Abstract: Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: Methods, systems, and apparatus, for handling applications in an ambient computing system with a privacy processor. One of the methods includes to remain in a monitoring power state until a controller receives an interrupt indicating that one or more sensor signals are present. The one or more sensor signals are provided as input to a machine learning engine. An inference pass is performed by the machine learning engine to generate an output representing a particular context that is specific to a particular user. It is determined that one or more components of an ambient computing system should be disabled based on the on the particular context for the particular user. In response, the one or more components of the ambient computing system are disabled.

Abstract: Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: Techniques and apparatuses are described that implement the secure external data storage. A computing system may include a system-on-chip as a main processing complex and one or more secure elements that execute specialized functions related to sensitive information. While the secure element may use an external flash for storage for performance reasons, storing sensitive information on an external flash may expose the sensitive information if the external flash is ever compromised. The disclosed techniques and apparatuses provide an integrated secure element, of a system-on-chip, which leverages a secure channel with a secure flash to manage a cryptographic key for securing sensitive information stored on an unsecured external flash to prevent the exposure of sensitive information.

Abstract: A system on chip (SoC) includes one or more SoC dies each having a die identification and a die specific secret. A computer obtains the device identification of each chip and extracts from memory the device specific secret of each chip based on the device identification. A challenge is generated based on a random number and encrypted using a first key that is generated based on the die specific secret stored locally in association with each SoC die. After sending the challenge to the SoC, the computer receives a response. The response is generated based on the random number and encrypted using a second key that is generated by the SoC based on the device specific secret of each SoC die stored on the SoC. In accordance with a determination that the response matches the challenge, the computer authenticates the SoC for subsequent trusted operations.

Abstract: Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: A system is described that secures application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components of the system, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: A system is described that secures application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components of the system, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.

Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: Techniques for securing transactions on a mobile device are provided. An example method according to these techniques includes receiving an input of a code to authorize a transaction in a security sensitive application, authenticating the transaction responsive to the input of the code, monitoring sensor information indicative of a context change, and authorizing subsequent transactions responsive to the sensor information indicating that the context change has not occurred since receiving the input of the code.

Abstract: Disclosed is a method and apparatus to decrypt file segments in parallel. In one embodiment, an integrated circuit may be used with a storage device of a computing device that comprises: a hardware interface to communicate with the storage device; a crypto-engine to encrypt file segments to be stored on the storage device and to decrypt file segments read from the storage device; and a processor. The processor may be configured to: read a plurality of decrypted file segments from the storage device through the crypto-engine in parallel; and to store the plurality of decrypted file segments.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: Disclosed is a method and apparatus to decrypt file segments in parallel. In one embodiment, an integrated circuit may be used with a storage device of a computing device that comprises: a hardware interface to communicate with the storage device; a crypto-engine to encrypt file segments to be stored on the storage device and to decrypt file segments read from the storage device; and a processor. The processor may be configured to: read a plurality of decrypted file segments from the storage device through the crypto-engine in parallel; and to store the plurality of decrypted file segments.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: Systems and methods for detecting tampering of a signal are described herein. Some illustrative embodiments include an integrated circuit including an input/output (I/O) pad (electrically accessible from outside the integrated circuit), an I/O circuit coupled to the I/O pad that receives an internally generated signal and causes the internally generated signal to be propagated to the I/O pad, and a comparator having first and second input nodes (the first input node configured to receive a digital representation of the internally generated signal, and the second input node coupled to the I/O pad and configured to receive a digital representation of a signal present at the I/O pad). The comparator signals an exception condition if a logic level of a bit of the digital representation of the internally generated signal does not match a logic level of a bit of the digital representation of the signal present at the I/O pad.

Abstract: A computer program (100, 200) encoded in a computer-programmable medium, and for causing a computer to perform circuit design. The code causes the computer to perform a set of steps. The steps comprise describing a first set of circuitry and describing a second set of circuitry. The steps also comprise describing a digital signal for passing from the first set of circuitry to the second set of circuitry and detecting (230) transitions of the digital signal with respect to a timing constraint (240) of at least a portion of the second set of circuitry. Lastly, the steps comprise, responsive to detecting metastability with respect to timing of a transition of the digital signal relative to the timing constraint of at least a portion of the second set of circuitry, forcing (160) the digital signal to a random value and passing the random value to the second set of circuitry.

Abstract: An electronic device (10). The device comprises a memory structure (12) comprising an integer M of word storage locations. The device further comprises a write shift register (SRWT) for storing a sequence of bits. The sequence in the write shift register comprises a number of bits equal to a ratio of 1/R1 times the integer M. The device further comprises circuitry (16) for providing a write clock cycle to the write shift register for selected write operations with respect to any of the word storage locations. In response to each write clock cycle, received from the circuitry for providing the write clock cycle, the write shift register shifts the sequence in the write shift register. Further, one bit in the sequence in the write shift register corresponds to an indication of one of the memory word storage locations into which a word will be written. The device further comprises a read shift register (SRRD) for storing a sequence of bits.