Abstract: A method is provided for secure provisioning of a device. In the method, a plurality of integrated circuit (IC) devices is manufactured by a first entity for use in the device. The first entity provides signed provisioning software and stores in at least one provisioning IC device one or more keys used for provisioning the plurality of ICs. The provisioning device with the signed provisioning software is provided to a second entity. The second entity verifies the provisioning software using a stored key. The provisioning software encrypts provisioning assets provided by the second entity and provides the encrypted provisioning assets to the third entity. The signed provisioning software is provided to a third entity by the first entity. During manufacturing of the manufactured products by the third entity, the provisioning software verifies and decrypts the encrypted provisioning assets of the second entity to provision all the plurality of IC devices.

Abstract: A method is provided for securely accessing code in an external memory. In the method, plaintext code may be stored in internal memory as sets of multiple blocks, each of the multiple blocks having N-bits. The code is encrypted and stored in the external memory. A block cipher having an authenticated encryption mode is used to convert the plaintext code to ciphertext code plus an authentication tag corresponding to each set of the multiple blocks. The external memory is formatted to store the ciphertext and the authentication tag. A translated address for the ciphertext is created from a plaintext address. During a read operation, the generated authentication tag is checked with an expected authentication tag. If the check is successful, the ciphertext code is decrypted and provided to a CPU for execution as plaintext code. In one embodiment, the CPU executes the plaintext code “in place” in the external memory.

Abstract: A method is provided for securely accessing code in an external memory. In the method, plaintext code may be stored in internal memory as sets of multiple blocks, each of the multiple blocks having N-bits. The code is encrypted and stored in the external memory. A block cipher having an authenticated encryption mode is used to convert the plaintext code to ciphertext code plus an authentication tag corresponding to each set of the multiple blocks. The external memory is formatted to store the ciphertext and the authentication tag. A translated address for the ciphertext is created from a plaintext address. During a read operation, the generated authentication tag is checked with an expected authentication tag. If the check is successful, the ciphertext code is decrypted and provided to a CPU for execution as plaintext code. In one embodiment, the CPU executes the plaintext code “in place” in the external memory.

Abstract: A method is provided for secure provisioning of a device. In the method, a plurality of integrated circuit (IC) devices is manufactured by a first entity for use in the device. The first entity provides signed provisioning software and stores in at least one provisioning IC device one or more keys used for provisioning the plurality of ICs. The provisioning device with the signed provisioning software is provided to a second entity. The second entity verifies the provisioning software using a stored key. The provisioning software encrypts provisioning assets provided by the second entity and provides the encrypted provisioning assets to the third entity. The signed provisioning software is provided to a third entity by the first entity. During manufacturing of the manufactured products by the third entity, the provisioning software verifies and decrypts the encrypted provisioning assets of the second entity to provision all the plurality of IC devices.

Abstract: A method for protecting data includes encrypting information to generate a first tweak, combining a data block with the first tweak, encrypting the tweaked data block to form encrypted data, combining the encrypted data with the first tweak, and providing the combined encrypted data for storage in a memory address. Storing the combined encrypted data at the memory address generates a first stimulus different from a second stimulus generated by storing same encrypted data combined with a second tweak at the memory address. The first stimulus is generated based on the first tweak and the second stimulus is generated based on the second tweak.

Abstract: As may be implemented in accordance with one or more aspects of the disclosure, an apparatus and/or method involves generating, using hash circuitry, successive hash values corresponding to operational states of an apparatus using, for respective ones of the hash values, a previous one of the hash values and a current operational sate of the apparatus. The hash values may be written into a register. In response to an attestation request, one of the hash values may be retrieved from the register and signed using cryptographic circuitry. The signed hash value may be communicated to a remote circuit, therein providing attestation of an operational state of the apparatus.

Abstract: A method is provided for protecting execution of a program against a fault injection attack. In one embodiment, a portion of the program includes multiple substantially logically identical conditional operations that are executed in a sequence. An attacker must successfully inject a fault at each instance of the conditional operations to cause the program execution to reach the final state. The multiple conditional operations may ask the same question differently so that the glitch will not cause the same response from both conditional operations. Also, the program portion may make advancement from one state to the next contingent on arriving at the next state from a valid previous state. The described program portions with multiple instances of a conditional operation make a program execution more resistant to a glitch type of fault injection attack.

Abstract: A method for protecting data includes encrypting information to generate a first tweak, combining a data block with the first tweak, encrypting the tweaked data block to form encrypted data, combining the encrypted data with the first tweak, and providing the combined encrypted data for storage in a memory address. Storing the combined encrypted data at the memory address generates a first stimulus different from a second stimulus generated by storing same encrypted data combined with a second tweak at the memory address. The first stimulus is generated based on the first tweak and the second stimulus is generated based on the second tweak.

Abstract: A method is provided for shuffling an order of a plurality of data blocks. In the method, a random number is generated, the random number corresponding to an index for a data block of the plurality of data blocks, where each data block of the plurality of data blocks has an index that uniquely identifies each data block of the plurality of data blocks. The increment function with a parameter is applied to the random number to generate a new index, the new index corresponds to a data block of the plurality of data blocks. The data block corresponding to the new index is selected as the next data block of a reordering of the plurality of data blocks. The method is iterated until the reordering of the plurality of data blocks is complete.

Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.

Abstract: A method is provided for shuffling an order of a plurality of data blocks. In the method, a random number is generated, the random number corresponding to an index for a data block of the plurality of data blocks, where each data block of the plurality of data blocks has an index that uniquely identifies each data block of the plurality of data blocks. The increment function with a parameter is applied to the random number to generate a new index, the new index corresponds to a data block of the plurality of data blocks. The data block corresponding to the new index is selected as the next data block of a reordering of the plurality of data blocks. The method is iterated until the reordering of the plurality of data blocks is complete.

Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptic Curve Cryptography point addition algorithm for mixed Affine-Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptic Curve Cryptography point addition algorithm for mixed Affine-Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.

Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.

Abstract: An electromagnetic sensor having a detection zone in a sensor direction is at least partly enclosed by a molded part in the sensor direction and at right angles thereto. The molded part contacts and adjoins a motor vehicle part such as a bumper, whereby the molded part is between the sensor and the motor vehicle part. At least one functional element, such as a radiation absorber, a lense, a waveguide, or a reflector, may be embedded in the molded part. The sensor may be received in a pocket recess of the molded part, with an opening at the back side of the sensor.

Abstract: The invention relates to a device for fastening a sensor assembly (1) on a motor vehicle, especially a radar sensor having at least one detection zone in the sensor direction, the sensor assembly (1) being located in the area behind a motor vehicle add-on part (2), in particular a bumper, and a moulded part (3) being arranged between the sensor assembly (1) and the motor vehicle add-on part (2). According to the invention, the moulded part (3) is a solid part, the moulded part (3) is designed to transmit the sensor signals in the detection zone, on its side facing the assembly, the moulded part (3) positively encloses at least part of the sensor assembly (1) in, and at right angles to, the sensor direction, and on its side facing the add-on part, the moulded part (3) has a surface (3a) that is shaped complementary to, and lies flat against, the surface (2a) of the motor vehicle add-on part (2).