Abstract: A method described herein includes acts of executing a cryptographic function over input data utilizing a processor on a computing device and generating a data packet that indicates how the cryptographic function interacts with hardware of the computing device, wherein the hardware of the computing device comprises the processor. The method also includes acts of analyzing the data packet, and generating an indication of security of the cryptographic function with respect to at least one side channel attack based at least in part upon the analyzing of the data packet.

Abstract: A method of masking a cryptographic operation using a secret value, comprising the steps of dividing the secret value into a plurality of parts; combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and utilizing each of the individual parts in the operation.

Abstract: A method and apparatus for preventing compromise of data stored in a memory by assuring the deletion of data and minimizing data remanence affects is disclosed. The method comprises the steps of monitoring the memory to detect tampering, and if tampering is detected, generating second signals having second data differing from the first data autonomously from the first processor; providing the generated second signals to the input of the memory; and storing the second data in the memory. Several embodiments are disclosed, including self-powered embodiments and those which use separate, dedicated processors to generate, apply, and verify the zeroization data.

Abstract: A computer system includes a computer, a fingerprint reader, and a security apparatus to apply complete security for the benefit of an authorized user. The computer includes a first interface, a second interface, an account storage unit, and a fingerprint storage unit. The fingerprint reader can connect with the computer through the first interface for inputting fingerprint information. The security apparatus can connect with the computer through the second interface, and includes a password storage module, a first use module, a password modification module, and a normal use module.

Abstract: A system comprising a platform protected by an always-on always-available security system is described. The system, in one embodiment, includes a core logic component to provide logic to move the platform to an armed mode upon receipt of an arming command, a battery access controller to prevent access to a battery of the platform, when the platform is in the armed mode, a disarming logic to receive a disarming command from a user, the disarming command causing the battery access controller to provide the access to the battery, such that when the platform is disarmed the battery can be accessed, whereby the system prevents removal of the battery when the platform is in the armed mode to ensure that the platform remains powered to perform a security action when needed.

Abstract: The invention describes an electronic device and a method for operating the electronic device. The electronic device includes one or more circuit components. The electronic device further includes one or more fuses and one or more non-volatile memories to disable the access of at least one of the one or more circuit components. Each of the one or more non-volatile memories includes one or more firmware, which are used to program at least one bit to manage the access of the at least one circuit component. The method includes performing a power-up sequence in a power cycle for the electronic device. The method further includes determining a state of circuit and a state of a bit for selectively enabling a test function.

Abstract: The present invention discloses methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management.

Abstract: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.

Abstract: A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time.

Abstract: A computing apparatus having a hard drive storage unit which includes a global positioning system, a non-volatile memory and a compare module. The non-volatile memory stores a permitted zone of operation of the hard drive storage unit while the compare module monitors the current location. If the compare module detects a current location of the hard drive storage unit as tracked by the global positioning system which is outside of the permitted zone of operation as stored in the non-volatile memory, the non-volatile memory contains at least one command implemented by a computer processor that may cause the hard drive storage unit to become disabled.

Abstract: Apparatus and methods protect a memory device from a security attack. A security attack may lead to an unusually high number of security events, such as power cycling of a device hosting the computing system and/or memory device. Power cycling events of the memory device can be counted. A count value can be maintained of power cycling events occurring within a particular period of time. The count value can be compared to a threshold number. Normal operation is permitted if the count value does not exceed the threshold number. A security action is invoked when the count value exceeds the threshold number.

Abstract: In some embodiments, the invention involves protecting a platform using locality-based data and, more specifically, to using the locality-based data to ensure that the platform has not been stolen or subject to unauthorized access. In some embodiments, a second level of security, such as a key fob, badge or other source device having an identifying RFID is used for added security. Other embodiments are described and claimed.

