Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A server includes: an authentication module to send, to a remote client device, a server authentication certificate; an accreditation certificate stored in a pre-defined location on the server, wherein the pre-defined location is accessible to the remote client device; wherein the accreditation certificate indicates a condition that the server authentication certificate needs to meet in order for the server authentication certificate to be accepted for authentication by the remote client device.

Abstract: Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.

Abstract: Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed.

Abstract: A secure memory card with encryption capabilities comprises various life cycle states that allow for testing of the hardware and software of the card in certain of the states. The testing mechanisms are disabled in certain other of the states thus closing potential back doors to secure data and cryptographic keys. Controlled availability and generation of the keys required for encryption and decryption of data is such that even if back doors are accessed that previously encrypted data is impossible to decrypt and thus worthless even if a back door is found and maliciously pried open.

Abstract: Device, system, and method of digital-rights-management (DRM). In some embodiments, a device may include a DRM agent to manage the utilizing of a content object including secured digital content based on a rights object related to the content object, wherein based on at least one restriction defined in the rights object, the agent is to cause the device to present supplemental content of at least one supplemental content object when the content object is utilized. Other embodiments are described and claimed.

Abstract: A secure memory card with encryption capabilities comprises various life cycle states that allow for testing of the hardware and software of the card in certain of the states. The testing mechanisms are disabled in certain other of the states thus closing potential back doors to secure data and cryptographic keys. Controlled availability and generation of the keys required for encryption and decryption of data is such that even if back doors are accessed that previously encrypted data is impossible to decrypt and thus worthless even if a back door is found and maliciously pried open.

Abstract: A method is disclosed for protecting secret data, which is intended to be processed by an original function, from being deduced by a side-channel attack upon execution of the original function by an electronic computing device. The method includes creating hardware circuitry which replaces the original function with one or more pairs of replacement functions, by applying a predetermined masking algorithm which performs a recursive protection process. Further disclosed is an apparatus for protecting secret data, which is intended to be processed by an original function, from being deduced by a side-channel attack upon execution of the original function by an electronic computing device.

Abstract: A device with mass storage capability that uses a readily available non secure memory for the mass storage but has firmware (and hardware) that provides security against unauthorized copying of data. This is true even though the firmware itself is stored in the non secure mass storage memory, and therefore potentially vulnerable to hacking. An indication of the authenticity of the firmware must be present before it will be executed by the device. This protects the device contents from unauthorized duplication or tampering. Additional functionality can be added to the device with additional firmware applications, and the authenticity of those additional applications will also be verified before they will be executed. This further prevents unauthorized copying or tampering of secure content through any mechanisms that may be unscrupulously introduced. Any data within the mass storage memory may also be encrypted.

Abstract: Device, system, and method of power trace obfuscation. In some embodiments an integrated circuit may include a signal modifier to introduce a pseudo-randomly selected modification to a state-transition pattern of at least one signal, which is related to internal processing of data within the integrated circuit. Other embodiments are described and claimed.

Abstract: Some demonstrative embodiments of the invention include a method, device and/or system of selectively allowing a host processor to access a host-executable code. A host apparatus may include, for example, a host processor; and a protected memory module comprising: a memory to maintain a host-executable code to be executed by the host processor; and a memory controller to authenticate the host-executable code, and to selectively allow the host processor to access the host-executable code based on an authenticity of the host-executable code. Other embodiments are described and claimed.