Abstract: A user's request via a portable or handheld wireless communication device (HWCD) to process data may result in discovery of one or more networked resources capable of handling the processing. One or more communication routes may be established between one or more discovered network resources and one or more of the HWCD and a networked terminating device. The portable HWCD may be configured as a gateway. The user's identity may be determined and the user's personal networking preferences may be acquired. Based user's preferences, a route may be established between discovered networked resources and one or more of the HWCD and the networked terminating device. The user's identity may be authenticated. Data may undergo rate and/or format conversion. The data may be protected by secure operations. One or more of the HWCD and the networked terminating device may consume or render the requested data.

Abstract: A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE.

Abstract: Embodiments of the present disclosure describe a system and method for providing anti-replay protection. One embodiment describes a system comprising: a security device; and an anti-replay protected flash device comprising: a flash memory array; an authentication unit; and a secure memory, wherein the authentication unit and the secure memory are disposed in a security boundary.

Abstract: Embodiments of the present disclosure describe an apparatus, method, and computer readable medium for processing a secure transaction. One embodiment describes an apparatus comprising: a processor; a secure element coupled to the processor; and a connectivity device coupled to the secure element, and configured to exchange communications with a device that is external to the apparatus, and receive and execute one or more unsolicited commands from the secure element.

Abstract: A security architecture in which a security module is integrated in a client machine, wherein the client machine includes a local host that is untrusted. The security module performs encryption and decryption algorithms, authentication, and public key processing. The security module also includes separate key caches for key encryption keys and application keys. A security module can also interface a cryptographic accelerator through an application key cache. The security module can authorize a public key and an associated key server. That public key can subsequently be used to authorize additional key servers. Any of the authorized key servers can use their public keys to authorize the public keys of additional key servers. Secure authenticated communications can then transpire between the client and any of these key servers. Such a connection is created by a secure handshake process that takes place between the client and the key server.

Abstract: A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory.

Abstract: A thin-client embedded secure element, which includes a processor and a memory coupled to the processor, and a proxy client. The thin-client embedded secure element also includes a storage device including an identification uniquely identifying the thin-client secure element. The proxy client is configured to receive a request for the secured data from a module in the client device, establish a secure communication channel with a proxy server coupled to the computing device over a network, request the secured data from the proxy server using the identification, and provide the secured data to the module of the client device.

Abstract: Systems and methods for embedded tamper mesh protection are provided. The embedded tamper mesh includes a series of protection bond wires surrounding bond wires carrying sensitive signals. The protection bond wires are positioned to be vertically higher than the signal bond wires. The protection wires may be bonded to outer contacts on the substrate while the signal bond wires are bonded to inner contacts, thereby creating a bond wire cage around the signal wires. Methods and systems for providing package level protection are also provided. An exemplary secure package includes a substrate having multiple contacts surrounding a die disposed on an upper surface of the substrate. A mesh die including a series of mesh die pads is coupled to the upper surface of the die. Bond wires are coupled from the mesh die pads to contacts on the substrate thereby creating a bond wire cage surrounding the die.

Abstract: A servicing communication device may receive a subset of a location reference database that is maintained by a plurality of location servers, and may provide location related data to a mobile device that is communicatively coupled to the servicing communication device based on the received subset. The servicing communication device may determine capabilities and/or requirements of the mobile device, and may generate the location related data based on that determination. The servicing communication device may determine attributes and/or parameters that may affect determination of the subset of the location reference database. The subset of location reference database may be requested based on the determined attributes and/or parameters. The attributes and/or parameters may comprise a location of the servicing communication device.

Abstract: A mesh grid protection system is provided. The system includes assertion logic configured to transmit a first set of signals on a first set of grid lines and a second set of grid. lines. The system also includes transformation logic to transform the first set of signals to generate a second set of signals, to transmit the second set of signals on a third set of grid lines that are coupled to the first set of grid lines, and to transmit the second set of signals on a fourth set of grid lines that are coupled to the second set of grid lines. In addition, the system includes verification logic; to compare the second set of signals on the third and fourth set of grid lines to an expected set of signals.

Abstract: Methods and systems provide secure functions for a mobile client. A circuit may include a memory configured to store a server access key and a first function authentication key. The circuit may also include authentication circuitry configured to access the server access key to authenticate access to a server to download a function capsule comprising a first function and to access the first function authentication key to authenticate use of the first function of the function capsule.