Abstract: A method may include detecting initiation of a power-management mode that suspends the functionality of at least one component of a computing device while maintaining the functionality of the device's memory. The method may also include, before the device enters the power-management mode, (1) identifying, within the device's memory, an encryption key that is required to access encrypted data stored in the device's storage device, and (2) removing the encryption key from the device's memory in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode. The method may also include, upon detecting discontinuation of the power-management mode, (1) obtaining user credentials from a user of the device in order to authenticate the user and, upon successfully authenticating the user, (2) using the user credentials to regenerate the encryption key in order to enable access to the encrypted data stored in the storage device.

Abstract: In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data.

Abstract: A method of masking a cryptographic operation using a secret value, comprising the steps of dividing the secret value into a plurality of parts; combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and utilizing each of the individual parts in the operation.

Abstract: An image processing apparatus includes a job execution unit configured to execute at least one of an input job accompanied by inputting of image data and an output job unaccompanied by inputting of image data, an image data storage unit configured to store image data in a predetermined memory, a reference information storage unit configured to store reference information to the image data stored in the memory in the same memory, and a control unit configured to control the image data storage unit to newly store image data in the memory when the job executed by the job execution unit is an input job, and the reference information storage unit to store the reference information to the image data stored in the memory without newly storing image data in the memory when the job executed by the job execution unit is an output job.

Abstract: A system for increasing a tamper resistance of a digital data processing unit, comprises a first unit (901) comprising processing means (906) for processing the received digital data in dependence on values looked up in at least one look-up table (916) based on values in the received digital data. The system further comprises a second unit (902) comprising means (912) for computing at least one value for inclusion in the digital data causing the first unit (901) to look up at least one predetermined value in the look-up table (916) when processing the digital data. It comprises an inserter (910) for including the at least one value in the digital data, and an output (908) for transmitting the digital data to the first unit.

Abstract: A method of masking a cryptographic operation using a secret value, comprising the steps of dividing the secret value into a plurality of parts; combining with each part a random value to derive a new part such that the new parts when combined are equivalent to the original secret value; and utilizing each of the individual parts in the operation.

Abstract: The present invention relates to methods for sending and receiving security related information during handover on a wireless access system and methods for managing a traffic encoding key (TEK). In one example of the present invention, a security performance negotiation method for supporting the hand-over of mobile handsets comprises the steps of: carrying out, in advance, a security performance negotiation procedure with a first base station (T-ABS), prior to registration on the first base station; generating a traffic encoding key (TEK) by using security related information acquired by means of the security performance negotiation procedure; and carrying out a general performance exchange procedure encoded by means of the TEK and a zone switch with the first base station.

Abstract: In one embodiment of the present invention a secure cryptographic device is provided. The device includes a power supply interface, a cryptographic processing block coupled to the power supply interface, a random number generator, and a complex multiplication circuit. The complex multiplication circuit has an output coupled to the power supply interface for modulating a power variation waveform detectable on the power supply interface. The complex multiplication circuit also has a first input coupled to an output of the random number generator and a second input coupled to the power supply interface.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: The present invention provides a computer implemented method, data processing system, and computer program product to restore an encrypted file. A computer receives a command to restore an encrypted file, wherein the encrypted file was previously backed up. The computer identifies a user associated with the encrypted file. The computer looks up a first keystore of the user based on the user, the first keystore having an active private key. The computer determines that a public key of the encrypted file fails to match an active public key of the first keystore. The computer restores a second keystore of the user to form a restored private key, wherein the second keystore was previously backed up. The computer responsive to a determination that the public key of the encrypted file fails to match the active public key of the first keystore, decrypts the encrypted file encryption key based on the restored private key to form a file encryption key.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: Predetermined information is received from an external device and when receiving the information, an area in which the data stored in the first memory shall be erased is determined corresponding to a battery residual quantity of a power supply unit of the arithmetic processing device, and a data erasing process is controlled and executed with respect to the thus-determined area.

