Abstract: A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.

Abstract: A storage device contains a smart-card device and a memory device, both of which are accessed though a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data in various partitions corresponding to the protection level of the data stored therein. The smart-card device stores critical security parameters that are provided to the controller to protect access to some or all of the partitions of the memory device. A host connected to the controller issues commands, and the controller analyzes the commands and responds to them in various ways depending upon the nature of the command. In particular, depending upon the nature of the command, the controller may either pass the command to the smart-card device, or ignore the command either indefinitely or until a predetermined event has occurred.

Abstract: A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.

Abstract: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.

Abstract: A system and method for establishing uniqueness in type definition names. Each application vendor has associated therewith a unique data sequence. The data sequence is combined with the type definition name and then a digital operation is performed to produce a unique digital identifier that is used in place of the type name.

Abstract: Updating the access control of a smart card at multiple points of the smart card life cycle. The system and method for updating the access control mechanisms during the smart card life cycle includes implementing an interface having a method for providing access control and a method for registering an access manager as an active access manager. In response to a request to register an access manager, the system and method executes the method for determining whether registering the access manager may be allowed.

Abstract: A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.

Abstract: A system and method of operating a device connected to a host computer in a manner to preserve knowledge of logon authentication status to the host computer. Upon initialization of the device perform a pattern matching operation of an instruction sequence received by the second microcontroller. When the instruction sequence matches a prestored sequence indicative of performance of a logon process on the host computer tracking a logon state by the second microcontroller. Exchanging the logon state between the second and first microcontrollers such that when the second microcontroller resets, the second microcontroller may recover the logon state from the first microcontroller. Other systems and methods are disclosed.

Abstract: A system and method of operating a device to securely update the control firmware controlling the device. Downloading a firmware update package to a first microcontroller of the device. Determining a firmware update portion and an encrypted hash portion of the firmware update package wherein the encrypted hash portion is cryptographically signed by a signatory. Confirm that the encrypted hash portion conforms to the firmware update by independently computing the hash of the encrypted firmware update portion on the first microcontroller and comparing that value to the signed hash. Other systems and methods are disclosed.

Abstract: A system and method to control a device having at least one configurable parameter. Enumerating the device as a first peripheral device and as a second peripheral device wherein the first peripheral device corresponds to a first microcontroller connected to a storage medium and the second peripheral device corresponds to a second microcontroller. Controlling the at least one configurable parameter of the first microcontroller with respect to the storage medium by the second microcontroller. On initialization of the device, transmitting the at least one configurable parameter from the second microcontroller to the first microcontroller. Other systems and methods are disclosed.

Abstract: A storage device contains a smart-card device and a memory device, both connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data in various partitions. One of these partitions may be a read-only partition that is normally accessible only for read accesses. However, it may sometimes be necessary to update or supplement the data stored in the read-only partition. This is accomplished by a host issuing an appropriate command to the storage device, which may be accompanied by an identifier for an appropriate level of authorization. The controller then changes the attribute of the read-only partition from “read-only” to “read/write” to allow data to be written to the partition. Upon completion, the controller changes the attribute of the partition back to read-only.

Abstract: A system and method to control a device having at least one configurable parameter. Enumerating the device as a first peripheral device and as a second peripheral device wherein the first peripheral device corresponds to a first microcontroller connected to a storage medium and the second peripheral device corresponds to a second microcontroller. Controlling the at least one configurable parameter of the first microcontroller with respect to the storage medium by the second microcontroller. On initialization of the device, transmitting the at least one configurable parameter from the second microcontroller to the first microcontroller. Other systems and methods are disclosed.

Abstract: A storage device contains a smart-card device and a memory device, both of which are accessed though a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data in various partitions corresponding to the protection level of the data stored therein. The smart-card device stores critical security parameters that are provided to the controller to protect access to some or all of the partitions of the memory device. A host connected to the controller issues commands, and the controller analyzes the commands and responds to them in various ways depending upon the nature of the command. In particular, depending upon the nature of the command, the controller may either pass the command to the smart-card device, or ignore the command either indefinitely or until a predetermined event has occurred.

Abstract: In general, the invention relates to a converter. The converter includes logic for reading annotations in a source program, where the annotations provide a mapping between method names for methods invoked using messages in a legacy protocol and a native protocol. The converter further includes logic for creating a mapping data structure using the annotations to provide a mapping between method invoking instructions in the legacy protocol and method invoking instructions in the native protocol.

Abstract: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.

Abstract: A method and system for providing support for legacy protocols for remote method invocation on a computer system. An annotation in program source is used to build a mapping data structure appended to the executable program. During execution of an executable program legacy protocol messages are translated using the mapping data structure.

Abstract: A method and system for providing support for legacy protocols for remote method invocation on a computer system. An annotation in program source is used to build a mapping data structure appended to the executable program. During execution of an executable program legacy protocol messages are translated using the mapping data structure.

Abstract: A data processing system which includes memory, a processor connected to the memory, and logic for causing the processor to perform a method for executing computer code having a plurality of transactions within the computer code. The method includes steps for examining the computer code being executed for a change in observable state; for storing data for the executed computer code that are part of the plurality of transactions within the computer code; for maintaining a pointer to the logical beginning of the stored data and maintaining a pointer to the end of the stored data for the last transaction within the computer code to be fully executed; and responsive to detecting a change in observable state, for committing a portion of the stored data.

Abstract: A system and method for establishing uniqueness in type definition names. Each application vendor has associated therewith a unique data sequence. The data sequence is combined with the type definition name and then a digital operation is performed to produce a unique digital identifier that is used in place of the type name.

Abstract: A smart card which includes a non-volatile read/write memory, a processor connected to the memory, and an installer module configured to cause the processor to receive computer code having method bodies into the memory, and further configured to cause the processor to perform a method for determining the instruction boundaries of the method bodies and resolving unresolved references within the method bodies.