Abstract: Configurations and techniques for a research study management system are disclosed, enabling deployment of an extensible, reproducible, and deployable template for use in assessment, intervention, or other research studies. In an example, a technique to configure a template to use in a research project includes associating the template with one or more instruments to collect project data, associating the template with one or more tools to process the collected project data, associating the template with a data set definition, and defining one or more rules of operation for the template. In a further example, a technique to deploy the template for use in a research project includes defining a schedule based on the template, defining a plurality of configuration parameters of one or more instruments, and deploying the template to engage a human study participant to perform data collection activities via the one or more instruments.

Abstract: A media drive system (310) configured for use with a media drive (314) that performs read/write operations relative to a media cartridge (316) includes a system housing (312). The system housing (312) includes a housing body (312A) and a controller (350) that is secured to the housing body (312A). The controller (350) is configured to control functionality of the tape drive (314). More specifically, the inclusion of the controller (350) as part of the system housing (312) enables the media drive system (310) to achieve greatly enhanced functionality. For example, the media drive system (310) can greatly enhance the speed of various desired read/write operations performed within the media drive (314), especially when the requested files or file segments are not necessarily initially provided in sequential order on the media cartridge (316). The controller (350) can include one or both of a processor (352) and a memory system (354).

Abstract: Server resources in a data center are disaggregated into shared server resource pools, which include a pool of secure processors. Advantageously, servers are constructed dynamically, on-demand and based on a tenant's workload requirements, by allocating from these resource pools. According to this disclosure, secure processor modules for new servers are allocated to provide security for data-in-use (and data-at-rest) in a dynamic fashion so that virtual and non-virtual capacity can be adjusted in the disaggregate compute system without any downtime, e.g., based on workload security requirements and data sensitivity characteristics. The approach herein optimizes an overall utilization of an available secure processors resource pool in the disaggregated environment. The resulting disaggregate compute system that is configured according to the approach cryptographically-protects workload data whenever it is outside the CPU chip.

Abstract: Systems, methods, and computer-readable storage media for improved data comparison, particularly when scanning large amounts of data for particular conditions or configurations. With respect to cyber-security, this improvement takes the form of receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the commonalities, a hierarchy for scanning of the cyber threats; and scanning for the cyber threats according to the hierarchy.

Abstract: A computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event, the computer program product comprising: a non-transitory tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising: receiving data comprising a plurality m of multidimensional datapoints (MDDPs), each data point having n features; constructing a dictionary D based on the received data; embedding dictionary D into a lower dimension embedded space; and classifying, based in the lower dimension embedded space, an MDDP as an anomaly or as normal.

Abstract: A computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event, the computer program product comprising: a non-transitory tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising: receiving data comprising a plurality m of multidimensional datapoints (MDDPs), each data point having n features; constructing a dictionary D based on the received data; embedding dictionary D into a lower dimension embedded space; and classifying, based in the lower dimension embedded space, an MDDP as an anomaly or as normal.

Abstract: Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.

Abstract: Aspects of the subject disclosure may include, for example, determining whether communications are encrypted, determining a communication type for the communications according to sensitivity criteria, encrypting the communications according to the communication type to generate encrypted communications, and transmitting to a second network device the encrypted communications. Other embodiments are disclosed.

Abstract: A device, such as a payment reader, may include one or more units capable of providing access to sensitive data. Such units may be connected to each other through tamper traces. A secure unit can send known keys or key-value pairs between the units using a multi-directional protocol. The keys or key-value pairs are then compared by the secure unit to monitor or detect a tamper event.

Abstract: A method for detecting a phishing web page. The method, executable at a sever, comprises detecting at least one unique web page attribute that allows to identify a known phishing web page as a phishing web page; analyzing, by the server, the known phishing web page to determine at least one additional unique attribute indicative of the known phishing web page targeting a phishing target web resource; generating, by the server, at least one phishing detection rule that is based on the at least one unique attribute and the at least one additional attribute; storing the at least one phishing detection rule; receiving a new web page to be checked for phishing; applying the at least one phishing detection rule for analyzing the new web page; in response to the analyzing rendering a positive outcome, identifying the new web page as a phishing web page.

Abstract: A conductor on glass security layer may be located within a printed circuit board (PCB) of a crypto adapter card or within a daughter card upon the crypto adapter card. The conductor on glass security layer includes a glass dielectric layer that remains intact in the absence of point force loading and shatters when a point load punctures or otherwise contacts the glass dielectric layer. The conductor on glass security layer also includes a conductive security trace upon the glass dielectric layer. A physical access attempt shatters a majority of the glass dielectric layer, which in turn fractures the security trace. A monitoring circuit that monitors the resistance of the conductive security trace detects the resultant open circuit or change in security trace resistance and initiates a tamper signal that which may be received by one or more computer system devices to respond to the unauthorized attempt of physical access.

