Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.

Abstract: Verification of an encrypted blob of data passed to a sealed storage function in a trusted platform module (TPM) of a computing platform by a software component, may be accomplished by receiving the encrypted blob of data and a digital signature for each of a set of platform configuration register (PCR) indicators and PCR value pairs from the software component. The encrypted blob of data may be decrypted using a TPM key to form a decrypted blob of data, the decrypted blob of data including a secret and a verification key. For each received digital signature of the set of PCR identifier and PCR value pairs, it may be determined if each received digital signature verifies using the verification key and rejecting the decrypted blob of data when any signature is not verified.

Abstract: Methods and apparatus for mixing encrypted data with unencrypted data are disclosed. A disclosed system receives data from a first media source, such as DVD-Audio content, and encrypts the data from the first media source using a key stream to form an encrypted data stream. The disclosed system may separate the encrypted data stream into a plurality of encrypted data streams and may combine the plurality of encrypted data streams with an unencrypted data stream associated with a second media source to form a mixed data stream. The mixed data stream is formed without decrypting the plurality of encrypted data streams and is transmitted to hardware or a hardware driver.

Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.

Abstract: An apparatus and method is provided for a direct anonymous attestation scheme from short-group signatures. The method may include the creation of a group public/private key pair for a trusted membership group defined by an issuer; and assigning a cryptographic pair that is combined with a unique private member value to form a private membership key. A trusted member device generates the unique private member value during a join procedure of a trusted membership group. In one embodiment, the private member value of the private membership key is unknown to the issuer. A member may sign a message with the private membership key to form a short-group digital signature that is verified using a public key of the trusted membership group to maintain anonymity of trusted member devices. A size of the private membership key may be reduced to enable storage within a trusted platform module. Other embodiments are described and claimed.

Abstract: Obscuring cryptographic computations may be accomplished by performing modular exponentiation of an exponent in a cryptographic computation such that memory accesses are independent of the exponent bit pattern, thereby deterring timing attacks.

Abstract: Encrypting data in as cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps.

Abstract: Methods and apparatus for mixing encrypted data with unencrypted data are disclosed. A disclosed system receives data from a first media source, such as DVD-Audio content, and encrypts the data from the first media source using a key stream to form an encrypted data stream. The disclosed system may separate the encrypted data stream into a plurality of encrypted data streams and may combine the plurality of encrypted data streams with an unencrypted data stream associated with a second media source to form a mixed data stream. The mixed data stream is formed without decrypting the plurality of encrypted data streams and is transmitted to hardware or a hardware driver.

Abstract: Methods and apparatus for mixing encrypted data with unencrypted data are disclosed. A disclosed system receives data from a first media source, such as DVD-Audio content, and encrypts the data from the first media source using a key stream to form an encrypted data stream. The disclosed system may separate the encrypted data stream into a plurality of encrypted data streams and may combine the plurality of encrypted data streams with an unencrypted data stream associated with a second media source to form a mixed data stream. The mixed data stream is formed without decrypting the plurality of encrypted data streams and is transmitted to hardware or a hardware driver.

Abstract: The system and method uses user generated questions and answers of multiple levels for added protection from adversaries. There are a first set of question(s) and answer(s) corresponding to the first set of questions as well as a second set of plurality of questions and answers corresponding to the second set of plurality of questions. The second set of plurality of answers is concatenated to form a single pass phrase. To enter the pass phrase at a client workstation, a user is presented with a plurality of entries for entering the second set of plurality of answers and an option to request a second set of plurality of questions. If the correct first set of answer(s) is entered immediately or entered after the first set of question(s) is displayed, the second set of plurality of questions is displayed.

Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.

Abstract: Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.

Abstract: Obscuring cryptographic computations may be accomplished by performing modular exponentiation of an exponent in a cryptographic computation such that memory accesses are independent of the exponent bit pattern, thereby deterring timing attacks.

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting-encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium.

Abstract: A method, apparatus and system for improving security on a virtual machines host is described. A shared file system on the host may include annotations usable by a service module to access files across VMs and to enforce security policies. The service module may additionally enable a unified user interface to improve usability of the host.

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol.

Abstract: Obscuring cryptographic computations may be accomplished by performing modular exponentiation of an exponent in a cryptographic computation such that memory accesses are independent of the exponent bit pattern, thereby deterring timing attacks.

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol.

Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system.

Abstract: Receiving a request for an attestation of platform configuration from an attestation requestor, receiving an acceptable configuration, and if the platform matches the acceptable configuration, sending an attestation of platform configuration including a signed response indicating that the platform configuration matches an acceptable configuration to the attestation requester.