Abstract: A cryptographic module that performs a cryptographic operation is provided with: a register that retains first data related to key data to be used in the cryptographic operation; a register that retains second data without dependency on the first data; a selector that alternately selects and outputs the contents of the register retaining the first data and the register retaining the second data; and a left shift circuit that performs a predetermined shift operation on data outputted from the selector.

Abstract: This microcircuit card includes means for detecting an attack on the card, command means (130) capable of charging a charge pump (120) capable of applying a programming voltage (UP) to command a write operation into a cell (110) of a nonvolatile memory when an attack is detected, and a capacitor (140) arranged so as to be supplied with power during normal operation and to supply said charge pump (120) with power only when an attack is detected. The card (100) being characterized in that said capacitor (140) also supplies power to the command means (130) when an attack is detected.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for storing a password recovery secret on a peripheral such as a power adapter by receiving a password recovery secret at the power adapter via an interface with the computing device, and storing the password recovery secret on a memory in the power adapter. The password recovery secret can be recovered by requesting the password recovery secret from the power adapter, wherein the password recovery secret is associated with a computing device, receiving the password recovery secret from the memory of the power adapter, and recovering a password based on the password recovery secret. The power adapter can include an electrical source interface, an electronic device interface, an intermediate module to adapt electricity between the interfaces, a memory, and a memory interface through which a password recovery secret is received for storage in the memory.

Abstract: An electronic device including an external-memory-medium installing portion in which an external memory medium storing contents data, a display portion for displaying the contents data, a sound generating portion for generating a sound, a power-shut-down-requirement receiving portion for receiving a requirement for shutting-down a power supply to the electronic device, a monitoring portion for determining whether the external memory medium is installed in the external-memory-medium installing portion, a sound-generation commanding portion for commanding command the sound generating portion to generate an alarming sound when the monitoring portion has determined that the external memory medium is not installed in the external-memory-medium installing portion while the contents data are displayed, and a power supply control portion for inhibiting an operation to shut down the power supply to the electronic device when the power-shut-down-requirement receiving portion has received the requirement for shutting do

Abstract: An apparatus connected to a network via a network interface device and capable of executing encrypted communication with an external device on the network requests that a first algorithm to be used in the encrypted communication with the external device is changed to a second algorithm included in the network interface device when the apparatus detects that a condition for shifting to a power saving mode, in which power consumption is smaller than that in a normal power mode, is satisfied while the apparatus is operated in the normal power mode.

Abstract: A server system is provided in which it is possible to avoid an improper operation or malicious operation on, for example, a power switch of a server. In such a system, both a management server and multiple servers are connected to a network. Each multiple server includes: an authentication key storing portion which stores an authentication key; and a management module which compares between data inputted by operating the operation switches and the authentication key stored in the authentication key storing portion, wherein the management module sets the operation switches available if the input data and the authentication key are the same. The management module includes a function of writing the authentication key received from the management server into the authentication key storing portion. The management server includes a virtualized environment software which transmits the authentication key to each of the multiple servers via the network.

Abstract: A method and apparatus for configuring electronic devices is provided. The method includes collecting, at a device management apparatus, user information regarding a user within a predetermined area; and controlling access to an electronic device based on the user information.

Abstract: The present invention is an apparatus and method for associating electronic devices to portable containers. A smart container is a container used for transporting items while traveling and comprising electronic devices. The smart container may comprise at least one module bay configured for receiving a module and a controller comprising a processing device associated with a memory. The controller is electrically associated with the module bay and configured for sending and/or receiving data to/from an electronic device associated with the module bay. The controller may be either an integral component of the smart container or a controller module removably received by the smart container. The smart container further comprises a power source associated with a power bus. The power bus is electrically associated with at least one of (a) a module bay, and (b) the controller.

Abstract: A system and method for authenticating a powered device attached to a power sourcing equipment for power provisioning such as power over Ethernet (PoE) enabled device communicating with a PoE enabled switch. Powered devices such as computing devices, security cameras, VoIP phones, wireless access points, or the like, can be detected by a PoE switch upon connection. Power applied to the powered device is restricted until information received from the powered device is authenticated.

