Abstract: In one embodiment, a processing device includes a symmetric block cipher configured to encrypt plaintext blocks yielding respective ciphertext blocks, obfuscation circuitry configured to obfuscate the respective ciphertext blocks responsively to an obfuscation secret yielding respective obfuscated ciphertext blocks and an interface to send the respective obfuscated ciphertext blocks to at least one remote processing device. In one embodiment, the processing device provides side-channel attack protection within a symmetric key scheme by data obfuscation and by changing encryption/decryption keys using key manipulation so that different blocks or group of blocks of data are encrypted/decrypted using respective encryption/decryption keys.

Abstract: Methods and systems provide for modulating light sources in panel displays of devices, such as light emitting diodes (LEDs), to provide indications as to device performance. The modulations are at low and high frequencies. The low frequencies provide visible blinking patterns, indicative of an event in the device, and the high frequencies, provide non-visible blinking patterns, indicative of one or more parameters associated with the event.

Abstract: Methods and systems provide for modulating light sources in panel displays of devices, such as light emitting diodes (LEDs), to provide indications as to device performance. The modulations are at low and high frequencies. The low frequencies provide visible blinking patterns, indicative of an event in the device, and the high frequencies, provide non-visible blinking patterns, indicative of one or more parameters associated with the event.

Abstract: An Integrated Circuit (IC) includes a non-volatile memory (NVM) and secure power-up circuitry. The NVM is configured to store an operational state of the IC. The secure power-up circuitry is configured to (i) during a power-up sequence of the IC, perform a first readout of the operational state from the NVM while a supply voltage of the IC is within a first voltage range, (ii) if the operational state read from the NVM in the first readout is a state that permits access to a sensitive resource of the IC, verify that the supply voltage is within a second voltage range, more stringent than the first voltage range, and then perform a second readout of the operational state from the NVM, and (iii) initiate a responsive action in response to a discrepancy between the operational states read from the NVM in the first readout and in the second readout.

Abstract: An oscillator circuit includes a plurality of inverters connected in a cascade, at least first and second feedback taps, and alternation circuitry. The at least first and second feedback taps are configured to feed-back at least respective first and second output signals taken from at least respective first and second points in the cascade. The alternation circuitry is configured to derive an input signal from at least the first and second output signals by alternating between at least the first and second feedback taps, and to apply the input signal to an input of the cascade.

Abstract: In one embodiment, a processing device includes a symmetric block cipher configured to encrypt plaintext blocks yielding respective ciphertext blocks, obfuscation circuitry configured to obfuscate the respective ciphertext blocks responsively to an obfuscation secret yielding respective obfuscated ciphertext blocks and an interface to send the respective obfuscated ciphertext blocks to at least one remote processing device. In one embodiment, the processing device provides side-channel attack protection within a symmetric key scheme by data obfuscation and by changing encryption/decryption keys using key manipulation so that different blocks or group of blocks of data are encrypted/decrypted using respective encryption/decryption keys.

Abstract: An oscillator circuit includes a plurality of inverters connected in a cascade, at least first and second feedback taps, and alternation circuitry. The at least first and second feedback taps are configured to feed-back at least respective first and second output signals taken from at least respective first and second points in the cascade. The alternation circuitry is configured to derive an input signal from at least the first and second output signals by alternating between at least the first and second feedback taps, and to apply the input signal to an input of the cascade.

Abstract: A computer system includes one or more memory devices, non-resettable memory elements and a processor. The first memory device is configured to store in the one or more memory devices (i) a first version of a multi-stage bootstrap program for bootstrapping the computer system, the bootstrap program including a self-test program that tests the bootstrap program, and (ii) a second version of the bootstrap program known to be trustworthy. The non-resettable memory elements are configured to store non-resettable indicators including at least a self-test-request indicator and a self-test-passed indicator. The processor is configured to retrieve the first version of the bootstrap program, and, if the first version is at least as recent as the trustworthy second version, to bootstrap the computer system securely using the first version and the non-resettable indicators.

Abstract: A chip system comprising ROM code including a bootloader which runs whenever the chip is powered on; and programmable fuse array memory storing version identifiers, NVMs in which copies of a version of bootable firmware are stored, wherein a first identifier is stored including active major number and minor numbers, signed with a private key; wherein a second identifier is stored including recovery major and minor numbers, signed with said private key; and hardware which obeys a first command by the boot ROM code to disable until next system reset, writing to the recovery NVM other than to the bootloader, and obeys a second command, to lift write protection of the recovery NVM, wherein firmware images associated with both said versions, and both said identifiers, are signed with said private key, and the boot ROM code authenticates firmware image/s and said identifiers.

Abstract: An Integrated Circuit (IC) includes a non-volatile memory (NVM) and secure power-up circuitry. The NVM is configured to store an operational state of the IC. The secure power-up circuitry is configured to (i) during a power-up sequence of the IC, perform a first readout of the operational state from the NVM while a supply voltage of the IC is within a first voltage range, (ii) if the operational state read from the NVM in the first readout is a state that permits access to a sensitive resource of the IC, verify that the supply voltage is within a second voltage range, more stringent than the first voltage range, and then perform a second readout of the operational state from the NVM, and (iii) initiate a responsive action in response to a discrepancy between the operational states read from the NVM in the first readout and in the second readout.

