Abstract: A reconfigurable digital wallet device such as a smart card containing a secure element and acting as an instantiation of a subset of a virtual wallet stored in the cloud. The digital wallet device is managed and synchronized with the virtual wallet in the cloud using a mobile device such as a smartphone.

Abstract: A method for secure transactions on a mobile handset or tablet equipped with a touch screen controlled by a secure processor such as a master secure element or Trusted Execution Environment having gesture recognition capabilities. Since the touch screen is fully controlled by the secure processor, the user can securely enter the transaction amount using gestures to validate the transaction.

Abstract: A smartcard communicating simultaneously with a smart phone and a point of sale, thereby allowing the smartcard to act as a bridge between the point of sale and the smart phone. The smart card is typically powered by the point of sale and typically communicates with the smart phone using BLUETOOTH Low Energy (BLE).

Abstract: Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.

Abstract: A card reader has an input interface for accepting output from an output interface of transaction card, and a tip-ring pin as an integral part of the card reader, adapted to plug into a microphone port of a cellular telephone. The input interface accepts data from the transaction card, and provides that data to the tip-ring pin as an analog, variable-voltage signal.

Abstract: An apparatus includes a transaction card bearing data and having an output interface capable of transmitting the data, a card reader having an input interface enabled to accept the data from the output interface of the transaction card, conversion circuitry converting the card data to an analog modulated signal, and an output pin from the card reader adapted to engage in a microphone port of a computerized appliance, the output pin providing the analog modulated signal to the port, and thence to the computerized appliance.

Abstract: Disclosed is a method of generating a structure comprising at least one virtual machine, the method comprising: obfuscating a first virtual machine source code, thereby yielding a first obfuscated virtual machine (OVM) source code; associating a processor identifier with the first OVM source code, thereby yielding a processor-specific first OVM source code; compiling the processor-specific first OVM source code, thereby yielding a processor-specific first OVM. Furthermore, a structure generated by said method is disclosed.

Abstract: The master secure element comprises a processor, a memory and a logic unit and at least controls the user input of the handset in order to secure the user authentication based on PIN entry. The PIN code is entered directly into the secure element with no possibility for the host processor to intercept the code or for a malware program to inject the code into the master secure element.

Abstract: There is disclosed a device for facilitating a transaction, comprising at least one host component, a communication controller and a secure element, said communication controller being communicatively coupled to the host component and to the secure element, wherein said communication controller is arranged to establish a communication with an external transaction device, and wherein said communication controller is further arranged to operate in a secure mode of operation in which the communication controller inhibits the host component from performing transactions with said transaction device and does not inhibit the secure element to perform transactions with said transaction device. Furthermore, there is disclosed a corresponding method for facilitating a transaction, as well as a corresponding computer program product.

Abstract: An apparatus includes a transaction card bearing data and having an output interface capable of transmitting the data, a card reader having an input interface enabled to accept the data from the output interface of the transaction card, conversion circuitry converting the card data to an analog modulated signal, and an output pin from the card reader adapted to engage in a microphone port of a computerized appliance, the output pin providing the analog modulated signal to the port, and thence to the computerized appliance.

Abstract: Disclosed is a method of generating a structure comprising at least one virtual machine, the method comprising: obfuscating a first virtual machine source code, thereby yielding a first obfuscated virtual machine (OVM) source code; associating a processor identifier with the first OVM source code, thereby yielding a processor-specific first OVM source code; compiling the processor-specific first OVM source code, thereby yielding a processor-specific first OVM. Furthermore, a structure generated by said method is disclosed.

Abstract: A security process involves log-in and data exchange between a server and a user operating a computerized appliance. The process requires a user-specific token, independent verification of the server execution within a programmed time window. A hash created at the client side is reproduced at the server side from separate data and compared to the client hash. Too much time or incorrect hash denies access.

Abstract: A security process involves log-in and data exchange between a server and a user operating a computerized appliance. The process requires a user-specific token, independent verification of the server execution within a programmed time window. A hash created at the client side is reproduced at the server side from separate data and compared to the client hash. Too much time or incorrect hash denies access.

Abstract: A smartcard communicating simultaneously with a smart phone and a point of sale, thereby allowing the smartcard to act as a bridge between the point of sale and the smart phone. The smart card is typically powered by the point of sale and typically communicates with the smart phone using BLUETOOTH Low Energy (BLE).

Abstract: A reconfigurable digital wallet device such as a smart card containing a secure element and acting as an instantiation of a subset of a virtual wallet stored in the cloud. The digital wallet device is managed and synchronized with the virtual wallet in the cloud using a mobile device such as a smartphone.

Abstract: The master secure element comprises a processor, a memory and a logic unit and at least controls the user input of the handset in order to secure the user authentication based on PIN entry. The PIN code is entered directly into the secure element with no possibility for the host processor to intercept the code or for a malware program to inject the code into the master secure element.

Abstract: In accordance with the invention, in order to validate a transaction on a mobile handset, PC, tablet or similar device, a user closes the loop between a non-secure display controlled by a host processor and a secure keypad controlled by a secure processor such as a master secure element or trusted execution environment. The user validates the transaction by entering on the secure keypad the data shown on the non-secure display. The transaction is validated because the user only enters the data that the user agrees to and only the user is able to enter the data.

Abstract: A method for secure transactions on a mobile handset or tablet equipped with a touch screen controlled by a secure processor such as a master secure element or Trusted Execution Environment having gesture recognition capabilities. Since the touch screen is fully controlled by the secure processor, the user can securely enter the transaction amount using gestures to validate the transaction.

Abstract: Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.

Abstract: Systems, devices and/or methods that facilitate mutual authentication for processor and memory pairing are presented. A processor and a suitably equipped memory can be provided with a shared secret to facilitate mutual authentication. In addition, the memory can be configured to verify that the system operating instructions have not been subjected to unauthorized alterations. System integrity can be ensured according to the disclosed subject matter by mutual authentication of the processor and memory and verification of the authenticity of system operating instructions at or near each system power up. As a result, the disclosed subject matter can facilitate relatively low complexity assurance of system integrity as a replacement or supplement to conventional techniques.