Abstract: Methods, systems, and computer programs for using an implicit certificate are disclosed. In some implementations, an identifier for an entity is obtained. A first cryptographic pair that includes a first private value and a first public value is generated. A second cryptographic pair that includes a second private value and a second public value is generated. Based on the first public value and the identifier for the entity, an implicit certificate IC is generated at a first computing device. Based on the implicit certificate IC, the first private value, and the second private value, a private key for the entity is generated at the first computing device. The implicit certificate IC is then sent with the second public value from the first computing device to the second computing device. The implicit certificate IC can be used, for example, to generate or verify digital signatures, to encrypt or decrypt messages, etc.

Abstract: In some implementations, a method for managing resources of a device includes receiving, by a system-on-chip (SoC) in the device, from a customer, a request to access one or more resources of the SoC. The SoC includes a non-volatile memory (NVM), a feature register, programming history, and a plurality of resources including the one or more resources. A customer identifier (CID) is identified based on the received request. The customer is authenticated using a certificate including the CID. Whether the SoC grants, to the customer, access to the one or more resources is determine using the feature register and the CID.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: Techniques are disclosed for utilizing a block Montgomery machine designed only to operate at a fixed block length to perform operations using non-block length (flexible)moduli. In one embodiment, a new modulus n? is obtained having a block length equal to the fixed block length of the Montgomery machine or a multiple thereof. At least one modular additive operation is performed with the new modulus n?, and at least one modular multiplicative operation is performed with the non-block length modulus n. In this way, the result of the at least one additive operation is sufficiently reduced when a carry stems from the additive operation.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Abstract: The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host.

Abstract: The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address Location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host.

Abstract: The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host.

Abstract: A method and system for manipulating packet header compression parameters, by substituting at least one instruction set associated with a PPP negotiation packet at the PPP layer of a protocol stack, the at least one instruction set for use in establishing a communication protocol and channel between a pair of correspondents. The method includes the steps of a software module coupled to a first correspondent examining all PPP negotiation packets from a second correspondent; the software module determining whether a first instruction set is present in the PPP negotiation packet; the software module discarding said first instruction set and replacing the first instruction set with a second instruction set; and at the second correspondent receiving the second instruction set associated with a communication protocol information.

Abstract: A method and system for manipulating packet header compression parameters, by substituting at least one instruction set associated with a PPP negotiation packet at the PPP layer of a protocol stack, the at least one instruction set for use in establishing a communication protocol and channel between a pair of correspondents. The method includes the steps of a software module coupled to a first correspondent examining all PPP negotiation packets from a second correspondent; the software module determining whether a first instruction set is present in the PPP negotiation packet; the software module discarding said first instruction set and replacing the first instruction set with a second instruction set; and at the second correspondent receiving the second instruction set associated with a communication protocol information.

Abstract: A method for providing cryptographic functions to data packets at the PPP layer of a network stack is presented. The method includes the steps of intercepting PPP datagrams having at least one encapsulated IP packet en route along the protocol stack; decapsulating the PPP datagrams to retrieve the encapsulated IP packet, determining whether to process the IP packet by modifying the IP packet to provide the cryptographic functions, and encapsulating the IP packet for transmission to a next layer of the network stack.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Abstract: The present invention is directed to a method of updating a checksum associated with a packet of information to be transferred between correspondents. The method comprises the steps of: changing the value of a field; computing a complement; computing a difference; computing a one's complement difference from the first difference; computing a first intermediate checksum value equal to the sum of the complement of the checksum HC and the one's complement difference; computing a one's complement intermediate checksum from the intermediate checksum; computing a complement of the one's complement intermediate checksum; and replacing the checksum in the header with the updated checksum.

Abstract: A method and system for manipulating packet header compression parameters, by substituting at least one instruction set associated with a PPP negotiation packet at the PPP layer of a protocol stack, the at least one instruction set for use in establishing a communication protocol and channel between a pair of correspondents. The method includes the steps of a software module coupled to a first correspondent examining all PPP negotiation packets from a second correspondent; the software module determining whether a first instruction set is present in the PPP negotiation packet; the software module discarding said first instruction set and replacing the first instruction set with a second instruction set; and at the second correspondent receiving the second instruction set associated with a communication protocol information.

Abstract: A method for providing cryptographic functions to data packets at the PPP layer of a network stack is presented. The method includes the steps of intercepting PPP datagrams having at least one encapsulated IP packet en route along the protocol stack; decapsulating the PPP datagrams to retrieve the encapsulated IP packet, determining whether to process the IP packet by modifying the IP packet to provide the cryptographic functions, and encapsulating the IP packet for transmission to a next layer of the network stack.

Abstract: The present invention is directed to a method of updating a checksum associated with a packet of information to be transferred between correspondents. The method comprises the steps of: changing the value of a field; computing a complement; computing a difference; computing a one's complement difference from the first difference; computing a first intermediate checksum value equal to the sum of the complement of the checksum HC and the one's complement difference; computing a one's complement intermediate checksum from the intermediate checksum; computing a complement of the one's complement intermediate checksum; and replacing the checksum in the header with the updated checksum.

Abstract: The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host.