Abstract: A router management server may be utilized to manage a plurality of home routers. Appropriate access control rules may be determined by the router management server for various client devices including IoT devices based on the type and/or make/model of the client devices. MAC address-bound WLAN passphrases may be assigned to the client devices and bound to the MAC addresses associated the client devices. Further, WLAN passphrases may be associated with expiration periods and/or access control rules. Therefore, a secure home network environment that takes into account the vulnerabilities of IoT devices may be achieved without the involvement of an IT department. Moreover, Flexibility of WLAN passphrase management may be improved.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: A system for the maintenance and creation of security tunnels between IoT devices and IoT cloud servers, comprising the steps of receiving one or more packets from one or more IoT devices in a smart router, routing the one or more packets to an agent within the router, the agent performing one or more services on the one or more packets, routing the one or more packets to a WAN port of the router, and sending the one or more packets by a cloud secure tunnel to one or more IoT cloud servers. The system may have secure tunnels that are formed between the IoT devices using a unique password for each IoT device. The additional step of selectively stopping communication between the IoT devices and the router, wherein when the communication of one IoT device to the router is compromised, the remaining tunnels with unique passwords are integral.

Abstract: A method includes: decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, where a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and where the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; decrypting, in the device, the second subset of encrypted data using the cryptographic device key to produce second plain text; encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.

Abstract: Disclosed is a device that obtains and stores a secret key. The device may comprise a transceiver configured to: transmit a command for a secret key to a server; transmit an identifier to the server; and receive a wrapped secret key from the server. The device may further comprise: a storage device; and a processor. The processor may be coupled to the transceiver and the storage device and the processor may be configured to: receive the wrapped secret key from the transceiver; unwrap the wrapped secret key to obtain the secret key; and store the secret key in the storage device.

Abstract: A system for the maintenance and creation of security tunnels between IoT devices and IoT cloud servers, comprising the steps of receiving one or more packets from one or more IoT devices in a smart router, routing the one or more packets to an agent within the router, the agent performing one or more services on the one or more packets, routing the one or more packets to a WAN port of the router, and sending the one or more packets by a cloud secure tunnel to one or more IoT cloud servers. The system may have secure tunnels that are formed between the IoT devices using a unique password for each IoT device. The additional step of selectively stopping communication between the IoT devices and the router, wherein when the communication of one IoT device to the router is compromised, the remaining tunnels with unique passwords are integral.

Abstract: A processor for processing data from a buffer memory, implemented in hardware, may allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range. Further, the processor may block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.

Abstract: Technologies for updating a processing device, where a first device image is stored in a first (non-volatile) memory. When a new second device image is received via a communication interface, a first boot of the device is performed and a boot loader performs security processing on the second device image. Once security processing has passed, the second device image is set as a trial image and executed. The executed image is monitored to determine if predetermined operational parameters in the device are met. If the parameters are met, the second device image is set as a current image and the first device image is deactivated. A second boot is performed to make the new image operational for the device and the anti-rollback version one-time programmable fuses are blown. If the parameters are not met, the device revers to the first device image.

Abstract: Disclosed is an apparatus and method to securely activate or revoke a key. For example, the apparatus may comprise: a storage device to store a plurality of pre-stored keys; a communication interface to receive an activate key command and a certificate associated with one of the pre-stored keys; and a processor. The processor may be coupled to the storage device and the communication interface and may be configured to: implement the activate key command to reboot the apparatus with the pre-stored key and the certificate; and determine if the reboot is successful.

Abstract: Disclosed is a method and apparatus to decrypt file segments in parallel. In one embodiment, an integrated circuit may be used with a storage device of a computing device that comprises: a hardware interface to communicate with the storage device; a crypto-engine to encrypt file segments to be stored on the storage device and to decrypt file segments read from the storage device; and a processor. The processor may be configured to: read a plurality of decrypted file segments from the storage device through the crypto-engine in parallel; and to store the plurality of decrypted file segments.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: System and method for providing adaptive access to a hardware block on a computer system.