Abstract: In one embodiment, a device in a network maintains a plurality of machine learning-based detectors for an intrusion detection system. Each detector is associated with a different portion of a feature space of traffic characteristics assessed by the intrusion detection system. The device provides data regarding the plurality of detectors to a user interface. The device receives an adjustment instruction from the user interface based on the data provided to the user interface regarding the plurality of detectors. The device adjusts the portions of the feature space associated with the plurality of detectors based on the adjustment instruction received from the user interface.

Abstract: Method for providing a secure mode for mobile applications including: configuring which applications should be available in secure mode; defining in the mobile operating system kernel, rules and privileges for applications defined for the secure mode; checking continuously if the secure mode is enabled by the user; if the security mode is enabled by the user, then the operating system kernel searches all processes and applications running on the operating system, suspend) the system applications not configured to be available in secure mode, hides the protected application, restricts inter-process communications and enforce privilege escalation events and enables access to application files protected by the protected application user Id; and if the security mode is disabled by the user, then the kernel releases all processes and applications that were stopped by the secure mode and denies any access to the protected application files.

Abstract: Systems and methods are provided and include a sensor that is configured to generate a first link key data packet. A control module of a vehicle is configured to generate a second link key data packet. In response to (i) a first authenticated response of the first link key data packet matching a second authenticated response of the second link key data packet and (ii) a user device being connected to a communication gateway of the control module by a Bluetooth low energy (BLE) communication link, the sensor is configured to communicate signal information to the control module using a hardwire link that electrically couples the control module and the sensor. The signal information includes information corresponding to physical characteristics of the BLE communication link.

Abstract: A method including extracting, from initial data transmitted on a network, multiple events, each of the events including a user accessing a resource. First and second sets of records are created, each first set record including a sub-group of the events of a user, each second set record including a sub-group of the events of a multiple users during respective sub-periods of a training period. Safe labels are assigned to the first set records and suspicious labels are assigned to the second set records. An analysis fits, to the first and the second set records and their respective labels, a model for predicting the label for a given record. The model filters subsequent network data to identify, in the subsequent data, sequences of events predicted to be labeled suspicious by the model, and upon detecting a given sequence of events predicted as suspicious by the model, an alert is generated.

Abstract: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set of current feature vectors and the at least one decision boundary. The classification result may indicate, for example, whether a monitoring node status is normal, attacked, or faulty.

Abstract: Methods, apparatuses, and embodiments related to improving security of data that is stored and distributed over a data network. In an example, source data to be protected is partitioned into multiple files, and each file is obfuscated, such as by being encrypted, to created multiple obfuscated data files. Information as to how each obfuscated data file was obfuscated is stored in an associated trace file. The multiple obfuscated data files are moved around a data network via a data movement process that includes sending each of the multiple obfuscated data files to a different randomly selected computer, where the computer further obfuscates the obfuscated data the trace file, and sends the further obfuscated data and trace file to a next randomly selected computer. In an example, the various operations for improving security may be performed by an integrated circuit, such as a system-on-chip (SoC) or application-specific integrated circuit (ASIC).

Abstract: A system and method are disclosed for controlling a restricted ecosystem of software applications. The method may include originating software applications from a vendor, associating a collection of the software applications with a user, controlling the distribution of the collection of software applications to the user, controlling access to the collection of software applications based on user credentials, and controlling the installing and updating of the collection of software applications. The method may additionally include executing a first software application from the collection of software applications, executing a second software application, and transferring data from the first software application to the second software application. The method may additionally include transferring data from the first software application to a web service.

Abstract: A method may include initiating a static analysis of code, identifying an opaque function during the static analysis, and modeling the opaque function by: generating, using an abstract state of the static analysis, sample inputs for the opaque function, collecting outputs for the opaque function by executing, using the abstract state, the opaque function with the sample inputs, and updating the abstract state using the outputs.

Abstract: An integrated circuit includes functional circuitry such as a processing core, memory interfaces, cryptographic circuitry, etc. The integrated circuit also includes protection circuitry to protect the functional circuitry of the integrated circuit against attacks by hidden channels. The protection circuitry, for each of a series of successive periods of time, selects a configuration of the functional circuitry from a set of configurations of the functional circuitry, sets a duration of the period of time, and applies the selected configuration of the functional circuitry for the set duration of the period of time.