Abstract: A Trusted Service Manager (TSM) receives via a first communication channel from a Service Provider (SP) a request (REQ(MIA)) that contains an application (MIA) together with a unique identifier of a mobile phone (MOB), particularly its telephone number. The mobile phone (MOB) is equipped with a memory device (MIF) that comprises multiple memory sectors being protected by sector keys. Preferably the memory device (MIF) is a MIFARE device. The TSM extracts the application (MIA) and the unique identifier from the received request, assigns destination sector(s) and associated sector key(s) of the memory device (MIF), compiles the application (MIA), the sector key(s) and the sector number(s) of the destination sector(s) into a setup-message (SU(MIA)), encrypts the setup-message and transmits it to either the mobile phone via a second communication channel or the Service Provider via the first communication channel (CN).

Abstract: An authenticating system according to the present invention has a characteristic structure of which an authenticating section 32 of a note type PC 10 and an authenticating section 42 of a battery 20 are directly connected through I/O ports 51 and 61, respectively. Thus, the authenticating system according to the present invention can be relatively easily accomplished using a conventional system. The present invention can be applied to a system that is composed of a plurality of electronic devices that perform an authenticating process.

Abstract: A power on certification method for a personal computer (PC) and a power on certification system thereof are described. The power on method includes the following steps. At least one booting certification device is connected to a PC. The PC is booted, and a basic input output system (BIOS) is run. The BIOS is made to retrieve recognition information of the booting certification device through a verification procedure, so as to judge whether the recognition information is consistent with verification information stored in the PC. After the booting certification device passes through the verification procedure, the PC completes other procedures in the BIOS, and enters an operating system.

Abstract: The present invention relates to a recording and storage means in digital STB (Set Top Box) and PVR (Personal Video Recorder) and method thereof. The digital broadcast receiver for receiving real-time digital broadcast programs comprises: storage means for storing broadcast programs, being attachable and separable to and from a set by a user without taking the set apart; a coupling means for attachment and separation of the storage means to and from a main body of the broadcast receiver; and a connection means as a path for power supply of the storage means, and signal.

Abstract: A method for securely transferring a master key from a host to a terminal, such as an automated teller machine, is disclosed. Each of the host and terminal is initialized with a certificate, signed by a certificate authority, and containing a public key used in used in connection with public key infrastructure communication schemes. An identifier of an authorized host is stored in the terminal. Upon receiving a communication from a host including a host certificate, the terminal validates whether it is already bound to a host, if not, whether the host identifier of the remote host matches the preloaded authorized host identifier, before further communicating with the remote host, including the exchange of certificates. In this way, the terminal is protected against attacks or intruders. Following the exchange of certificates, the host may securely transfer the master key to the terminal in a message encrypted under the terminal's public key.

Abstract: Disclosed is an encryption device for generating a pseudo-random number based on a secret key and generates an encrypted text by applying the pseudo-random number sequence to a plain text, uses, an internal state in accordance with a state based on a permutation of a sequence of a finite number of numeric values, as an internal state used for generation of the pseudo-random number sequence, executes a predetermined leftward or rightward rotate shift, depending on a number smaller than an internal state number, based on the result of linear or non-linear, or combination of linear and non-linear using one or more numeric values of the internal state and sets at least one temporary variable used for generation of the pseudo-random number sequence to be a temporary variable having as a value a result of the execution of the predetermined leftward or rightward rotate shift, and generates the pseudo-random number by a predetermined prescribed operation on one or a plurality of numeric values of the internal state a

Abstract: Embodiments of the invention provide a portable consumer device configured to store dynamic authentication data in memory. The portable consumer device also includes an interface for transmitting data to and receiving power from an external device. The dynamic authentication data is read from the memory by a read-write device located on the portable consumer device. The authentication data is updated and the updated data may be written into memory using the read-write device. In some embodiments, an authentication value read from the memory may be used to generate another authentication value based on an algorithm. The portable consumer device is further configured to transmit authentication data to an external device. The process of reading, updating, generating, transmitting, and rewriting the authentication data may occur each time external power is provided to the portable consumer device via the interface.

Abstract: A system and method for providing a firewall system that prevents a computer from being accessed by an unauthorized user via a computer network. The system includes a switch assembly that connects and disconnects the computer from a computer network. The switch assembly is controlled by the types of data transmissions generated by the computer. If the computer generates a data transmission addressed to the computer network, the switch assembly automatically interconnects the computer to the computer network. If the data transmission generated by the computer includes a data request from some point on the computer network, the interconnection with the computer network is held open until the requested data is received. Once the requested data is received, the switch assembly disconnects the computer from the computer network.

Abstract: Method and apparatus for protecting RFID tags against power attacks by embedding two capacitors in an RFID tag and coupling to the RFID power extraction and computational circuitry to be operated so that at any given time during normal operation of the RFID tag one of them is coupled to the power extraction circuitry of the RFID tag and is storing energy that is being generated by the charge pump of the tag by sucking energy from the electromagnetic or magnetic field of a tag reader, and the other one is uncoupled from the power extraction circuitry of the RFID tag and is discharging and powering the computational element of the tag chip.

Abstract: A memory device that has a function used to continue or disrupt a supply of electric power used to retain data stored in a recording medium or a supply of operating electric power of a circuit used to read out data stored in a storage medium, using personal identification information is provided. When the recording medium is formed of a volatile memory, this memory device has a power supply used to manage a supply of electric power that is used for retention of the stored data using the personal identification information and to retain or erase stored data by continuation or disruption of a supply of electric power by use of the personal identification information.

Abstract: A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system.

Abstract: A credential caching system includes receiving a set of authentication credentials, storing the set of authentication credentials in a credential cache memory, wherein the credential cache memory is coupled with a management controller, and supplying the set of authentication credentials for automatic authentication during a reset or reboot. In the event of a security breach, the credential caching system clears the set of authentication credentials from the credential cache memory so that the set of authentication credentials may no longer be used for a reset or reboot.

Abstract: Theft deterrence and secure mobile platform subscription techniques for wireless mobile devices are described. An apparatus may comprise a removable secure execution module arranged to connect with a computing platform for a wireless mobile device. The removable secure execution module may comprise a first processing system to execute a security control module. The security control module may be operative to communicate with a security server over a wireless channel on a periodic basis to obtain a security status for the wireless mobile device. The security control module may output control directives to control operations for one or more components of the computing platform based on the security status. Other embodiments are described and claimed.

Abstract: An exemplary electronic device includes a detecting component and a storage unit. The detecting component generates detecting signals when the electronic device has been disassembled. The storage unit stores disassemble history information based on detecting signals received from the detecting component.

Abstract: An electronic control device and method for operating an electric roller shutter include establishing a wireless connection between the electronic control device and an electronic device if a preset login password is input. The electronic control device provides an operation interface to the electronic device, and receives a function instruction from the electronic device if a function key on the operation interface is pressed. The electric roller shutter is operated by the electronic control device according to the received function instruction.

Abstract: A cryptographic system with a modular architecture. Memory modules make it possible to store information concerning authentication keys, data and commands, including a secure memory module for containing the keys with integrity checking and an emergency erase function. Various types of algorithm modules perform cryptographic functions of the cryptographic system by executing the commands stored in at least one memory module. External interface modules are utilized that make it possible to produce the link between the cryptographic system and external devices, through a standard or proprietary input/output bus. A control unit is responsible for the supervision of the various algorithm modules and the management of the keys, and a central interconnect module assures handling of secure exchanges between blocks.

Abstract: A wireless security authentication system comprises a wireless element configured to determine validity of a user credential to enable use of a computing system, the wireless element powered by inductive coupling.