Abstract: The present invention relates to a system comprising a host processor, a video subsystem and a cryptographic device. The cryptographic device includes dedicated circuitry to cause information associated with a financial transaction to be internally configured for display on a monitor of the video subsystem without being processed by host processor.

Abstract: A system and method for configuring and registering a cryptographic device. The configuration phase involves loading a device serial number (DSER) and a symmetric key (SK) into non-volatile memory of the cryptographic device. The non-volatile memory is integrated with processing logic of the cryptographic device. DSER is provided by an external source while SK is generated within the cryptographic device. The registration phase involves providing DSER to a database that contains cryptographic information associated with each cryptographic device manufactured. The cryptographic information includes at least a public key and a private key encrypted with SK. DSER is used to locate the appropriate cryptographic information and to transmit the cryptographic information to an electronic system having the cryptographic device.

Abstract: Implemented preferably within a digital camera, an electronic device is used to prevent a captured data clip from being fraudulently altered without detection. The electronic device performs "time-bracketing" and may contain cellular phone circuitry to establish wireless communication to receive a state value used to preserve data integrity when time-stamping is performed in combination.

Abstract: A method and apparatus for keeping track of erase cycles performed on a plurality of storage blocks in a flash memory device. The flash memory device comprises at least two wear-bar blocks (active and inactive) for use in storing a plurality of erase count values representing the erase cycles performed on the plurality of storage blocks. Each wear-bar block includes a plurality of wear-bar storage elements corresponding to each of the plurality of storage blocks. Each wear-bar storage element includes a first count field and a second count field which collectively contain an erase count value. The second count field may be updated by changing from an initial state (SET, e.g.) to a final state (CLEAR, e,g.) without erasure of its corresponding wear-bar block. The first count field is updated in a normal binary sequence each time the second count field reaches a maximum count (e.g., all bits are changed from SET to CLEAR).

Abstract: A mechanism to conditionally activate an electronic device implemented within electronic computing equipment such as a computer. Such activation may be based on user authentication and/or confirmation that the electronic device is operating in conjunction with its companion cryptographic device.

Abstract: Implemented preferably within a video camera, a cryptographic device is used to prevent audio from being fraudulently altered without detection. The cryptographic device performs a "time-bracketing" operation to preserve data integrity through implementation of a state value randomly generated after a first point of time. Time-bracketing is performed by appending the state value to an aggregate digest of at least one pair of video and audio data clips to produce an aggregate data set, and digitally signing the aggregate data set before the aggregate digest is transmitted to a centralized system for "time-stamping", resulting in a published composite digest. The aggregate data set supports that the data clips were captured after the first point of time while providing support that the data clip was captured before the second point of time.

Abstract: A mechanism for providing security functions for an integrated circuit device is provided. In one particular embodiment of the present invention, the integrated circuit device includes an input coupled to a voltage supply. A reference circuit coupled to the input receives a voltage from the voltage supply. The reference circuit is coupled to a security circuit which implements a control function which renders circuits within the integrated circuit electronically inaccessible for a period of time.

Abstract: A subsystem prevents unauthorized replacement of boot-up firmware (e.g., BIOS) embedded in modifiable non-volatile memory devices such as flash memory. The firmware device is contained in a secure boot device which is responsive to the host processor. The security protection is established by the encryption and decryption of the boot-up instructions using a secret key shared by both the secure boot device and the host processor.

Abstract: A scanner constructed to prevent illicit post-scan modification of a data set. The data set is a representation of visual images printed on a document scanned by the scanner. To prevent illicit post-scan modification, the scanner produces a digital signature which is output in combination with the data set. This virtually ensures detection of any post-scan modification of the data set.

Abstract: A secure method and apparatus for compressing and digitally signing compressed video data. The apparatus compresses video data and permits signing of the compressed video image in such a way that if only a portion of the video image is successfully transmitted, the digital signature corresponding to that portion can still be verified. An optimization scheme which allows the verification of portions of a successful digital transmission with using only one digital signature is also disclosed.

Abstract: A subsystem prevents unauthorized modification of BIOS program code embedded in modifiable non-volatile memory devices such as flash memory. A cryptographic coprocessor containing the BIOS memory device performs authentication and validation on the BIOS upgrade based on a public/private key protocol. The authentication is performed by verifying the digital signature embedded in the BIOS upgrade.

Abstract: Circuitry implemented within a multi-chip module comprising a first integrated circuit chip and a second integrated circuit chip coupled together through an interconnect. Both the first and second integrated circuit chips include a cryptographic engine coupled to the interconnect and a non-volatile memory element used to contain key information. These cryptographic engines are solely used to encrypt outgoing information being output across the interconnect or to decrypt incoming information received from the interconnect. This prevents fraudulent physical attack of information transmitted across the interconnect.

Abstract: A secure video content processor ("SVCP") which receives encrypted digital video information and converts it into analog information for a monitor while preventing unauthorized access to the intermediate unencrypted digital data. The SVCP uses hardware envelopes to prevent unauthorized access to the decrypted digital stream. When a need arises to transmit digital data outside the hardware envelope, the digital data is encrypted and then decrypted when it re-enters a hardware protected section of circuitry.

Abstract: An electronic system with security functionality that optimizes performance of the electronic system during cryptographic operations. In one embodiment, the electronic system includes a chipset having circuitry to perform bulk cryptographic operations and a circuitry physically removed from the chipset to control and manage operations of the chipset.

Abstract: A semiconductor device used to store encryption/decryption keys at manufacture in combination with digital certificates to ensure secured communications between the semiconductor device and another device. The semiconductor device comprising (i) a non-volatile memory capable of storing the encryption/decryption keys and at least one digital certificate, (ii) an internal memory capable of temporarily storing information input into the semiconductor device from the other device and possibly encryption and decryption algorithms, (iii) a processor for processing the information and (iv) a random number generator for generating the encryption/decryption keys completely internal to the semiconductor device.

Abstract: A cryptographic device formed as an integrated circuit encapsulated in an integrated circuit package. The cryptographic device decrypts information having a first encrypted format that is input into the cryptographic device producing information in a non-encrypted format. The information in the non-encrypted format is subsequently re-encrypted into a second encrypted format which is output from the cryptographic device. The decryption and re-encryption operations are accomplished entirely within the cryptographic device.

Abstract: A method of producing a hardware agent being a single integrated circuit encapsulated within a semiconductor device package. The method comprises the steps of generating a device-specific key pair internally within the hardware agent, and verifying that the key pair is unique. After production, secure communications are established through transmission of at least one digital certificate, followed by a successful challenge and response communication exchange.

Abstract: A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.

Abstract: Implemented preferably within a video camera, a secure data capture device is used to prevent a captured data clip from be fraudulently altered without detection. The secure data capture device performs "time-bracketing" and/or "sequence ordering" operations to preserve data integrity through implementation of two registers incorporating a "State of the Universe" ("SOTU") number and a "sequence" number, respectively. Time-bracketing is performed by digitally signing a running hash value representing the data clip appended to the SOTU number before the digital signature is "timestamped". Sequence ordering is performed by digitally signing the digest of the data frame or multiple data frames along with the sequence number.

Abstract: A light sensing device including at least one light sensor is provided. The at least one light sensor is configured to be exposed to a light image. In response to the light image, the at least one light sensor is configured to generate a first signal. The light sensing device further includes a measuring device coupled to the at least one light sensor. The light sensing device also includes a sampling generator configured to generate a sampling signal to the measuring device. The sampling signal is inhibited when the first signal is lesser than or equal to a predetermined value. Upon inhibition of the sampling signal, the measuring device retains a measure of the first signal.