Abstract: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.

Abstract: A system and method for authenticating suspect code includes steps of: receiving the suspect code for a first instance of a trusted platform module; loading the suspect code into a trusted platform module device operatively associated with a processor, wherein the suspect code is loaded outside of a shielded location within the trusted platform module device; retrieving a validation public key from a table and storing it in a register in the trusted platform module device, the validation public key indexed by the suspect code; and retrieving a hash algorithm from the table, the hash algorithm indexed by the suspect code. The hash algorithm is run to derive a first hash value; then, using the validation public key, the second hash value is decrypted to derive a second decrypted hash value. The two hash values are compared; and upon determining a match, the suspect code is loaded into the shielded location of the processor for execution by the processor.

Abstract: An apparatus, system, and method are disclosed for authentication of a core root of trust measurement chain. The apparatus for authentication of a CRTM chain is provided with a plurality of modules configured to carry out the steps of retrieving a decryption key from a predetermined location on the device selected for authentication, decrypting an authentication signal using the decryption key, and communicating the decrypted authentication signal to a user. In the described embodiments, these modules include a retrieval module, a decryption module, and a communication module. Beneficially, such an apparatus, system, and method would reliably verify that a link in the CRTM chain has not been corrupted, modified, or infected with a computer virus. Specifically, such an apparatus, system, and method would enable verification that the hypervisor has not been corrupted, modified, or infected with a computer virus.

Abstract: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.

Abstract: An apparatus, system, and method are disclosed for securely authorizing changes to a transaction restriction. A security module securely stores encryption keys for a payment instrument. The payment instrument electronically transacts payments and includes a transaction restriction. An authentication module receives an authentication from a user of the payment instrument. The security module validates the authentication with a first encryption key. In addition, the security module authorizes a change to the transaction restriction using a second encryption key if the authentication is valid. The security module resides on a computer that the user designates as authorized to validate the authentication.

Abstract: An apparatus, system, and method are disclosed for remotely accessing a shared password. A storage module stores identifiers, passwords, and keys within a secure key structure of a client. The passwords and keys include a shared password encrypted with a shared password key that is encrypted with a service structure key. The storage module also stores the service structure key encrypted with a key derived from a service password on a trusted server. An input/output module accesses the trusted server from the client with a prospective service password and receives the encrypted service structure key from the trusted server if a hash of the prospective service password is equivalent to the service password. An encryption module may decrypt the service structure key with the prospective service password, the shared password key with the service structure key, and the shared password with the shared password key.

Abstract: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan.

Abstract: An end user or IT owner via the use of an application specifies which TPM is to be loaded or which TPM operation is to be invoked given the authenticated presentation of a biometric such as a fingerprint or a token such as a smart card. A secure table stored in the microcontroller made up of TPM hashes and their corresponding endorsement keys is indexed to these authentication records. The microcontroller compares a received biometric or smart card value to the stored values to determine which TPM emulator to load. This architecture uniquely stores individually secured algorithms, and applications that can be bound to the user and the system on which they are running.

Abstract: Methods and systems for providing access to stored audio data include a convenient syntax that facilitates control of an audio server. The methods and systems are capable of playing provisioned sequences of audio data to end users, where the provisioned sequences are identifiable using a unique audio identifier. A set data structure provides access to stored audio data using a unique audio identifier and a selector for choosing a member within a set. Function and navigation keys allow end users to control playback of audio, recording of speech, and collection of digits.

Abstract: The disclosure provides compositions prepared by combining nanomaterials with a halide-containing polymer, thereby forming a combined polymer matrix having dispersed nanomaterials within the matrix. The nanomaterials may be carbon-based nanotubes, in some applications. A halide-containing monomer is combined with nanotubes, and then polymerized in some compositions. In other applications, a halide-containing polymer is solution processed with nanotubes to form useful compositions in the invention. Also disclosed are probes for near field detection of radiation.

Abstract: Protection of an authentication password stored in a database held by a SAM of Windows® is strengthened. A GINA, a part of the OS, receives an authentication password in ASCII codes. The authentication password is converted to first UNICODES, and the first UNICODES are salted with a random number and converted to second UNICODES. The random number used for salting is associated with a user account and a password and stored in a read/write protected non-volatile memory or a non-volatile memory which can be accessed only by a BIOS. An LSA of the OS can process UNICODES without being changed.

Abstract: The present invention is directed to a surveillance device that provides a wide range of monitoring and is adapted to log and transmit video, audio, collateral environment data, and event data over a network, utilizing a relatively low bandwidth and low power consumption, while maintaining a resolution and features that greatly enhance surveillance applications. The multimedia surveillance device of the present invention provides support for dynamic addressing, JPEG 2000 compression, auto-focus and alarm notification.

Abstract: A method for restricting access to an encryption key of an encrypted file system (EFS), whereby access is provided only when a computer system is booted in a trusted state. The EFS encrypts the files within a TPM chip according to TCPA specifications and simultaneously creates the encryption key, which is also stored in the TPM. The key is sealed to one or more platform control register (PCR) states (i.e., the TPM will export the key only when the PCRs are in a pre-defined state.). The original PCR states are modified during boot up of the computer system via a secure hashing algorithm, which extends a value of one PCR to a next PCR at each stage of the boot process and then hashes the value with the remaining content of the next PCR. When the system boot process is completed and before control passes to the user, the values within the PCRs are compared to values stored in a PCR table within the TPM, and the encryption key is exported to the OS kernel only when the PCR values match the table values.

Abstract: An apparatus, system, and method are disclosed for secure password reset. In one embodiment, an authentication module authenticates a user. An authorization key module retrieves an authorization key from a backup key blob using a backup password. In a certain embodiment, the authorization key module retrieves the authorization key in response to receiving the backup password. A user password module receives a user password. An active blob creation module creates an active key blob comprising the authorization key and the user password, allowing a user to retrieve the authorization key and access a secure asset by providing the user password.

Abstract: The present invention provides 2,4-pyrimidinediamine compounds having antiproliferative activity, compositions comprising the compounds and methods of using the compounds to inhibit cellular proliferation and to treat proliferative diseases such as tumorigenic cancers.

Abstract: A trusted platform module (TPM) key is assigned a numerical limit for the number of times the key can be used, and once the key has been used the assigned number of times, it is rendered unusable.

Abstract: The present invention provides 2,4-pyrimidinediamine compounds having antiproliferative activity, compositions comprising the compounds and methods of using the compounds to inhibit cellular proliferation and to treat proliferative diseases such as tumorigenic cancers.

Abstract: The present invention provides 2,4-pyrimidinediamine compounds having antiproliferative activity, compositions comprising the compounds and methods of using the compounds to inhibit cellular proliferation and to treat proliferative diseases such as tumorigenic cancers.

Abstract: The present disclosure provides 2,4-pyrimidinediamine compounds having antiproliferative activity, compositions comprising the compounds and methods of using the compounds to inhibit cellular proliferation and to treat proliferate diseases such as tumorigenic cancers.

Abstract: The present disclosure provides 2,4-pyrimidinediamine compounds having antiproliferative activity, compositions comprising the compounds and methods of using the compounds to inhibit cellular proliferation and to treat proliferate diseases such as tumorigenic cancers.