Abstract: A security protocol for use by computing devices communicating over an unsecured network is described. The security protocol makes use of secure data provided to a peripheral memory device from a server via a secure connection. When the peripheral memory device is coupled to a computing device that attempts to establish a secure connection to the server, the secure data is used to verify that the server is authentic. Similarly, the secure data assists the server in verifying that the request to access the server is not being made by a malicious third party.

Abstract: Techniques for security module endorsement are provided. An example method includes receiving a generalized endorsement key at a security module, wherein the security module is associated with a computing device and wherein the generalized endorsement key is independent of characteristics of the computing device, automatically extending integrity measurements stored in one or more registers of the security module with information characterizing the computing device, wherein the integrity measurements are based on one or more software processes at the computing device, digitally signing the extended integrity measurements with a digital signature, and generating a specialized endorsement credential as a combination of the digitally signed extended integrity measurements, the digital signature and the generalized endorsement key, wherein the specialized endorsement credential is used to validate authenticity of the security module.

Abstract: Systems and methods for enterprise platform verification are provided. In some aspects, a computing device includes a trusted platform module (TPM). The TPM includes an endorsement key (EK) physically embedded in the TPM. The TPM includes an attestation identity key (AIK), the AIK being used to verify that at least one TPM-protected key different from the EK and different from the AIK is generated at the TPM and is non-migratable. The TPM includes an enterprise machine key (EMK), the EMK being certified by the AIK, the EMK being uniquely associated with the client computing device, and the EMK being generated during enrollment of the client computing device with an enterprise and remaining active until a factory reset of the client computing device.

Abstract: A security protocol for use by computing devices communicating over an unsecured network is described. The security protocol makes use of secure data provided to a peripheral memory device from a server via a secure connection. When the peripheral memory device is coupled to a computing device that attempts to establish a secure connection to the server, the secure data is used to verify that the server is authentic. Similarly, the secure data assists the server in verifying that the request to access the server is not being made by a malicious third party.

Abstract: A security protocol for use by computing devices communicating over an unsecured network is described. The security protocol makes use of secure data provided to a peripheral memory device from a server via a secure connection. When the peripheral memory device is coupled to a computing device that attempts to establish a secure connection to the server, the secure data is used to verify that the server is authentic. Similarly, the secure data assists the server in verifying that the request to access the server is not being made by a malicious third party.

Abstract: Electronic transactions employing prior art approaches of digital certificates and authentification are subject to attacks resulting in fraudulent transactions and abuse of identity information. Disclosed is a method of improving electronic security by establishing a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a predetermined portion of the request from the institution for a signature upon a personalized device that cannot be intercepted or manipulated by malware to verify that the request as displayed upon the user's primary computing device is valid.

Abstract: Aspects of the subject technology relate to systems, methods, and machine-readable media for performing a cryptographic operation. A system can be configured to submit a request, to a security device, for a decrypted user encryption key, wherein the security device is configured to decrypt the user encryption key by unbinding the user encryption key using a user authorization key. The system can receive, in response to the submitted request, the decrypted user encryption key and decrypt authorization data for a cryptographic key using the decrypted user encryption key. The system can submit a request for the security device to load the cryptographic key, wherein authorization data is used to authorize the request, and submit a request for the security device to perform a cryptographic operation using the loaded cryptographic key.

Abstract: A set of commands is provided to a system for execution in order to modify a security related aspect of the system. The system executes the set of commands absent an intervening command being executed, for example by receiving a first command comprising a data portion, extracting a security rights modification command set comprising commands for initiating a secure session and for closing the secure session, and automatically executing the security rights modification command set with a processor, absent other security rights commands being executed. Initiating the secure session may comprise authentication, and the security rights modification command set may provide for security parameters modifiable only during a secure session.

Abstract: A method of improving electronic security establishes a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a first predetermined portion of a branded watermark, for instance an advertisement, provided from the institution in conjunction with the request, and a second predetermined portion of the branded watermark being provided upon a personalized device that cannot be intercepted or manipulated by malware, allowing the user to verify that the request as displayed upon the user's primary computing device is valid.

Abstract: A method of improving electronic security establishes a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a first predetermined portion of a branded watermark, for instance an advertisement, provided from the institution in conjunction with the request, and a second predetermined portion of the branded watermark being provided upon a personalized device that cannot be intercepted or manipulated by malware, allowing the user to verify that the request as displayed upon the user's primary computing device is valid.

Abstract: A method of improving electronic security establishes a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a first predetermined portion of a branded watermark, for instance an advertisement, provided from the institution in conjunction with the request, and a second predetermined portion of the branded watermark being provided upon a personalized device that cannot be intercepted or manipulated by malware, allowing the user to verify that the request as displayed upon the user's primary computing device is valid.

Abstract: A method of improving electronic security establishes a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a first predetermined portion of a branded watermark, for instance an advertisement, provided from the institution in conjunction with the request, and a second predetermined portion of the branded watermark being provided upon a personalized device that cannot be intercepted or manipulated by malware, allowing the user to verify that the request as displayed upon the user's primary computing device is valid.

Abstract: Electronic transactions employing prior art approaches of digital certificates and authentification are subject to attacks resulting in fraudulent transactions and abuse of identity information. Disclosed is a method of improving electronic security by establishing a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a predetermined portion of the request from the institution for a signature upon a personalized device that cannot be intercepted or manipulated by malware to verify that the request as displayed upon the user's primary computing device is valid.

Abstract: A set of commands is provided to a system for execution in order to modify a security related aspect of the system. The system executes the set of commands absent an intervening command being executed.

Abstract: A security protocol for use by computing devices communicating over an unsecured network is described. The security protocol makes use of secure data provided to a peripheral memory device from a server via a secure connection. When the peripheral memory device is coupled to a computing device that attempts to establish a secure connection to the server, the secure data is used to verify that the server is authentic. Similarly, the secure data assists the server in verifying that the request to access the server is not being made by a malicious third party.