Abstract: Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.

Abstract: A wireless mobile communication (WMC) device may discover available networks, and available local and/or remote resources. The WMC device may configure routes utilizing one or more of discovered resources and one or more available networks. The routes may be utilized to performed operations requested via the WMC device. A standardized language and/or protocol may be utilized in discovering and/or communicating with available resources and/or networks. The standardized language and/or protocol may enable commonality among the discovered networks and/or resources, and encryption of data communicated through the established routes. The standardized language and/or protocol may be updated and/or modified to incorporate new resources either by direct interactions between the new resources and the WMC device, or via existing available resources and/or networks. The discovery of resources and/or establishment of routes may be user-triggered, or it may be based on user preference information.

Abstract: A mobile device may be operable to receive historical location trail information of a building. A location of the mobile device within the building may be determined by placing, moving or snapping a reference location of the mobile device onto a trail according to the received historical location trail information. The historical location trail information may be acquired from a location server. The historical location trail information stored in the location server may be generated using a plurality of location samples that are provided by one or more other mobile devices that have been within the building. The historical location trail information may also be acquired from an indoor map of the building that is used by the mobile device for navigation within the building. The determined location of the mobile device may then be utilized by the mobile device to navigate within the building for location-based services.

Abstract: One or more methods and systems of sharing an external memory between functional modules of an integrated circuit chip are presented. The invention provides a system and method of reducing the amount of off-chip memory utilized by one or more integrated circuit chips. In one embodiment, a method for sharing an off-chip memory among one or more on-chip functional modules comprises arbitrating the communication of data between one or more on-chip functional modules and the off-chip memory. In one embodiment, the arbitration is facilitated by using an internal data bus that is controlled by a bus arbiter control unit. In one embodiment, a system for sharing an off-chip memory between functional modules of an integrated circuit comprises a security processing module, a media access controller module, a data interface, and a data bus.

Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages standard TPM keys.

Abstract: A mobile device may communicate with a location server during location based services (LBS) operations using a secure identifier. The secure identifier abstracts identification information of the mobile device and/or identification information of a user of the mobile device in instances that the mobile device and/or user identification information are deemed protectable from the location server. The location server may be operable to store location data corresponding to the mobile device and/or the user in a location reference database based on the secure identifier. The secure identifier may comprise a unique value, which may be randomly generated. The secure identifier may also be generated based on the mobile device and/or user identification information, by applying, for example, encryption algorithms to the mobile device and/or user identification information.

Abstract: Methods and systems for a handheld portable communication device for configuring connection to and use of local and remote resources are disclosed and may include discovering available networks and resources, establishing a route between the handheld wireless communication device and a selected one or more of the available resources via a selected one or more of the available networks based on user preference criteria stored in the handheld wireless communication device, and communicating multimedia data between the handheld wireless communication device and the selected one or more of the available resources via the established route. The established route may be dynamically adjusted, based on network availability and bandwidth. The handheld wireless communication device may communicate utilizing a plurality of wireless protocols. The preference criteria stored in the handheld wireless communication device may be dynamically adjusted.

Abstract: Systems, apparatuses and methods are disclosed for apportioning tasks among devices. One such method is performed in handheld wireless communication device (HWCD). The method includes discovering available resources in a network and dynamically assessing cost functions for performing a task on the HWCD and on each of the discovered resources. Each of the respective cost functions is based on performance factors associated with the HWCD or with one of the devices. Based on change in the cost functions, the task is apportioned for local execution by the HWCD or remote execution by the available resources.

Abstract: A wireless mobile communication (WMC) device may discover available networks, and available local and/or remote resources. The WMC device may configure routes utilizing one or more of discovered resources and one or more available networks. The routes may be utilized to performed operations requested via the WMC device. A standardized language and/or protocol may be utilized in discovering and/or communicating with available resources and/or networks. The standardized language and/or protocol may enable commonality among the discovered networks and/or resources, and encryption of data communicated through the established routes. The standardized language and/or protocol may be updated and/or modified to incorporate new resources either by direct interactions between said new resources and the WMC device, or via existing available resources and/or networks. The discovery of resources and/or establishment of routes may be user-triggered, or it may be based on user preference information.

Abstract: A secure integrated circuit package is provided. The secure integrated circuit package includes a first substrate having an upper surface and a lower surface. A first plurality of solder balls are arranged in a pattern on the lower surface of the first substrate. A die is coupled to the upper surface of the first substrate. A second plurality of solder balls is coupled to the upper surface of the substrate and arranged in a ring surrounding the die. A mesh substrate including a mesh protection grid is coupled to the second plurality of solder balls.