Abstract: Disclosed herein are new methods and systems for detecting obfuscated programs. We build a recursive traversal disassembler that extracts the control flow graph of binary files. This allows us to detect the presence of interleaving instructions, which is typically an indication of the opaque predicate anti-disassembly trick. Our detection system uses some novel features based on referenced instructions and the extracted control flow graph that clearly distinguishes between obfuscated and normal files. When these are combined with a few features based on file structure, we achieve a very high detection rate of obfuscated files.

Abstract: The disclosure provides a client device for hearing device communication and related method. The client device comprises a processing unit, a memory unit, and an interface. The processing unit is configured to send a session request for a session to the hearing device via the interface. The processing unit is configured to receive a session response from the hearing device via the interface. The processing unit is configured to obtain a session key based on e.g. the session response. The processing unit is configured to determine hearing device data and/or to generate session data e.g. based on the session key and the hearing device data. The processing unit is configured to send the session data to the hearing device via the interface.

Abstract: A method for firmware debug trace capture includes creating a hand-off block (“HOB”), capturing first debug trace statements during a boot sequence of a computer and writing the first debug trace statements to the HOB. A trace memory buffer can be created and the first debug trace statements can be copied from the HOB to the trace memory buffer. Second debug trace statements are captured during the boot sequence and appended to the trace memory buffer. In some configurations, the first debug trace statements can be written to the HOB during the pre-Extensible Firmware Interface initialization (“PEI”) phase of the boot sequence and the second debug trace statements can be written to the trace memory buffer during the driver execution (“DXE”) phase of the boot sequence.

Abstract: The system and method for secure sharing of a source code is disclosed. The method comprises. The method comprises receiving a source code associated with an application, and a defect identification number associated with a defective feature in the application. The method comprises identifying a defective feature of an application and non-defective features of the application based on a defect investigation methodology. The method comprises generating a checkout ID associated with the application and further generates a secured second set of source code based on one of an encryption methodology and an obfuscating methodology. The method further comprises providing a secured source code to a third party for debugging the defective feature in the application.

Abstract: A method executable via operation of configured processing circuitry to identify applications by remote monitoring may include initiating remote communication with a target device through an access point, the access point providing network access to the target device, providing a series of ping messages to the target device via the access point to determine a delay signature of an application running on the target device, comparing the delay signature of the application to a plurality of malware traffic signatures stored in a malware traffic signature library, and determining a matching score between the delay signature of the application and at least some of the malware traffic signatures.

Abstract: A method for generating target winning numbers is provided. The method implemented by a first node includes: receiving, in a first period of time, n encrypted random parameters sent by n second nodes in a system, where n is a positive integer; receiving, in a second period of time, n mapping relationships and n keys that are sent by the n second nodes, where each mapping relationship is a one-to-one mapping relationship between an encrypted random parameter and a key; and decrypting, in a third period of time, the n encrypted random parameters by using the n mapping relationships and the n keys, to obtain a target random parameter set, and generating target winning numbers by using the target random parameter set, so that each node can generate the winning numbers and verify impartiality of the winning numbers, thereby increasing randomness of a random parameter.

Abstract: Embodiments described herein are related to providing an improved quality of experience (QoE) for users consuming video content. An improved QoE may be provided to a user by allocating an appropriate bandwidth at which content is provided to the user. The appropriate bandwidth may be determined by an application function of the communications network used to provide the content to the user. The application function analyzes messages received from the content provider to determine characteristics of the content, determines the appropriate bandwidth accordingly, and generates a policy control rule to be enforced by the communications network when transmitting the content. Alternatively, a mobile device used to engage in the content determines the appropriate bandwidth at which video is to be transmitted thereto. The determined bandwidth is provided to the application function, which generates a policy control rule to be enforced by the communications network based on the determined bandwidth.

Abstract: An integrated circuit device includes first and second semiconductor die and a physically unclonable function (PUF). The second semiconductor die is attached, at least partially, to the first semiconductor die using the PUF. The PUF includes a plurality of conductive paths formed between the first semiconductor die and the second semiconductor die. The PUF controller is coupled to the PUF for generating a digital value based on a characteristic of each conductor of the plurality of conductive paths. The digital value logically binds the first semiconductor die to the second semiconductor die. The first semiconductor die may include a nonvolatile memory and the digital value may be an encryption key for encrypting data stored in the nonvolatile memory.

