Abstract: Hardware security modules for executing zero-knowledge proofs are provided. Such a module includes multiple computational engines for executing respective primitive operations of zero-knowledge proofs, and memory storing multiple data-flow graphs. Each data-flow graph defines computational functionality of a respective one of the proofs, and comprises a set of nodes, each representing a said primitive operation, interconnected by edges representing input/output data of nodes. At least edges which represent security-sensitive data are indicated by edge-labels in the graphs. The module further comprises a set of registers, comprising at least a subset of secure registers, for storing data during execution of proofs, and a processor configured to control execution, using said engines, of proofs defined by the set of dataflow graphs such that data corresponding to a security-sensitive edge in a graph is stored in a secure register during execution.

Abstract: Manufacturing a batch is provided which includes a plurality of items of an electronic device, the items including a plurality of corresponding main modules having a same functional structure substantially identical for the items. The method includes defining at least one security electric circuit, of an enclosure component for enclosing each item, adapted to protect the item from tampering, the security electric circuits having individual configurations substantially different among the items, for use in forming the security electric circuit with the corresponding configuration on each enclosure component. Additionally, the method includes determining one or more electric characteristics of each security electric circuit for use in configuring a monitoring circuit of the corresponding main module, the monitoring circuit being adapted to the corresponding security electric circuit for detecting the tampering, according to the electric characteristics of the corresponding security circuits.

Abstract: The present disclosure relates to a computer-implemented method for controlling operation of multiple computational engines of a physical computing device. The computer-implemented method includes providing a multiplexer module in the device, the multiplexer module including a first and second memory region. The multiplexer module may receive from a first driver at the multiplexer module a data processing request to be processed by a first set of one or more computational engines of the computational engines. Subsequent to receiving the data processing request, the multiplexer module may assign a request sub-region of the first region and a response sub-region of the second region to the first driver. Data indicative of the request sub-region and the response sub-region may be submitted to the first driver. Results of processing the request may be received at the response sub-region.

Abstract: System, methods, and media are provided for enforcing segmentation of multi-tenant data. An example method includes informing hardware of direct memory access (DMA) segmented regions, in which the hardware is informed of software-specified size and count parameters relating to DMA windows. Identifying an originating DMA window for each DMA descriptor and referenced data. Verifying that contents of one or more DMA transfers are entirely from memory controlled by a single process. Setting DMA window-describing registers based the software-specified size and count parameters. Enforcing restrictions, based on the DMA window-describing registers, for DMA requests relating to the DMA windows as DMA requests are received.

Abstract: A system to protect signal integrity includes a circuit board having a secure portion and a non-secure portion. The secure portion includes a protected circuit operable for storing security relevant data, and a secure portion power-supply element. The non-secure portion includes an unprotected circuit and a non-secure portion power-supply element corresponding to the secure portion power-supply element. The secure portion and the non-secure portion element are separated by an isolation gap. A coupling element bridges the isolation gap between the secure portion and the non-secure portion. The coupling element is electrically connected to the secure portion power-supply element within the secure portion and electrically connected to the non-secure portion power-supply portion.

Abstract: A method includes determining, by a tracker controller of a hardware security module, that a first processor has submitted a first request to access a computing resource. The method also includes determining, by the tracker controller, whether the first request and a second request both request access to the same computing resource. The second request is submitted by a second processor. The method also includes preventing access to the computing resource based on a determination that the first request and the second request do not request access to the same computing resource. The method also includes permitting access to the computing resource based on a determination that the first request and the second request both request access to the same computing resource.

Abstract: System, methods, and media are provided for enforcing segmentation of multi-tenant data. An example method includes informing hardware of direct memory access (DMA) segmented regions, in which the hardware is informed of software-specified size and count parameters relating to DMA windows. Identifying an originating DMA window for each DMA descriptor and referenced data. Verifying that contents of one or more DMA transfers are entirely from memory controlled by a single process. Setting DMA window-describing registers based the software-specified size and count parameters. Enforcing restrictions, based on the DMA window-describing registers, for DMA requests relating to the DMA windows as DMA requests are received.

Abstract: Tamper-respondent assemblies and methods of fabrication are provided which include a multilayer circuit board, a tamper-detection sensor, and a vent structure. The tamper-detection sensor is embedded within the multilayer circuit board, and defines, at least in part, a secure volume associated with the multilayer circuit board. The vent structure is incorporated into the multilayer circuit board, and includes at least one vent channel. The vent channel(s) is in fluid communication with a space within the secure volume to facilitate venting the space of the secure volume. The space within the secure volume may accommodate, for instance, one or more electronic components to be protected, and the at least one vent channel may, for instance, allow air pressure within the space of the secure volume to equalize with air pressure external to the tamper-respondent assembly.

Abstract: A method includes determining, by a persistent memory lockstep unit of a hardware security module, that a first processor is attempting to change a state of the hardware security module. The method also includes determining, by the persistent memory lockstep unit, whether a second processor has attempted the same change. The method also includes preventing the change until both the first processor and the second processor have attempted the same change. The method also includes permitting the change to the state of the hardware security module based on a determination that both the first processor and the second processor have both attempted the same change.

Abstract: Radio-assisted tamper protection in a HSM electronic device. Radio signals received from one or more network elements on a network are used for determining values of a set of network parameters that identify the electronic device in a predefined state. A tamper detection state signal may be generated responsive to the detected tampering state. The electronic device may be inhibited from operation in response to the tamper detection state signal.

