Abstract: Techniques and apparatuses are described that implement the secure external data storage. A computing system may include a system-on-chip as a main processing complex and one or more secure elements that execute specialized functions related to sensitive information. While the secure element may use an external flash for storage for performance reasons, storing sensitive information on an external flash may expose the sensitive information if the external flash is ever compromised. The disclosed techniques and apparatuses provide an integrated secure element, of a system-on-chip, which leverages a secure channel with a secure flash to manage a cryptographic key for securing sensitive information stored on an unsecured external flash to prevent the exposure of sensitive information.

Abstract: A method for self-sovereign resource tracking for domain isolation includes receiving, by a controller unit, a request by an entity to access a first entry in the resource tracking table. The first entry corresponds to a first resource of a computing system. A first identifier associated with the entity is detected. The controller unit compares the first identifier with first owner information specified in the first entry of the resource tracking table. The controller unit controls access from the entity to the first entry of the resource tracking table based on the comparison of the first identifier and the first owner information.

Abstract: Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: Methods, systems, and apparatus, for handling applications in an ambient computing system with a privacy processor. One of the methods includes to remain in a monitoring power state until a controller receives an interrupt indicating that one or more sensor signals are present. The one or more sensor signals are provided as input to a machine learning engine. An inference pass is performed by the machine learning engine to generate an output representing a particular context that is specific to a particular user. It is determined that one or more components of an ambient computing system should be disabled based on the on the particular context for the particular user. In response, the one or more components of the ambient computing system are disabled.

Abstract: Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: Techniques and apparatuses are described that implement the secure external data storage. A computing system may include a system-on-chip as a main processing complex and one or more secure elements that execute specialized functions related to sensitive information. While the secure element may use an external flash for storage for performance reasons, storing sensitive information on an external flash may expose the sensitive information if the external flash is ever compromised. The disclosed techniques and apparatuses provide an integrated secure element, of a system-on-chip, which leverages a secure channel with a secure flash to manage a cryptographic key for securing sensitive information stored on an unsecured external flash to prevent the exposure of sensitive information.

Abstract: A system on chip (SoC) includes one or more SoC dies each having a die identification and a die specific secret. A computer obtains the device identification of each chip and extracts from memory the device specific secret of each chip based on the device identification. A challenge is generated based on a random number and encrypted using a first key that is generated based on the die specific secret stored locally in association with each SoC die. After sending the challenge to the SoC, the computer receives a response. The response is generated based on the random number and encrypted using a second key that is generated by the SoC based on the device specific secret of each SoC die stored on the SoC. In accordance with a determination that the response matches the challenge, the computer authenticates the SoC for subsequent trusted operations.

Abstract: Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: A system is described that secures application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components of the system, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: A system is described that secures application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components of the system, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.

Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: Techniques for securing transactions on a mobile device are provided. An example method according to these techniques includes receiving an input of a code to authorize a transaction in a security sensitive application, authenticating the transaction responsive to the input of the code, monitoring sensor information indicative of a context change, and authorizing subsequent transactions responsive to the sensor information indicating that the context change has not occurred since receiving the input of the code.

Abstract: Disclosed is a method and apparatus to decrypt file segments in parallel. In one embodiment, an integrated circuit may be used with a storage device of a computing device that comprises: a hardware interface to communicate with the storage device; a crypto-engine to encrypt file segments to be stored on the storage device and to decrypt file segments read from the storage device; and a processor. The processor may be configured to: read a plurality of decrypted file segments from the storage device through the crypto-engine in parallel; and to store the plurality of decrypted file segments.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: Disclosed is a method and apparatus to decrypt file segments in parallel. In one embodiment, an integrated circuit may be used with a storage device of a computing device that comprises: a hardware interface to communicate with the storage device; a crypto-engine to encrypt file segments to be stored on the storage device and to decrypt file segments read from the storage device; and a processor. The processor may be configured to: read a plurality of decrypted file segments from the storage device through the crypto-engine in parallel; and to store the plurality of decrypted file segments.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.