Abstract: Systems and methods for securing a credential generated by or stored in an authentication token during an attempt to access a service, application, or resource are provided. A secure processor receives a credential from an authentication token and securely stores the credential. The secure processor then verifies the identity of the individual attempting to use the authentication token and cryptographically verifies the identity of the server being accessed. The credential is only released for transmission to the server if both the identity of the individual and the identity of the server are successfully verified. Alternatively, a secure connection is established between the secure processor and the server being accessed and a secure connection is established between the secure processor and a computing device. The establishment of the secure connections verifies the identity of the server. After the secure connections are established, the identity of the user is verified.

Abstract: Whenever a mobile device in a building is within proximity of a RF communication device, the mobile device may be operable to receive location information transmitted, for example by broadcasting it, from a RF communication device. The transmitted location information comprises altitude information of the RF communication device. At least an altitude of the mobile device may be determined based on the received altitude information of the RF communication device. The RF communication device may be located in an elevator car and/or on a particular floor in the building. Whenever the RF communication device is located in the elevator car, the altitude information of the RF communication device may be received by the RF communication device from an elevator controller. In instances when the RF communication device also transmits its latitude/longitude (LAT/LON), the mobile device may be operable to determine a 3-dimentional (3D) location of the mobile device.

Abstract: A GNSS enabled mobile device moves from a first area where GNSS signal quality and/or level is above a threshold to a second area where GNSS signal quality and/or level is below the threshold. The GNSS enabled mobile device in the second area determines its own location utilizing previous GNSS measurements in the first area. GNSS signals are received to calculate GNSS measurements whenever the GNSS enabled mobile device is in the first area. The calculated GNSS measurements are utilized to determine a location of the GNSS enabled mobile device within the first area. The GNSS enabled mobile device in the second area utilizes the most current GNSS measurements in the first area to determine its own location. Sensors such as an image sensor, a light sensor, an audio sensor and/or a location sensor are used to refine the location of the GNSS enabled mobile device in the second area.

Abstract: Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.

Abstract: A mobile device may be operable to determine, based on a known location of the mobile device, a location for a RF communication device that communicates with the mobile device, whenever the mobile device is within proximate range of the RF communication device. The determined location for the RF communication device may be stored in a location database in a location server and/or a memory in the RF communication device. The stored location of the RF communication device may then be used to determine a location for other mobile devices that may communicate with the RF communication device and are within proximate range of the RF communication device. The RF communication device may comprise a radio-frequency identification (RFID) device and/or a near field communication (NFC) device. The determined location for the RF communication device may comprise the known location of the mobile device.

Abstract: An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token.

Abstract: A system and method for the secure storage of executable code and the secure movement of such code from memory to a processor. The method includes the storage of an encrypted version of the code. The code is then decrypted and decompressed as necessary, before re-encryption in storage. The re-encrypted executable code is then written to external memory. As a cache line of executable code is required, a fetch is performed but intercepted. In the interception, the cache line is decrypted. The plain text cache line is then stored in an instruction cache associated with a processor.

Abstract: A wireless communication device determines its location and communicates the location to other local devices utilizing a nonstandard, standard and/or proprietary protocol in combination with another protocol such as a Bluetooth, RFID, IEEE 802.11 and/or a cellular phone protocol. The location may be determined utilizing a GNSS receiver and/or network device information. A new location may be determined based on the determined location, a relative distance and/or a relative direction to other local devices. Determined location information may be communicated to other devices via a network. The wireless communication device may receive locations and/or corresponding location uncertainties from devices located within a limited range. The received information is utilized to determine a more accurate location. The more accurate location is communicated back to the devices within the limited range and/or to other communication devices.

Abstract: A system and method is provided for handling data in wireless communication devices where data may be captured and linked to a personal journal via indexing and mapping of context data tags abstracted from captured data. The captured data may be retrieved by matching a query to one or more context data tags indexed and mapped to the personal journal. A user preference utilizing one or more of the context data tags linked to the personal journal may facilitate captured data retrieval. The captured data may include multimedia data of an event pre-tagged with indexed information such as user ID, time, date, location and environmental condition or optionally one or more user's biometric data in response to the event. The pre-tagged captured data may be stored in the local host device or transferred to a remote host or storage for later retrieval or post processing.