from the PUF sources and one or more error correction codes may be applied to the PUF data. The resulting PUF values may be used to generate information that may be used for device security operations such as encryption and tamper detection.

Abstract: A device may include one or more sources such as circuit elements and electrical components that function as sources for physically unclonable function (PUF) data. PUF data may be acquired from the PUF sources and one or more error correction codes may be applied to the PUF data. The resulting PUF values may be used to generate information that may be used for device security operations such as encryption and tamper detection.

Abstract: A method of encrypting a passcode is disclosed. In one embodiment, the method includes: receiving an indication of a portion of the passcode; calculating a plaintext value based at least in part on the indication, wherein the plaintext value represents an encoded portion of the passcode; encrypting the plaintext value into ciphertext using a homomorphic encryption system; and updating a cumulative encryption string by executing a cumulative operation to aggregate the ciphertext corresponding to the encoded portion into the cumulative encryption string computed for a previous portion of the passcode, wherein the cumulative operation is dictated by a homomorphic property of the homomorphic encryption system.

Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.

Abstract: Techniques for implementing policy-based anti-rollback techniques on a computing device are described herein. As an example, a remote service may provide the computing device with a boot policy which indicates, for each boot stage of a software bootloader process, what software versions are permitted to execute. Prior to providing the computing device with the boot policy, the remote service may sign the boot policy with a private key, and include of an identifier corresponding to the computing device. At each boot stage of the bootloader process, components of the computing device may verify, using a public key, that the boot policy was signed with the private key, and that the boot policy corresponds to the computing device. After verification, the components may analyze the boot policy to determine whether each boot stage is permitted to execute a software version and boot to the next boot stage.

Abstract: Disclosed is a technique for establishing a secure communication session between a mobile device and a card reader. The technique can involve using a trusted, remote validation server to validate security information of both the card reader and a POS module in the mobile device prior to, and as a precondition of, the card reader and the POS module establishing a secure communication session with each other. In certain embodiments the POS module sends the security information of both the card reader and the POS module to the validation server. The security information can include cryptographic keys of the POS module and the card reader and additional security information related to the POS module and its software environment.

Abstract: A device may include one or more sources such as circuit elements and electrical components that function as sources for physically unclonable function (PUF) data. PUF data may be acquired from the PUF sources and one or more error correction codes may be applied to the PUF data. The resulting PUF values may be used to generate information that may be used for device security operations such as encryption and tamper detection.

Abstract: A device may include one or more sources such as circuit elements and electrical components that function as sources for physically unclonable function (PUF) data. PUF data may be acquired from the PUF sources and one or more error correction codes may be applied to the PUF data. The resulting PUF values may be used to generate information that may be used for device security operations such as encryption and tamper detection.

Abstract: A technique for tamper protection of incoming data signal to an electronic device is disclosed. An intentional interference signal is generated and modulated onto the incoming data signal as one composite input signal, to prevent unauthorized acquisition of valid data from the incoming data signal. The magnitude of the interference signal is adjusted to correspond to the magnitude of the incoming data signal, thereby preventing an attacker from properly differentiating the two different signals and/or decoding the valid data from the composite input signal. Once the composite input signal is safely received within the device, the interference signal can be filtered out in either analog mode or digital mode.

Abstract: Disclosed is a technique for establishing a secure communication session between a mobile device and a card reader. The technique can involve using a trusted, remote validation server to validate security information of both the card reader and a POS module in the mobile device prior to, and as a precondition of, the card reader and the POS module establishing a secure communication session with each other. In certain embodiments the POS module sends the security information of both the card reader and the POS module to the validation server. The security information can include cryptographic keys of the POS module and the card reader and additional security information related to the POS module and its software environment.

Abstract: A method for encrypting a passcode is disclosed. In one embodiment, the method includes: receiving an indication of a portion of the passcode from a user; encoding the portion of the passcode; encrypting the encoded portion into ciphertext using a homomorphic encryption system; updating a cumulative encryption string by executing a cumulative operation to aggregate the ciphertext corresponding to the encoded portion into the cumulative encryption string computed for a previous portion of the passcode, wherein the cumulative operation is dictated by a homomorphic property of the homomorphic encryption system; and generating a passcode message based at least in part on the cumulative encryption string, wherein the passcode message includes a message authentication code.

Abstract: A technique for tamper protection of incoming data signal to an electronic device is disclosed. An intentional interference signal is generated and modulated onto the incoming data signal as one composite input signal, to prevent unauthorized acquisition of valid data from the incoming data signal. The magnitude of the interference signal is adjusted to correspond to the magnitude of the incoming data signal, thereby preventing an attacker from properly differentiating the two different signals and/or decoding the valid data from the composite input signal. Once the composite input signal is safely received within the device, the interference signal can be filtered out in either analog mode or digital mode.