Abstract: Tamper-proof electronic packages and fabrication methods are provided which include a glass substrate. The glass substrate is stressed glass with a compressively-stressed surface layer. Further, one or more electronic components are secured to the glass substrate within a secure volume of the tamper-proof electronic package. In operation, the glass substrate is configured to fragment with an attempted intrusion event into the electronic package, and the fragmenting of the glass substrate also fragments the electronic component(s) secured to the glass substrate, thereby destroying the electronic component(s). In certain implementations, the glass substrate has undergone ion-exchange processing to provide the stressed glass.

Abstract: Tamper-proof electronic packages and fabrication methods are provided which include a glass substrate. The glass substrate is stressed glass with a compressively-stressed surface layer. Further, one or more electronic components are secured to the glass substrate within a secure volume of the tamper-proof electronic package. In operation, the glass substrate is configured to fragment with an attempted intrusion event into the electronic package, and the fragmenting of the glass substrate also fragments the electronic component(s) secured to the glass substrate, thereby destroying the electronic component(s). In certain implementations, the glass substrate has undergone ion-exchange processing to provide the stressed glass.

Abstract: A circuitized structure with a 3-dimensional configuration. A base structure is provided that includes an insulating substrate of electrically insulating material with a flat configuration, and further includes an electric circuit including at least one layer of electrically conductive material arranged on the insulating substrate. The insulating material includes a thermosetting material being partially cured by stopping a cure thereof at a B-stage before reaching a gel point. The base structure is formed according to the 3-dimensional configuration, and the cure of the thermosetting material is completed.

Abstract: A method to fabricate a tamper respondent assembly is provided. The tamper respondent assembly includes an electronic component and an enclosure at least partly enclosing the electronic component. A piezoelectric sensor is integrated in the enclosure. The integrating includes providing a base structure that includes a first conductive layer, depositing a piezoelectric layer on the first conductive layer, covering the piezoelectric layer with a second conductive layer, and providing sensing circuitry for observing sensing signals of the piezoelectric layer. The piezoelectric layer includes a plurality of nanorods. Aspects of the invention further relates to a corresponding assembly and a corresponding computer program product.

Abstract: The present invention relates to a method to fabricate a tamper respondent assembly. The tamper respondent assembly includes an electronic component and an enclosure fully enclosing the electronic component. The method includes printing, by a 3-dimensional printer, a printed circuit board that forms a bottom part of the enclosure and includes a first set of embedded detection lines for detecting tampering events and signal lines for transferring signals between the electronic component and an external device. The electronic component is assembled on the printed circuit board, and a cover part of the enclosure is printed on the printed circuit board. The cover part includes a second set of embedded detection lines. Sensing circuitry can be provided for sensing the conductance of the first set of embedded detection lines and the second set of embedded detection lines to detect tampering events.

Abstract: A system to protect signal integrity includes a circuit board having a secure portion and a non-secure portion. The secure portion includes a protected circuit operable for storing security relevant data, and a secure portion power-supply element. The non-secure portion includes an unprotected circuit and a non-secure portion power-supply element corresponding to the secure portion power-supply element. The secure portion and the non-secure portion element are separated by an isolation gap. A coupling element bridges the isolation gap between the secure portion and the non-secure portion. The coupling element is electrically connected to the secure portion power-supply element within the secure portion and electrically connected to the non-secure portion power-supply portion.

Abstract: Tamper-respondent assemblies and fabrication methods are provided which utilize liquid crystal polymer layers in solid form. The tamper-respondent assemblies include a circuit board, and an enclosure assembly mounted to the circuit board to enclose one or more electronic components coupled to the circuit board within a secure volume. The assembly includes a tamper-respondent sensor that is a three-dimensional multilayer sensor structure, which includes multiple liquid crystal polymer layers, and at least one tamper-detect circuit. The at least one tamper-detect circuit includes one or more circuit lines in a tamper-detect pattern disposed on at least one liquid crystal polymer layer of the multiple liquid crystal polymer layers. Further, a monitor circuit is provided disposed within the secure volume to monitor the at least one tamper-detect circuit of the tamper-respondent sensor for a tamper event.

Abstract: A circuitized structure with a 3-dimensional configuration. A base structure is provided that includes an insulating substrate of electrically insulating material with a flat configuration, and further includes an electric circuit including at least one layer of electrically conductive material arranged on the insulating substrate. The insulating material includes a thermosetting material being partially cured by stopping a cure thereof at a B-stage before reaching a gel point. The base structure is formed according to the 3-dimensional configuration, and the cure of the thermosetting material is completed.

Abstract: Manufacturing a batch is provided which includes a plurality of items of an electronic device, the items including a plurality of corresponding main modules having a same functional structure substantially identical for the items. The method includes defining at least one security electric circuit, of an enclosure component for enclosing each item, adapted to protect the item from tampering, the security electric circuits having individual configurations substantially different among the items, for use in forming the security electric circuit with the corresponding configuration on each enclosure component. Additionally, the method includes determining one or more electric characteristics of each security electric circuit for use in configuring a monitoring circuit of the corresponding main module, the monitoring circuit being adapted to the corresponding security electric circuit for detecting the tampering, according to the electric characteristics of the corresponding security circuits.

Abstract: Electronic circuits, electronic packages, and methods of fabrication are provided. The electronic circuit includes a multilayer circuit board, and a tamper-respondent sensor embedded within the circuit board. The tamper-respondent sensor defines, at least in part, a secure volume associated with the multilayer circuit board. In certain implementations, the tamper-respondent sensor includes multiple tamper-respondent layers embedded within the circuit board including, for instance, one or more tamper-respondent frames and one or more tamper-respondent mat layers, with the tamper-respondent frame(s) being disposed, at least in part, above the tamper-respondent mat layer(s), which together define the secure volume where extending into the multilayer circuit board.