Abstract: Techniques of implementing out-of-band data erasure verification in computing systems are disclosed herein. In one embodiment, a method includes receiving a verification instruction from a system administrator. In response to and based on the received verification instruction, the method includes selecting a set of persistent storage devices to which data erasure verification is to be performed. The method also includes relaying the verification instruction to additional computing devices in additional enclosures, thereby causing data erasure verification on one or more additional persistent storage devices in the additional enclosures be performed generally in parallel to performing data erasure verification on the subset of persistent storage devices in one of the enclosures.

Abstract: An adaptive standalone secure software that is going to be distributed/sold to users potentially all over the world. By placing in a secure server some of the features of the secure software, the security of such software is increased. The software will adapt to the current user and conditions of usage by moving the appropriate software features to and from the secure server. A public key cryptography (or asymmetric key) algorithm technique is used for the communication between the protected software and the secure server. This patent also includes an analysis of intruders and describes possible responses to detected threats including covert actions. This patent is Cyber-Ecologically aware.

Abstract: In a method and system for responding to an unauthorized action on a mobile communications device, a cryptographic key is destroyed. The destruction of the cryptographic key is followed by initiating a boot sequence at the mobile communications device where the device is booted into a kernel that restricts operation of the mobile communications device to communications with a server.

Abstract: Described is a system for protecting sensitive information that is hardcoded in polynomial-size ordered binary decision diagram (POBDD) form. A software executable represented as a POBDD having sensitive information embedded therein is obfuscated into an obfuscated POBDD. An input query on the obfuscated POBDD is evaluated, and the sensitive information is revealed only if the input query is a correct input. Thus, an adversary is prevented from extracting the sensitive information embedded in the POBDD.

Abstract: A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

Abstract: Systems and methods for securing communications in a playback device using a key base and at least one key contribution in accordance with embodiments of the invention are disclosed. In one embodiment, a process includes generating a key base using a decryption key and at least one key contribution, where the decryption key can be recovered using the key base and the at least one key contribution, receiving the key base, receiving the at least one key contribution, sending the key base to a decryption module, sending the key contribution to a control module, performing a control feature on the piece of content using the control module, providing the key contribution to the decryption module when the control feature is performed, generating the decryption key using the key base and the at least one key contribution, and accessing at least a portion of the piece of content.

Abstract: An apparatus for intrusion detection includes processing circuitry, a switch, signal detection circuitry, and an analog-to-digital converter (“ADC”). The processing circuitry is coupled to send a challenge signal to a device when the device is coupled to the processing circuitry. The switch is coupled to be enabled and disabled by the processing circuitry. The switch is for coupling to the device to receive a response signal in response to the challenge signal sent by the processing circuitry. The signal detection circuitry is coupled to receive the response signal in via the switch, when the processing circuitry enables the switch. The ADC is coupled to take measurements of the signal detection circuitry at a first output. The processing circuitry is coupled to the ADC and configured to analyze whether an intruder is present in the device based on the measurements of the signal detection circuitry.

Abstract: The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.

Abstract: A method for integrating a new secure datacenter into a data storage network is provided. The method detects, by an accessible datacenter connected to the data storage network, the new secure datacenter connected to the data storage network, wherein the new secure datacenter includes a high security level that prevents user access, and wherein the accessible datacenter includes a decreased security level that permits user access; expands a storage layer in the accessible datacenter, by increasing available storage hardware of the accessible datacenter; connects a data pipeline from the new secure datacenter to the storage layer in the accessible datacenter, wherein the data pipeline comprises dedicated servers configured to buffer data, orchestrate a cluster of servers, and push data from the new secure datacenter to the accessible datacenter; and provides end user access to the storage layer.

Abstract: A flash memory device includes a flash memory configured to store a plurality of pages and a control circuit coupled to the flash memory. The control circuit is configured to retrieve data from a page of the flash memory, determine a number of zeroes or ones of the retrieved data, determine whether the number is between a first value and a second value, and determine that the retrieved data has one or more errors based on determining that the number is not between the first value and the second value.

Abstract: A device protects an incoming multimedia signal with a protection that is controllable and configured for enabling or disabling an application for an interface protection on an outgoing signal coming from the incoming signal. An output interface is configured for delivering the outgoing signal on an output. An authorization process is performed for authorizing or otherwise a control over the enabling or disabling of the interface protection application depending on security rules.

Abstract: A computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event, the computer program product comprising a non-transitory tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising receiving data comprising a plurality m of multidimensional datapoints (MDDPs), each data point having n features, constructing a dictionary D based on the received data, embedding dictionary D into a reduced dimension embedded space and classifying, based in the reduced dimension embedded space, an MDDP as an anomaly or as normal.

Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon that is white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. The affine mapping A is constructed by a construction method coordinated with the invertible mappings c1, c2, and etc.

Abstract: A storage system and method for improved command flow are provided. In one embodiment, a storage system receives a request from a host for an indication of which command(s) stored in the storage system are ready for execution; in response to the request, provides the host with the indication of which command(s) stored in the storage system are ready for execution; receives an instruction from the host to execute a command that is ready for execution; and in response to the instruction from the host to execute the command, performs both of the following: executes the command and provides the host with an updated indication of which command(s) stored in the storage system are ready for execution, wherein the storage system provides the host with the updated indication without receiving a separate request from the host for the updated indication. Other embodiments are provided.

Abstract: The present disclosure discloses a method and apparatus for inserting a disk. The method comprises: detecting whether a to-be-inserted disk has a drive letter identifier, wherein the drive letter identifier is acquired by a server through: acquiring a universally unique identifier of the disk; querying a correspondence between the universally unique identifier and a device name, acquiring the device name of the disk, analyzing the device name of the disk to generate a drive letter value of the disk, and generating a drive letter identifier for the disk; acquiring the drive letter value in response to detecting the disk identifier; determining whether the device name associated with the drive letter value is allocated to a different disk; and defining the device name of the disk based on the drive letter value so as to insert the disk if the device name is not allocated to the different disk.

Abstract: A method of performing an equality check in a secure system, including: receiving an input v having a known input property; splitting the input v into t secret shares vi where i is an integer index and t is greater than 1; splitting an input x into k secret shares xi where i is an integer index and k is greater than 1; splitting the secret shares xi into a s chunks resulting in s·k chunks yj where j is an integer index; calculating a mapping chain t times for each secret share vi, wherein the mapping chain including s·k affine mappings Fj, wherein yj and Fj?1(yj?1) are the inputs to Fj and the F0(y0)=vi; and determining if the outputs have a known output property indicating that the input x equals a desired value.

Abstract: The present invention discloses a video signal switching circuit and switching method. The switching circuit includes: a regulating circuit connected to a first cable and configured to regulate the first cable to be in a pull-up state or a released state; a detection circuit connected to the first cable and configured to detect a first voltage value on the first cable when the first cable is in the pull-up state or detect a second voltage value on the first cable when the first cable is in the released state; and a controller configured to determine a change in the first voltage value or the second voltage value from the detection circuit, wherein the controller controls a second cable to transmit the video signal when determining that the second voltage value increases, or the controller controls the first cable to transmit the video signal when determining that the first voltage value decreases.

Abstract: Approaches for providing security in a networked computing environment are provided. The method includes detecting, by at least one computer device, a breach of a first system in the networked computing environment. The method also includes identifying a second system in the in the networked computing environment as an at-risk system based on a proximity of the second system to the first system. The method additionally includes re-generating, by the at least one computer device, the second system as a new system at a new location in the networked computing environment. The method further includes converting, by the at least one computer device, the second system to a decoy system.

Abstract: The invention relates to a method and an apparatus for designing a circuit suitable for generating random bits and to a circuit for generating random bits. A random bit string which is used as a binary random number is generated, for example. The proposed method and the apparatus as well as the circuit are used to implement random number generators, for example. A jth specific function from a set of bijective mappings is selected as the jth function, wherein the jth specific function carries out a jth fixed-point-free mapping. At least one ith mapping device is then selected. An ith specific function from a set of bijective mappings is assigned to the ith function, with the result that an ith concatenation of the i functions carries out an ith fixed-point-free mapping.

Abstract: In order to validate a user to facilitate conducting a high-valued financial transaction via wireless communication between an electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the electronic device may authenticate the user prior to the onset of the high-valued financial transaction. In particular, a secure enclave processor in a processor may provide local validation information that is specific to the electronic device to a secure element in the electronic device when received local authentication information that is specific to the electronic device (such as a biometric identifier of the user) matches stored authentication information. Moreover, an authentication applet in the secure element may provide the local validation information to an activated payment applet in the secure element. This may enable the payment applet to conduct the high-valued financial transaction via wireless communication, such as near-field communication.

Abstract: An information processing apparatus includes an information holding unit that holds pieces of information acquired from an external apparatus; an execution unit that reads a partial program having specific information, among the pieces of information acquired from the external apparatus, described therein, and executes a program including the partial program with reference to the pieces of information held in the information holding unit.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.