Abstract: A transmitting communication device may iteratively adjust its transmit power, and may estimate, based on iterative transmit power adjustment, relative location of a receiving communication device. The transmit power may be initialized to a maximum value, and the transmit power may be iteratively reduced until connectivity with the receiving communication device is lost. The loss of connectivity may be determined based on reception of responses to ping messages transmitted by the transmitting communication device. The transmitting communication device may authenticate the receiving communication device and/or a user of the receiving communication device. The authentication may comprises utilizing transmit power adjustment and/or relative location estimation therefrom to ensure that a separation between the devices does not exceed a maximum value.

Abstract: A mobile device may be operable to collect location data for a RF node and cache the collected location data in the mobile device. Resources that may be utilized for improving the uploading of the cached location data to a location server may be determined by the mobile device. The cached location data may be communicated, to the location server for updating a location database, by the mobile device utilizing the determined resources. The mobile device may determine and utilize an opportunistic transport based on a data usage and/or an access. The mobile device may store a subset of the location database locally for comparing with the cached location data for redundancy. The compared location data may be transmitted by the mobile device to the location server for updating the location database if the compared location data are not redundant data.

Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages standard TPM keys.

Abstract: Secure processing systems providing host-isolated security are provided. An exemplary secure processing system includes a host processor and a virtual machine instantiated on the host processor. A virtual unified security hub (USH) is instantiated on the virtual machine to provide security services to applications executing on the host processor. The virtual USH may further include an application programming interface (API) operable to expose the security services to the applications. A further exemplary secure processing system includes a host processor running a windows operating system for example, a low power host processor, and a USH processor configured to provide secure services to both the host processor and the low power host processor isolating the secure services from the host processor and the low power processor. The USH processor may also include an API to expose the security services to applications executing on the host processor and/or the low power host processor.

Abstract: A user's request via a portable or handheld wireless communication device (HWCD) to process data may result in discovery of one or more networked resources capable of handling the processing. One or more communication routes may be established between one or more discovered network resources and one or more of the HWCD and a networked terminating device. The portable HWCD may be configured as a gateway. The user's identity may be determined and the user's personal networking preferences may be acquired. Based user's preferences, a route may be established between discovered networked resources and one or more of the HWCD and the networked terminating device. The user's identity may be authenticated. Data may undergo rate and/or format conversion. The data may be protected by secure operations. One or more of the HWCD and the networked terminating device may consume or render the requested data.

Abstract: An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token.

Abstract: A multi-radio mobile device comprises a plurality of different radios. When a location update occurs, the multi-radio mobile device, at a specific location, acquires location-based radio information from a remote location server. The multi-radio mobile device selects a radio for use in the specific location based on the acquired location-based radio information comprising available radios in the specific location and radio weights. The radio is selected from the available radios based on the radio weights in the specific location. Transmissions of a desired service are received in the specific location utilizing the selected radio. Location-based radio measurements reports to the remote location server are generated utilizing signal strength measurements for the received signals. Radio quality information of the available radios is calculated by the location server utilizing location-based radio measurement reports from associated users.

Abstract: A transmitting communication device may iteratively adjust its transmit power, and may estimate, based on iterative transmit power adjustment, relative location of a receiving communication device. The transmit power may be initialized to a maximum value, and the transmit power may be iteratively reduced until connectivity with the receiving communication device is lost. The loss of connectivity may be determined based on reception of responses to ping messages transmitted by the transmitting communication device. The transmitting communication device may authenticate the receiving communication device and/or a user of the receiving communication device. The authentication may comprises utilizing transmit power adjustment and/or relative location estimation therefrom to ensure that a separation between the devices does not exceed a maximum value.

Abstract: Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key.

Abstract: One or more methods and systems of sharing an external memory between functional modules of an integrated circuit chip are presented. The invention provides a system and method of reducing the amount of off-chip memory utilized by one or more integrated circuit chips. In one embodiment, a method for sharing an off-chip memory among one or more on-chip functional modules comprises arbitrating the communication of data between one or more on-chip functional modules and the off-chip memory. In one embodiment, the arbitration is facilitated by using an internal data bus that is controlled by a bus arbiter control unit. In one embodiment, a system for sharing an off-chip memory between functional modules of an integrated circuit comprises a security processing module, a media access controller module, a data interface, and a data bus.