Abstract: Embodiments described herein relate to a device operable to process input for a picture password for proof of knowledge. In some embodiments, the device includes a display, an input subsystem, processor(s), and memory containing instructions executable by the processor(s) such that the device is operative to display, on the display of the device, an image for the picture password proof of knowledge. The image is associated with an overlaid grid comprising a plurality of elements, and each element corresponds to a distinct area of the image. The device is further operative to, determine an offset to be used and, in response to receiving an input via the input subsystem at a first location of the display, highlight an element of the overlaid grid at a second location on the first image on the display. The second location is offset from the first location by the offset.

Abstract: Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.

Abstract: A system is for a proof of knowledge enrollment or authentication. The system includes a processor having an input, an output and a routine; and a display having an image from the output of the processor. The routine is structured to input from the input of the processor a plurality of different position selections and/or a plurality of different path selections on the image. The routine is further structured to authenticate the proof of knowledge as a function of the plurality of different position selections and/or the plurality of different path selections on the image.

Abstract: A system is for a proof of knowledge enrollment or authentication. The system includes a processor having an input, an output and a routine; and a display having an image from the output of the processor. The routine is structured to input from the input of the processor a plurality of different position selections and/or a plurality of different path selections on the image. The routine is further structured to authenticate the proof of knowledge as a function of the plurality of different position selections and/or the plurality of different path selections on the image.

Abstract: A storage device with hardened security features has a storage medium, an interface, and a controller. The interface is adapted to communicatively couple the storage device to a host system. The controller is within the storage device and is adapted to read and to write information to and from the storage medium. The controller is adapted to require a security partition authorization from a manufacturer of the storage device before executing a security partition creation command received over the interface.

Abstract: A system is for a proof of knowledge enrollment or authentication. The system includes a processor having an input, an output and a routine; and a display having an image from the output of the processor. The routine is structured to input from the input of the processor a plurality of different position selections and/or a plurality of different path selections on the image. The routine is further structured to authenticate the proof of knowledge as a function of the plurality of different position selections and/or the plurality of different path selections on the image.

Abstract: A storage device has a storage medium and a processor. The processor is disposed within the storage device and is adapted to receive multiple commands as a command block over an interface. The processor is adapted to extract each of the multiple commands from the single block for execution on the storage device.

Abstract: A storage device with hardened security features for safe execution of scripts has a storage medium, an interface, a set of safe commands, and a script interpreter. The interface is adapted to communicatively couple the storage device to a host system and to transport interface commands and information between the host system and the storage device. The set of safe commands is stored on the storage medium. The script interpreter is disposed within the storage device for processing scripts based on one or more received interface commands. The script interpreter is adapted to enforce a strict ordering of script execution and to terminate script execution and roll back any changes associated with the script execution if an interface command invokes a script in violation of the strict ordering.

Abstract: A storage device has a storage medium, a controller, and a session manager. The storage medium is partitioned into one or more security partitions. The controller is adapted to read and write data to and from the storage medium and to enable security sessions over an interface between one or more host systems and one or more security partitions. The session manager within the storage device is adapted to monitor parameters associated with the one or more security sessions.

Abstract: The present methods and systems use specially isolated techniques for promoting security in a computer system. In one embodiment of these methods and systems, a simple file system is concealed in the storage of the computer system and is managed with a processor and simple non-writeable code operating on the storage device. Strong cryptographic design permits the present computer security methods and systems to secure data on the storage device. In one method embodiment, a computer system is provided with an operating system in operative association with at least one storage device, wherein the storage device includes firmware and a processor for processing data and instructions stored on the storage device. The method includes creating at least one security partition in, and restricting access to, at least a portion of the storage device by the operating system. The method also includes creating at least one security partition in the storage device.

Abstract: A messaging system and method are associated with a first device. The messaging system includes a plurality of credentials and a plurality of authorities. Each authority associates at least one of a plurality of protocol operations with at least one of the plurality of credentials. The messaging system is adapted to receive an initiating message from a second device, which identifies at least one of the authorities, and responsively implements a security protocol for further messages between the first and second devices in accordance with the identified authority.

Abstract: An access control system and method are provided, which include a plurality of authorities, a plurality of access control elements and an access control list. Each authority associates at least one of a plurality of proof of knowledge operations with at least one of a plurality of proof of knowledge credentials. Each access control element identifies a Boolean combination of at least one of the authorities. The access control list identifies one or more of the access control elements by which a method to be executed can be authenticated.

Abstract: A clock object is provides, which includes a clock time and a monotonic time that are readable by the electronic device. The monotonic time is incremented every read of the monotonic time from the clock object. The clock object can also include an indication of a level of trust of the clock time.

Abstract: A data storage apparatus comprising a storage medium having a plurality of physical memory locations referenced through logical block addresses, and a secure partition having a table including at least one range of logical block addresses and identifying one or more functions that can be applied to the logical block addresses by an authorized entity. A method of access control performed by the apparatus is also included.

Abstract: The present methods and systems use specially isolated techniques for promoting security in a computer system. In one embodiment of these methods and systems, a simple file system is concealed in the storage of the computer system and is managed with a processor and simple non-writeable code operating on the storage device. Strong cryptographic design permits the present computer security methods and systems to secure data on the storage device. In one method embodiment, a computer system is provided with an operating system in operative association with at least one storage device, wherein the storage device includes firmware and a processor for processing data and instructions stored on the storage device. The method includes creating at least one security partition in, and restricting access to, at least a portion of the storage device by the operating system. The method also includes creating at least one security partition in the storage device.

Abstract: A storage device has a storage medium and a processor. The processor is disposed within the storage device and is adapted to receive multiple commands as a command block over an interface. The processor is adapted to extract each of the multiple commands from the single block for execution on the storage device.

Abstract: A storage device has a storage medium, a controller, and a session manager. The storage medium is partitioned into one or more security partitions. The controller is adapted to read and write data to and from the storage medium and to enable security sessions over an interface between one or more host systems and one or more security partitions. The session manager within the storage device is adapted to monitor parameters associated with the one or more security sessions.

Abstract: A storage device with hardened security features has a storage medium, an interface, and a controller. The interface is adapted to communicatively couple the storage device to a host system. The controller is within the storage device and is adapted to read and to write information to and from the storage medium. The controller is adapted to require a security partition authorization from a manufacturer of the storage device before executing a security partition creation command received over the interface.

Abstract: A storage device with hardened security features for safe execution of scripts has a storage medium, an interface, a set of safe commands, and a script interpreter. The interface is adapted to communicatively couple the storage device to a host system and to transport interface commands and information between the host system and the storage device. The set of safe commands is stored on the storage medium. The script interpreter is disposed within the storage device for processing scripts based on one or more received interface commands. The script interpreter is adapted to enforce a strict ordering of script execution and to terminate script execution and roll back any changes associated with the script execution if an interface command invokes a script in violation of the strict ordering.

Abstract: A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption and re-encryption (transcription) is performed substantially independently of the host computer. In addition, a data storage device, readable by a computer system, for implementing the above method for protecting information is provided.