Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer. The secure portable device includes a read-only memory partition, a read/write memory partition, and a secure memory partition. The secure portable device includes instructions stored in the read-only partition including a host agent containing instructions executable by the host computer. The secure portable device also includes instructions stored in the secure memory partition. These instructions include a card agent containing instructions executable by central processing units secure portable electronic device, and includes a card agent communications module for communicating with the host agent; and a security module for accessing private information stored in the secure memory partition.

Abstract: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.

Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer. The secure portable device includes a read-only memory partition, a read/write memory partition, and a secure memory partition. The secure portable device includes instructions stored in the read-only partition including a host agent containing instructions executable by the host computer. The secure portable device also includes instructions stored in the secure memory partition. These instructions include a card agent containing instructions executable by central processing units secure portable electronic device, and includes a card agent communications module for communicating with the host agent; and a security module for accessing private information stored in the secure memory partition.

Abstract: Secure authentication of a user on a host computer to a web server including a security device acquiring trust or a security context from the web server. The security device is operable of providing an X.509 certificate to a browser plug-in on the host computer. The browser plug-in on the host computer performing authentication of the security device and in response providing user credentials to the security device. The security device performing authentication of the user and requests a security context from the web server. In response, the web server provides a security context to the security device. The security device delegates the web server trust by transmitting the context to the host computer and enabling the user to securely access resources on the web server.

Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit. The secure portable device communicates with the host computer via a host agent program executing on the host computer from the secure portable device. Periodically, the host agent and a corresponding program executing on the secure portable device, cooperate to verify the integrity and authenticity of the host agent program, for example, in conjunction with exchanging a new session key. Other systems and methods are disclosed.

Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer. The secure portable device includes a read-only memory partition, a read/write memory partition, and a secure memory partition. The secure portable device includes instructions stored in the read-only partition including a host agent containing instructions executable by the host computer. The secure portable device also includes instructions stored in the secure memory partition. These instructions include a card agent containing instructions executable by central processing units secure portable electronic device, and includes a card agent communications module for communicating with the host agent; and a security module for accessing private information stored in the secure memory partition.

Abstract: Patching of software application. A software application is stored on a smart card as partitions and is loaded from the smart card into the memory of a host computer to which the smart card is connected. The software application is executed on the host computer; which using the instructions of the software application establishes a communications channel between the software application and a remote patch server containing a patch for at least one partition of the software application. Upon detecting that a patch is available for the at least one partition of the software application, downloading the at least one partition from the remote server into volatile memory allocated to the software application on the host computer via the first communications channel, and uploading the at least one partition from the volatile memory allocated to the software application to the smart card. Other systems and methods are disclosed.

Abstract: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.

Abstract: Secure authentication of a user on a host computer to a web server including a security device acquiring trust or a security context from the web server. The security device is operable of providing an X.509 certificate to a browser plug-in on the host computer. The browser plug-in on the host computer performing authentication of the security device and in response providing user credentials to the security device. The security device performing authentication of the user and requests a security context from the web server. In response, the web server provides a security context to the security device. The security device delegates the web server trust by transmitting the context to the host computer and enabling the user to securely access resources on the web server.