Abstract: A chip system comprising ROM code including a bootloader which runs whenever the chip is powered on; and programmable fuse array memory storing version identifiers, NVMs in which copies of a version of bootable firmware are stored, wherein a first identifier is stored including active major number and minor numbers, signed with a private key; wherein a second identifier is stored including recovery major and minor numbers, signed with said private key; and hardware which obeys a first command by the boot ROM code to disable until next system reset, writing to the recovery NVM other than to the bootloader, and obeys a second command, to lift write protection of the recovery NVM, wherein firmware images associated with both said versions, and both said identifiers, are signed with said private key, and the boot ROM code authenticates firmware image/s and said identifiers.

Abstract: A computer system includes one or more memory devices, non-resettable memory elements and a processor. The first memory device is configured to store in the one or more memory devices (i) a first version of a multi-stage bootstrap program for bootstrapping the computer system, the bootstrap program including a self-test program that tests the bootstrap program, and (ii) a second version of the bootstrap program known to be trustworthy. The non-resettable memory elements are configured to store non-resettable indicators including at least a self-test-request indicator and a self-test-passed indicator. The processor is configured to retrieve the first version of the bootstrap program, and, if the first version is at least as recent as the trustworthy second version, to bootstrap the computer system securely using the first version and the non-resettable indicators.

Abstract: An integrated system for treating a thread and using the treated thread, comprising: a thread treatment machine for treating a thread or portions thereof; a thread applicator configured for using the treated thread such as a stitching machine of 3D printer; at least one mechanism for collecting and trimming thread portions; and a control unit, configured for controlling at least the thread treatment machine, the thread applicator and the collecting and trimming mechanism and for coordinating the treatment of the thread with the operation of the thread applicator, wherein the control unit is further configured for controlling the collecting and trimming mechanism for collecting untreated thread edge portions for allowing using only treated thread portions.

Abstract: A method for initializing a computer system, which includes a Central Processing Unit (CPU), a Trusted Root Device and a Trusted Platform Module (TPM), includes authenticating a boot code of the CPU using the Trusted Root Device, and booting the CPU using the authenticated boot code. A challenge-response transaction, in which the TPM authenticates the Trusted Root Device, is initiated by the CPU following booting of the CPU. Only in response to successful authentication of the Trusted Root Device using the challenge-response transaction, a resource used in operating the computer system is released from the TPM.

Abstract: A controller includes a host interface and a processor. The host interface is configured for communicating with a host. The processor is configured to receive from the host, via the host interface, instructions for execution in a Non-Volatile Memory (NVM), to identify among the instructions an instruction, which pertains to a secure monotonic counter and is intended for execution in an NVM having a secure monotonic counter embedded therein, and to execute the identified instruction, and respond to the host responsively to the instruction, instead of the NVM.

Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves one or more peripheral devices, at least one of the peripheral devices being a memory device. The processor is connected to the bus in addition to the peripheral devices, and is configured to hold a definition that distinguishes between authorized and unauthorized transactions with the memory device, to identify on the bus a transaction in which a bus-master device attempts to access the memory device, and to initiate a responsive action in response to identifying that the transaction is unauthorized in accordance with the definition.

Abstract: A multi-word multiplier circuit includes an interface and circuitry. The interface is configured to receive a first parameter X including one or more first words, and a second parameter Y? including multiple second words. The second parameter includes a blinded version of a non-blinded parameter Y that is blinded using a blinding parameter AY so that Y?=Y+AY. The circuitry is configured to calculate a product Z=X·Y by summing multiple sub-products, each of the sub-products is calculated by multiplying a first word of X by a second word of Y?, and subtracting from intermediate temporary sums of the sub-products respective third words of a partial product P=X·BY, BY is a blinding word included in AY.

Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves a host device and a non-volatile memory (NVM) device. The processor is connected to the bus in addition to the host device and the NVM device. The processor is configured to detect on the bus a boot process, in which the host device retrieves boot code from the NVM device, and to ascertain a security of the boot process, based on an authentic copy of at least part of the boot code of the host device.

Abstract: A security device includes an interface and a processor. The interface is configured for connecting to a bus that serves one or more peripheral devices, at least one of the peripheral devices being a memory device. The processor is connected to the bus in addition to the peripheral devices, and is configured to hold a definition that distinguishes between authorized and unauthorized transactions with the memory device, to identify on the bus a transaction in which a bus-master device attempts to access the memory device, and to initiate a responsive action in response to identifying that the transaction is unauthorized in accordance with the definition.

Abstract: A method for initializing a computer system, which includes a Central Processing Unit (CPU), a Trusted Root Device and a Trusted Platform Module (TPM), includes authenticating a boot code of the CPU using the Trusted Root Device, and booting the CPU using the authenticated boot code. A challenge-response transaction, in which the TPM authenticates the Trusted Root Device, is initiated by the CPU following booting of the CPU. Only in response to successful authentication of the Trusted Root Device using the challenge-response transaction, a resource used in operating the computer system is released from the TPM.