Abstract: A circuit for secure operation includes a plurality of mutually exclusive circuit zones including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security and one or more gate circuits each providing limited transfer of data between the circuit zones, the gate circuits providing all data connectivity between the first circuit zone and the second circuit zone and statically configured to prevent unmodified transfer of data from the first circuit zone to the second circuit zone.

Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.

Abstract: A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone.

Abstract: A method for determining an authenticity of a configurable electronic device includes configuring the configurable electronic device according to stimulus data, measuring one or more side-effects of operation of the configurable electronic device after configuration of the electronic device to generate representations of the one or more side-effects, processing the representations of the side-effects using a feature extraction module to determine one or more features characterizing the representations of the side-effects, and processing the one or more features characterizing the representations of the side-effects using an authentication module to determine a degree of authenticity of the configurable electronic device.

Abstract: A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone.

Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.

Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.

Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.

Abstract: A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone.

Abstract: A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone.

Abstract: A circuit for secure operation includes a plurality of mutually exclusive circuit zones including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security and one or more gate circuits each providing limited transfer of data between the circuit zones, the gate circuits providing all data connectivity between the first circuit zone and the second circuit zone and statically configured to prevent unmodified transfer of data from the first circuit zone to the second circuit zone.

Abstract: A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone.