Abstract: Disclosed is an apparatus and method to perform a pairing process with a limited input wireless device. A host device includes a transceiver and a processor. The processor may be configured to execute instructions to: receive from the transceiver a pairing process request from the limited input wireless device, wherein the pairing process request includes a private code based upon a physical user action implemented with the limited input wireless device; and implement a pairing process to validate the limited input wireless device for a particular host device function associated with the private code.

Abstract: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Abstract: One feature pertains to an integrated circuit (IC) that includes a first plurality of ring oscillators configured to implement, in part, a physically unclonable function (PUF). The IC further includes a second plurality of ring oscillators configured to implement, in part, an age sensor circuit, and also a ring oscillator selection circuit that is coupled to the first plurality of ring oscillators and the second plurality of ring oscillators. The ring oscillator selection circuit is adapted to select at least two ring oscillator outputs from at least one of the first plurality of ring oscillators and/or the second plurality of ring oscillators. Notably, the ring oscillator selection circuit is commonly shared by the PUF and the age sensor circuit. Also, the IC may further include an output function circuit adapted to receive and compare the two ring oscillator outputs and generate an output signal.

Abstract: Disclosed is a system to implement a method to deliver a targeted content message to a mobile device base on the location of the mobile device. The system may identify a set of businesses within a coverage area of a femtocell base station to produce gathered information. The system may receive a request for a call establishment indicator from the mobile device through the femtocell base station. Targeted content messages may be identified as a function of the gathered information. Moreover, the targeted content message then may be sent to the mobile device as part of the call establishment indicator.

Abstract: In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process.

Abstract: The described apparatus and methods may include a processor, a memory in communication with the processor, a removable module in communication with the processor and operable to store data, an initialization component executable by the processor and configured to initialize the removable module, and an authentication component executable by the processor and configured to: receive a command from the removable module to perform an authentication operation, wherein the command is a standard message having a command qualifier value or code that represents an authentication challenge; obtain a random value from the removable module in response to the command; calculate a response based on the random value and a terminal key stored in the memory; and transmit the response to the removable module.

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract: One feature pertains to an integrated circuit (IC) that includes a first plurality of ring oscillators configured to implement, in part, a physically unclonable function (PUF). The IC further includes a second plurality of ring oscillators configured to implement, in part, an age sensor circuit, and also a ring oscillator selection circuit that is coupled to the first plurality of ring oscillators and the second plurality of ring oscillators. The ring oscillator selection circuit is adapted to select at least two ring oscillator outputs from at least one of the first plurality of ring oscillators and/or the second plurality of ring oscillators. Notably, the ring oscillator selection circuit is commonly shared by the PUF and the age sensor circuit. Also, the IC may further include an output function circuit adapted to receive and compare the two ring oscillator outputs and generate an output signal.

Abstract: A method, apparatus, and/or system for execution prevention is provided. A state indicator for a first subset of a plurality of memory pages of executable code in a memory device is set to a non-executable state. A state indicator for a second subset of the plurality of memory pages is set to an executable state, where the second subset of the plurality of memory pages includes indirection stubs to functions in the first subset of the plurality of memory pages. Upon execution of an application, a function call is directed to a corresponding indirection stub in the second subset of the plurality of memory pages which modifies the state indicator for a corresponding function in the first subset of the plurality of memory pages prior to directing execution of the called function from the first subset of the plurality of memory pages.

Abstract: Disclosed is an apparatus and method to detect vehicle theft. In one embodiment, a processor may be configured to execute instructions to: receive a vehicle detection signal from a vehicle detector; determine whether a vehicle is present or absent based upon the vehicle detection signal; establish an authentication credential after the vehicle is determined to present; and validate the authentication credential to indicate validated parking. If the vehicle is determined to be absent and an authentication credential to un-park the vehicle has not been validated, a notification action may be transmitted to appropriate personnel to indicate that the vehicle has been moved or un-parked without proper authentication.

Abstract: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Abstract: A method, apparatus, and/or system for execution prevention is provided. A state indicator for a first subset of a plurality of memory pages of executable code in a memory device is set to a non-executable state. A state indicator for a second subset of the plurality of memory pages is set to an executable state, where the second subset of the plurality of memory pages includes indirection stubs to functions in the first subset of the plurality of memory pages. Upon execution of an application, a function call is directed to a corresponding indirection stub in the second subset of the plurality of memory pages which modifies the state indicator for a corresponding function in the first subset of the plurality of memory pages prior to directing execution of the called function from the first subset of the plurality of memory pages.

Abstract: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Abstract: The described apparatus and methods may include a processor, a memory in communication with the processor, a removable module in communication with the processor and operable to store data, an initialization component executable by the processor and configured to initialize the removable module, and an authentication component executable by the processor and configured to: receive a command from the removable module to perform an authentication operation, wherein the command is a standard message having a command qualifier value or code that represents an authentication challenge; obtain a random value from the removable module in response to the command; calculate a response based on the random value and a terminal key stored in the memory; and transmit the response to the removable module.

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract: Disclosed is an apparatus and method to perform a pairing process with a limited input wireless device. A host device includes a transceiver and a processor. The processor may be configured to execute instructions to: receive from the transceiver a pairing process request from the limited input wireless device, wherein the pairing process request includes a private code based upon a physical user action implemented with the limited input wireless device; and implement a pairing process to validate the limited input wireless device for a particular host device function associated with the private code.

Abstract: Disclosed is an apparatus and method to detect vehicle theft. In one embodiment, a processor may be configured to execute instructions to: receive a vehicle detection signal from a vehicle detector; determine whether a vehicle is present or absent based upon the vehicle detection signal; establish an authentication credential after the vehicle is determined to present; and validate the authentication credential to indicate validated parking. If the vehicle is determined to be absent and an authentication credential to un-park the vehicle has not been validated, a notification action may be transmitted to appropriate personnel to indicate that the vehicle has been moved or un-parked without proper authentication.

Abstract: A method and apparatus are provided for a subsidizing service provider entity to personalize a subscriber device to ensure the subscriber device cannot be used in a network of a different service provider entity. As the service provider entity subsidizes the subscriber device, it desires to ensure that subscriber device is personalized such that the subscriber device may operate only in its network and not a network of a different service provider entity. The subscriber device is pre-configured with a plurality of provider-specific and/or unassociated root certificates by the manufacturer of the subscriber device. A communication service is established between the service provider entity and the subscriber device allowing for the mutual authentication of the subscriber device and the service provider entity. After mutual authentication, the service provider entity sends a command to the subscriber device to disable/delete some/all root certificates that are unassociated with the service provider entity.

Abstract: In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process.