Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: The methods and systems may provide a scalable round-robin arbiter tree that performs round-robin arbitration for a plurality of requests received from a set of requestors. The round-robin arbiter may stack a plurality of round-robin cells in stages where an output of a first stage of round-robin cells is an input to a next stage of round-robin cells. The round-robin arbiter may transform an arbitration state at each stage of the arbitration and propagate the arbitration state into the next stage for arbitration. The arbitration state from the final stage round-robin cell is fed back to the first stage of the round-robin cells and used in a subsequent arbitration round.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: In an embodiment, an integrated circuit such as an SOC (or even a discrete chip system) includes one or more local timebases in various locations. The timebases may be incremented based on a high frequency local clock that may be subject to variation during use due. Periodically, based on a lower frequency clock that is subject to less variation, the local timebases may be synchronized to the correct time, using hardware circuitry. In particular, the correct timebase value for the next synchronization may be transmitted to each local timebase, and the control circuit for the local timebase may be configured to saturate the local timebase at the correct value if the local timebase reaches the correct value before the synchronization occurs. Similarly, if the synchronization occurs and the local timebase has not reached the correct value, the control circuit may be configured to load the correct timebase value.

Abstract: In an embodiment, an integrated circuit such as an SOC (or even a discrete chip system) includes one or more local timebases in various locations. The timebases may be incremented based on a high frequency local clock that may be subject to variation during use due. Periodically, based on a lower frequency clock that is subject to less variation, the local timebases may be synchronized to the correct time, using hardware circuitry. In particular, the correct timebase value for the next synchronization may be transmitted to each local timebase, and the control circuit for the local timebase may be configured to saturate the local timebase at the correct value if the local timebase reaches the correct value before the synchronization occurs. Similarly, if the synchronization occurs and the local timebase has not reached the correct value, the control circuit may be configured to load the correct timebase value.

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: In an embodiment, an integrated circuit such as an SOC (or even a discrete chip system) includes one or more local timebases in various locations. The timebases may be incremented based on a high frequency local clock that may be subject to variation during use due. Periodically, based on a lower frequency clock that is subject to less variation, the local timebases may be synchronized to the correct time, using hardware circuitry. In particular, the correct timebase value for the next synchronization may be transmitted to each local timebase, and the control circuit for the local timebase may be configured to saturate the local timebase at the correct value if the local timebase reaches the correct value before the synchronization occurs. Similarly, if the synchronization occurs and the local timebase has not reached the correct value, the control circuit may be configured to load the correct timebase value.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: Techniques are disclosed relating to processor power control and interrupts. In one embodiment, an apparatus includes a processor configured to assert an indicator that the processor is suspending execution of instructions until the processor receives an interrupt. In this embodiment, the apparatus includes power circuitry configured to alter the power provided to the processor based on the indicator. In this embodiment, the apparatus includes throttling circuitry configured to, in response to receiving a request from the power circuitry to alter the power provided to the processor, block the request until the end of a particular time interval subsequent to receipt of the request or de-assertion of the indicator. In some embodiments, the particular time interval corresponds to latency between the processor receiving an interrupt and de-asserting the indicator.

Abstract: An apparatus, a method, and a system are presented in which the apparatus may include a security circuit, a processor, and an interface controller. The security circuit may be configured to generate a keyword. The processor may be configured to determine one or more policies to be applied to usage of the keyword, and to generate a policy value. The policy value may include one or more data bits indicative of the determined one or more policies. The interface controller may be configured to generate a message including the keyword and the policy value. The interface controller may also be configured to send the message.

Abstract: In an embodiment, an integrated circuit such as an SOC (or even a discrete chip system) includes one or more local timebases in various locations. The timebases may be incremented based on a high frequency local clock that may be subject to variation during use due. Periodically, based on a lower frequency clock that is subject to less variation, the local timebases may be synchronized to the correct time, using hardware circuitry. In particular, the correct timebase value for the next synchronization may be transmitted to each local timebase, and the control circuit for the local timebase may be configured to saturate the local timebase at the correct value if the local timebase reaches the correct value before the synchronization occurs. Similarly, if the synchronization occurs and the local timebase has not reached the correct value, the control circuit may be configured to load the correct timebase value.

Abstract: An apparatus may include first and second clock monitors. The first clock monitor may be configured to receive a first clock signal and assert a first signal if the frequency of the first clock signal is greater than a first upper threshold and assert a second signal if the frequency of the first clock signal is less than a first lower threshold. The second clock monitor may be configured to receive a second clock signal with a frequency higher than that of the first clock signal. The second clock monitor may be configured to compare the second clock signal, dependent upon the first clock signal, to second upper and lower thresholds and assert a third signal if the frequency of the second clock signal is greater than the second upper threshold and assert a fourth signal if the frequency is less than the second lower threshold.