Abstract: A method for access control to a computer with a mobile end device relies on using contactless interfaces. An authentication to the computer is carried out with the mobile end device and upon a successful authentication the access to the computer is granted or maintained. For preparing the authentication, a certificate is loaded into the mobile end device from a portable data carrier separate from the mobile end device. For authentication, authentication data comprising the certificate or obtained from the certificate are provided to the computer from the mobile end device via the contactless interfaces.

Abstract: A method for access control to a computer with a mobile end device relies on using contactless interfaces. An authentication to the computer is carried out with the mobile end device and upon a successful authentication the access to the computer is granted or maintained. For preparing the authentication, a certificate is loaded into the mobile end device from a portable data carrier separate from the mobile end device. For authentication, authentication data comprising the certificate or obtained from the certificate are provided to the computer from the mobile end device via the contactless interfaces.

Abstract: A method and a display preparation unit are proposed for the execution of a transaction during which transaction data are processed which have to be confirmed by a user. The display preparation unit has a converter unit which converts transaction data to be interpreted into pixel values and displays them on a monitor, an interface of its own for directly attaching an input unit via which a user confirms displayed transaction data, as well as a crypto unit for generating a signature for a record of confirmed transaction data. In a variant the confirmation can be effected by the crypto unit generating and displaying a random number which has to be inputted by the user via a conventionally attached input unit.

Abstract: There is proposed a method for enabling a service made available by an electronic device (100), wherein a registration request (114) is generated (S3) by the device (100) and sent (S7) to the registration server (300). The registration server (300) thereupon generates (S8) a registration confirmation (305) and sends (S9) it to the device (100), where the service is finally enabled by receiving and saving (S10) of the registration confirmation (305) on the device (100). In this connection, a trustworthy authority (200) sets up (S6, S12) a timeframe on the registration server (300) such that the registration server (300) sends (S9) a registration confirmation (305) only for a registration request (114) received within the timeframe, and the device (100) sends (S7) the registration request (114) to the registration server (300) within the timeframe.

Abstract: A method, system, and computer-usable medium for operating a mobile computer system. In response to receiving a write request, a control system attempts to write data associated with said write request to a non-volatile memory cache coupled to said hard disk drive. In response to determining the non-volatile memory cache cannot accommodate the data, the control system starts the hard disk drive. The control system writes contents of the non-volatile memory cache to the hard disk drive, after starting the hard disk drive. In response to determining the non-volatile memory cache can accommodate said data, the control system writes the data to the non-volatile memory cache.

Abstract: A method and a display preparation unit are proposed for the execution of a transaction during which transaction data are processed which have to be confirmed by a user. The display preparation unit has a converter unit which converts transaction data to be interpreted into pixel values and displays them on a monitor, an interface of its own for directly attaching an input unit via which a user confirms displayed transaction data, as well as a crypto unit for generating a signature for a record of confirmed transaction data. In a variant the confirmation can be effected by the crypto unit generating and displaying a random number which has to be inputted by the user via a conventionally attached input unit.

Abstract: A method and a display preparation unit are proposed for the execution of a transaction during which transaction data are processed which have to be confirmed by a user. The display preparation unit (20) has a converter unit (29) which converts transaction data to be interpreted into pixel values and displays them on a monitor (6), an interface of its own for directly attaching an input unit (7) via which a user confirms displayed transaction data, as well as a crypto unit (31) for generating a signature for a record of confirmed transaction data. In a variant the confirmation can be effected by the crypto unit (31) generating and displaying a random number which has to be inputted by the user via a conventionally attached input unit (14).

Abstract: In a method in a portable end device (10), data (70E) received from an external data processing apparatus (100) which are prepared according to a communication protocol stack and, in so doing, cryptographically secured according to a security protocol (32) are handled. According to the invention, the received data (70E) are, in so doing, handled in an unsecured data handling environment (14) of the end device (10) according to communication protocols (22; 24; 26) of the communication protocol stack that are below the security protocol (32), and handled in a secured data handling environment (16) of the end device (10) at least according to the security protocol (32).

Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

Abstract: There is proposed a method for enabling a service made available by an electronic device (100), wherein a registration request (114) is generated (S3) by the device (100) and sent (S7) to the registration server (300). The registration server (300) thereupon generates (S8) a registration confirmation (305) and sends (S9) it to the device (100), where the service is finally enabled by receiving and saving (S10) of the registration confirmation (305) on the device (100). In this connection, a trustworthy authority (200) sets up (S6, S12) a timeframe on the registration server (300) such that the registration server (300) sends (S9) a registration confirmation (305) only for a registration request (114) received within the timeframe, and the device (100) sends (S7) the registration request (114) to the registration server (300) within the timeframe.

Abstract: A method and a display preparation unit are proposed for the execution of a transaction during which transaction data are processed which have to be confirmed by a user. The display preparation unit (20) has a converter unit (29) which converts transaction data to be interpreted into pixel values and displays them on a monitor (6), an interface of its own for directly attaching an input unit (7) via which a user confirms displayed transaction data, as well as a crypto unit (31) for generating a signature for a record of confirmed transaction data. In a variant the confirmation can be effected by the crypto unit (31) generating and displaying a random number which has to be inputted by the user via a conventionally attached input unit (14).

Abstract: The present invention relates to an electronic purse data carrier for performing monetary transactions and a method for managing electronic payments with such a carrier. The purse stores one or more payment units each having a respective monetary value, whereby each of said payment units has a respective unique payment unit-ID and comprises an age information evaluable for delimiting the use of it. In particular said information defines a dynamically changing age level. This can be used to force purse owners to return each electronic monetary unit back to the issuing party after a specified cycle measured in time or transactions has passed in order to validate the authenticy, and in particular in order to test for possibly duplicated monetary units.

Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

Abstract: The basic idea comprised of the present invention is to provide two sets of descriptors having each at least three descriptors and each set is used in an alternating manner for defining the location of source and target of the copy operations which are to be performed during the defragmentation procedure. The defragmentation procedure is performed as a sequence of copy operations on copy chunks, i.e., a certain number of sequentially arranged bytes to be copied being part of a valid data block to be copied. In each of said copy operations in said sequence the values which are assigned to said descriptors Change. According to a characterizing feature of the present invention during the whole sequence of copy operations comprised of the defragmentation process one of the two sets of descriptors holds information which is usable for restoring the contents of a copy chunk in case of a power break during a copy operation on said copy chunk. Thus, defragmenting is a safe procedure, and data integrity is assured.

Abstract: Methods, apparatus and computer software and hardware products providing method, apparatus and system solutions for implementing table lookups in a side-channel attack resistant manner. Embodiments are provided for devices and situations where there is limited amount of RAM memory available or restrictions on memory addressing. The solutions solve problems associated with look up tables with large indices, as well as problems associated with looking up large sized tables or a collection of tables of large cumulative size, in limited devices, in an efficient side-channel attack resistant manner. These solutions provide defenses against both first-order side channel attacks as well as higher-order side channel attacks. One aspect of the present invention is the creation of one or more random tables which are used possibly in conjunction with other tables to perform a table lookup.

Abstract: A method, system, and computer-usable medium for operating a mobile computer system. In response to receiving a write request, a control system attempts to write data associated with said write request to a non-volatile memory cache coupled to said hard disk drive. In response to determining the non-volatile memory cache cannot accommodate the data, the control system starts the hard disk drive. The control system writes contents of the non-volatile memory cache to the hard disk drive, after starting the hard disk drive. In response to determining the non-volatile memory cache can accommodate said data, the control system writes the data to the non-volatile memory cache.

Abstract: A new system to grant or refuse access to a system, comprising a portable access device communicating with a terminal of an access point, wherein the portable access device comprises a storage means. A set of trust parameters is stored on the storage means, the set of trust parameters being used to evaluate the amount of service and/or functionality of the system being granted to the user presenting the trust parameters on the portable access device, wherein the evaluation and the decision, whether to grant or refuse access to the system is made as a result of computation of the trust parameters without revealing the identity of the user.

Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

Abstract: A method for changing an operation performed by an electronic device includes defining a process flow chart of the operation to be performed by the electronic device, the process flow chart having one or more primitive actions, the operation having one or more components, the primitive action operating on the components to produce an output. The method further includes determining a number of information dispersal units for each of the components. For each of the components, defining a set of information dispersal units, transforming one or more of the primitive actions of the operation using a transform function to create a transformed primitive action, and applying each of the transformed primitive actions to all the respective sets of information dispersal units to produce a transformed set of transformed information dispersal units.