Abstract: Provided is a method for securing a security device against side-channel analysis attacks while performing a sensitive operation. It includes training an attack neural network to perform a side-channel attack against the security device while performing a sensitive operation, creating a training data set for a protective neural network by applying a plurality of elementary protection combinations to the sensitive operation while performing the sensitive operation, training a protective neural network executing on a coprocessor of the security device using the training data set for the protective neural network, and programming the coprocessor of the security device with the set of parameters for the protective neural network. Other embodiments disclosed.

Abstract: A neural network is trained to match digital samples to categories in a set of categories and when presented with at least one golden sample, which is a sample outside the set of categories, to output a probability vector indicative of a preposterous result that the golden sample is matched to a predefined category in the set of categories. The secure computer system is programmed with the trained neural network, adapted to receive digital samples and to present the digital samples to the trained neural network. As an integrity check, the computer system, is caused to present the golden sample to the trained neural network and if the neural network outputs a probability vector classifying the golden sample into a predefined category in a way that is a preposterous result, declaring the neural network as uncompromised and, otherwise, declaring the neural network as compromised.

Abstract: Provided is a system on chip comprising a memory controller having a clock synchronization circuitry based on a locked loop. The system on chip further comprises a voltage glitch attack detector configured to monitor a clock synchronization signal generated by the clock synchronization circuitry and check whether the monitored clock synchronization signal is a nominal signal or a signal characteristic of a voltage glitch attack. The voltage glitch attack detector may be a software detector executed by a processing unit. Other embodiments disclosed.

Abstract: The present invention relates to a method for activating at least one sensor among a plurality of sensors embedded in a multi-unit device, said at least one sensor being configured to detect attacks during an execution by said multi-unit device of a software code comprising computer code instructions, wherein: said multi-unit device comprises at least two code execution units and a sensor activation circuit, and each sensor is associated to one code execution unit, and said method comprising, performed by said sensor activation circuit before execution of a computer code instruction of said software code by one of said code execution units: —determining (S1) the code execution unit configured to execute said instruction, —activating (S2) only the sensors associated with the determined code execution unit.

Abstract: Provided is a method for executing a security related process comprising at least a first operation and a subsequent programming operation of a memory area in a first memory row of a first memory of a system and using as input security data stored in said second memory of said system, wherein said first memory is a non-volatile memory and said system comprises a first memory charge pump. The method comprises, when the execution of said security related process is triggered: opening (S2) the first memory row, charging (S3) said first memory charge pump, performing (S4) said first operations of the security related process, based on said security data from the second memory, and performing (S5) said programming operation of said memory area in said opened first memory row using said charged charge pump.

Abstract: The present invention relates to a method for activating at least one sensor among a plurality of sensors embedded in a multi-unit device, said at least one sensor being configured to detect attacks during an execution by said multi-unit device of a software code comprising computer code instructions, wherein: said multi-unit device comprises at least two code execution units and a sensor activation circuit, and each sensor is associated to one code execution unit, and said method comprising, performed by said sensor activation circuit before execution of a computer code instruction of said software code by one of said code execution units:—determining (S1) the code execution unit configured to execute said instruction,—activating (S2) only the sensors associated with the determined code execution unit.

Abstract: The invention relates to a random clock generator comprising an input receiving a master clock signal MCIk, and a clock signal reduction circuit (101) receiving the master clock signal MCIk and a whole number N and supplying an output signal corresponding to a train of N pulses every M clock pulse, M being a whole number higher than 1 and N being a whole number higher than 1 and lower than or equal to M. A number generator (102) and (103) supplies a new number (N) to the clock signal reduction circuit every P pulse of a master clock signal, N and/or P being produced randomly.

Abstract: A method is intended for transforming a secure electronic device, associated to a first identifier and having a sensitive mode disabled after production, for a new sensitive use. This method comprises the steps of: (i) externally computing a cipher of the first identifier with a predetermined function fed with this first identifier and a predetermined secret key; (ii) transforming an accessible metal layer of the electronic device to form an activation pattern representing this externally computed cipher of the first identifier; (iii) getting a value representative of this activation pattern into the electronic device; and (iv) computing a second identifier with this transformed electronic device by feeding a reverse function of the predetermined function with this value and this secret key, to trigger a comeback to the sensitive mode if this second identifier is equal to the first identifier.

Abstract: The present invention relates to a method to provide a dynamic change of security configurations in an integrated circuit product adapted to execute at least a given critical process and susceptible to be attacked. The method comprises the steps of tracking successive executions of the given critical process, and after a given number of such executions, triggering a change of the security configuration.

Abstract: The invention relates to a random clock generator comprising an input receiving a master clock signal MCIk, and a clock signal reduction circuit (101) receiving the master clock signal MCIk and a whole number N and supplying an output signal corresponding to a train of N pulses every M clock pulse, M being a whole number higher than 1 and N being a whole number higher than 1 and lower than or equal to M. A number generator (102) and (103) supplies a new number (N) to the clock signal reduction circuit every P pulse of a master clock signal, N and/or P being produced randomly.

Abstract: The present invention relates to a secure platform implementing dynamic countermeasures in relation with the execution of a code, said secure platform having at least a security sensor, a countermeasure controller and countermeasure means. According to the invention, said countermeasure controller includes at least one security sensor flag able to take at least two sensor flag values depending on the output of the security sensor, a table storing N possible security configuration for the countermeasures, a random generator to generate a random configuration value, a decision function using the sensor flag value and the random configuration value to determine a security configuration in the table to be executed by countermeasure means.

Abstract: The present invention relates to a method to provide a dynamic change of security configurations in an integrated circuit product adapted to execute at least a given critical process and susceptible to be attacked. The method comprises the steps of tracking successive executions of the given critical process, and after a given number of such executions, triggering a change of the security configuration.

Abstract: The present invention relates to a secure platform implementing dynamic countermeasures in relation with the execution of a code, said secure platform having at least a security sensor, a countermeasure controller and countermeasure means. According to the invention, said countermeasure controller includes at least one security sensor flag able to take at least two sensor flag values depending on the output of the security sensor, a table storing N possible security configuration for the countermeasures, a random generator to generate a random configuration value, a decision function using the sensor flag value and the random configuration value to determine a security configuration in the table to be executed by countermeasure means.

Abstract: A method is intended for transforming a secure electronic device, associated to a first identifier and having a sensitive mode disabled after production, for a new sensitive use. This method comprises the steps of: (i) externally computing a cipher of the first identifier with a predetermined function fed with this first identifier and a predetermined secret key; (ii) transforming an accessible metal layer of the electronic device to form an activation pattern representing this externally computed cipher of the first identifier; (iii) getting a value representative of this activation pattern into the electronic device; and (iv) computing a second identifier with this transformed electronic device by feeding a reverse function of the predetermined function with this value and this secret key, to trigger a comeback to the sensitive mode if this second identifier is equal to the first identifier.

Abstract: This invention relates to a method for hard partitioning the resources of a secure computer system. The system hardware comprises a hardware mechanism designed to: generate an encryption key with each new program detected by the system, the key being specific to each program, store the said key associated with a program identifier in the system resources, encrypt and store all the data created by the program in the system resources with the key that is specific to it, decrypt the data of the program with the key specific to it in response to a manipulation, call, read and/or write request from a requesting program.