Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol.

Abstract: In one implementation, a method for ensuring the trustworthiness of graphical user interfaces is described wherein a computing system user selects and/or modifies an image to be used as at least a portion of the background of one or more visual elements of a graphical user interface of a trusted computing environment. The user selected background image facilitates recognition by the user of the trustworthiness of the environment's graphical user interface when it is displayed to the user. The computing system seals the selected image or a modified version of the selected image within the trusted computing environment to prevent access to that image by computing environments other than the trusted computing environment. Additional embodiments are described and claimed.

Abstract: A password is split into a plurality of pieces. The pieces are stored at different remote servers. The different remote servers have the property that together they can determine that the user has knowledge of the correct password. If any subset of the servers are compromised, the compromised subset cannot convince any remaining servers that they know the password.

Abstract: To protect a private cryptographic key, two values are derived. The two values together can reconstruct the key. One value is sent to a server and deleted from the local machine. The other value is held by the local machine. To use the key, the user will enter a password, which will be used to authenticate the user to the server, and retrieve the value from the server. The password is also used to unlock the value held by the local machine. The private cryptographic key is thus protected against brute force password attacks without changing the behavior of the user.

Abstract: An credential verification service (CVS) authenticates digital credentials, such as, digital certificates, at the request of online service providers. The CVS stores the authentication results and transaction information in a central activity log. The transaction information can include a size of the transaction, the online service requesting the authentication, an internet protocol (IP) address of a computing device originating the transaction and the goods or services involved in the transaction. The CVS generates an activity report from the activity log that lists the authentication results and the transaction information. A fraud detection module within the CVS analyzes the activity log to identify any unusual patterns in order to identify fraudulent activities or general misuse of the digital credential.

Abstract: Deterring side channel attacks on cryptographic computations using an exponent value e and a modulus value n to determine a result value may be accomplished by picking a first value, picking a second value, computing a third value as a product of the first and second values mod n, computing a first intermediate value as the first value to the exponent e mod n, computing a second intermediate value as the second value to the exponent e mod n, and computing a result value equal to the third value to the exponent e mod n as the product of the first intermediate value and the second intermediate value mod n. The result value ye mod n may be determined in this manner without using a modular inverse operation.

Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.

Abstract: Receiving a request for an attestation of platform configuration from an attestation requestor, receiving an acceptable configuration, and if the platform matches the acceptable configuration, sending an attestation of platform configuration including a signed response indicating that the platform configuration matches an acceptable configuration to the attestation requester.

Abstract: Methods and apparatus for mixing encrypted data with unencrypted data are disclosed. A disclosed system receives data from a first media source, such as DVD-Audio content, and encrypts the data from the first media source using a key stream to form an encrypted data stream. The disclosed system may separate the encrypted data stream into a plurality of encrypted data streams and may combine the plurality of encrypted data streams with an unencrypted data stream associated with a second media source to form a mixed data stream. The mixed data stream is formed without decrypting the plurality of encrypted data streams and is transmitted to hardware or a hardware driver.

Abstract: A manufacturing entity providing a blinded signature to a secure device, associating a time with the blinded signature, and if a signing key is compromised, providing a time of the compromise to a replacement authority and providing the time associated with the blinded signature to the replacement authority.

Abstract: Obscuring cryptographic computations may be accomplished by performing modular exponentiation of an exponent in a cryptographic computation such that memory accesses are independent of the exponent bit pattern, thereby deterring timing attacks.

Abstract: Managing authorization tokens within a computer system may be accomplished by creating a master owner token indicating full ownership of a resource within the computer system by a management environment, creating at least one delegate owner token for a environment, communicating the delegate owner token to the environment and to the resource, and allowing access to the resource by the environment when the environment presents a valid delegate owner token to the resource. In one embodiment, the resource comprises a trusted platform module (TPM).

Abstract: One aspect of an embodiment of the invention provides a method and platform to prove to a challenger that a responder device possesses cryptographic information from a certifying manufacturer. This is accomplished by performing a direct proof by the responder device to prove that the responder device possesses the cryptographic information. The direct proof comprises at least one exponentiation being conducted using an exponent having a bit length no more than one-half a bit length of a modulus (n).

Abstract: A server registering a first party as a party relying upon a second party's certificate, revoking the second party's certificate after registering the first party, and initiating communication with the first party to indicate that the second party's certificate has been revoked.

Abstract: In one aspect of the invention is a method for a multi-level, and multi-dimensional scheme of content protection. Content having one or more attributes is encrypted using separate keys for each level of protection, where each level corresponds to an assurance of protection for each attribute. The content may be distributed to a number of environments having different levels of protection by transmitting a base key commensurate with the environment's subscription level. The base key may then be used generate lower level keys for accessing content at a level of protection less than or equal to that subscribed to.