Abstract: A secure boot method includes: obtaining a certificate digest at a digest processor from a write-once, always-on memory; calculating a flash digest using the digest processor by cryptographically processing a sensitive information image; and comparing, using the digest processor, the flash digest with the certificate digest.

Abstract: According to embodiments the disclosure, a router management server may be utilized to manage a plurality of home routers. Appropriate access control rules may be determined by the router management server for various client devices including IoT devices based on the type and/or make/model of the client devices. MAC address-bound WLAN passphrases may be assigned to the client devices and bound to the MAC addresses associated the client devices. Further, WLAN passphrases may be associated with expiration periods and/or access control rules. Therefore, a secure home network environment that takes into account the vulnerabilities of IoT devices may be achieved without the involvement of an IT department. Moreover, embodiments of the disclosure improve the flexibility of WLAN passphrase management.

Abstract: According to embodiments the disclosure, a router management server may be utilized to manage a plurality of home routers. Appropriate access control rules may be determined by the router management server for various client devices including IoT devices based on the type and/or make/model of the client devices. MAC address-bound WLAN passphrases may be assigned to the client devices and bound to the MAC addresses associated the client devices. Further, WLAN passphrases may be associated with expiration periods and/or access control rules. Therefore, a secure home network environment that takes into account the vulnerabilities of IoT devices may be achieved without the involvement of an IT department. Moreover, embodiments of the disclosure improve the flexibility of WLAN passphrase management.

Abstract: According to embodiments the disclosure, a router management server may be utilized to manage a plurality of home routers. Appropriate access control rules may be determined by the router management server for various client devices including IoT devices based on the type and/or make/model of the client devices. MAC address-bound WLAN passphrases may be assigned to the client devices and bound to the MAC addresses associated the client devices. Further, WLAN passphrases may be associated with expiration periods and/or access control rules. Therefore, a secure home network environment that takes into account the vulnerabilities of IoT devices may be achieved without the involvement of an IT department. Moreover, embodiments of the disclosure improve the flexibility of WLAN passphrase management.

Abstract: Techniques for preventing circumvention of digital rights management protections on electronic content are provided. A method according to these techniques includes receiving a content stream, obtaining samples from the content stream, generating a histogram based on the samples from the content stream, classifying the content stream as including audio content or non-audio content based on the histogram, and modifying portions of the content stream responsive to classifying the content stream as including non-audio content. The content stream can be modified such that any video content included in the content stream would be rendered unplayable, while audio content included in the content stream remains playable.

Abstract: Disclosed is a device that obtains and stores a secret key. The device may comprise a transceiver configured to: transmit a command for a secret key to a server; transmit an identifier to the server; and receive a wrapped secret key from the server. The device may further comprise: a storage device; and a processor. The processor may be coupled to the transceiver and the storage device and the processor may be configured to: receive the wrapped secret key from the transceiver; unwrap the wrapped secret key to obtain the secret key; and store the secret key in the storage device.

Abstract: This disclosure describes devices, systems and techniques relating to a dongle device that is designed to provide broadcast video capabilities to an electronic device. In one example, a dongle device is configured to communicatively couple to an electronic device, wherein the dongle device comprises a multimedia receiver that receives a broadcast that includes multimedia data, and a web server that communicates the multimedia data to a web browser of the electronic device.

Abstract: Techniques for managing certificates on a computing device are provided. An example method according to these techniques includes receiving an image file comprising a hash value of a certificate on which a certificate action is to be performed, the certificate action being a revocation action or an activation action, the image file having been signed by a signing certificate, determining whether the image file has been signed by a valid certificate by comparing a hash value of the signing certificate to a plurality of hash values associated with certificates stored in a one-time programmable memory of the computing device, and performing the certificate action, responsive to the image file having been signed by the valid certificate and the certificate on which the certificate action is to be performed having been found in the memory, by setting a value of an indicator associated with the certificate in the memory.