Abstract: Device, system, and method of managing trustworthiness of electronic devices. For example, an Internet of Things (IoT) device is able to transmit data to a recipient device. The recipient device operates as a querying device, and utilizes a query agent to query a trust-management server with regard to the trustworthiness of the IoT device. The trust-management server receives from the IoT device a set of values indicating various parameters of the IoT device. The trust-management server generates a trustworthiness report pertaining to the IoT device, and sends the report as a response to the trustworthiness query. Optionally, a caching agent caches copies of trustworthiness reports and provides to querying devices such previous reports, together with an indication of their freshness level.

Abstract: Device, system, and method of managing trustworthiness of electronic devices. For example, an Internet of Things (IoT) device is able to transmit data to a recipient device. The recipient device operates as a querying device, and utilizes a query agent to query a trust-management server with regard to the trustworthiness of the IoT device. The trust-management server receives from the IoT device a set of values indicating various parameters of the IoT device. The trust-management server generates a trustworthiness report pertaining to the IoT device, and sends the report as a response to the trustworthiness query. Optionally, a caching agent caches copies of trustworthiness reports and provides to querying devices such previous reports, together with an indication of their freshness level.

Abstract: Device, system, and method of managing trustworthiness of electronic device. For example, an Internet of Things (IoT) device is able to transmit data to a recipient device. The recipient device operates as a querying device, and utilizes a query agent to query a trust-management server with regard to the trustworthiness of the IoT device. The trust-management server receives from the IoT device a set of values indicating various parameters of the IoT device. The trust-management server generates a trustworthiness report pertaining to the IoT device, and sends the report as a response to the trustworthiness query. Optionally, a caching agent caches copies of trustworthiness reports and provides to querying devices such previous reports, together with an indication of their freshness level.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

Abstract: System, device, and method of authenticated encryption of messages. A message intended for authenticated encryption is stored; and a secret authentication key and a secret encryption key are stored. A key-stream set of blocks is generated, each block including pseudo-random bits. The aggregate length of the key-stream is equal to or greater than the message-length of the message. Each block of the key-stream is generated by a deterministic pseudo-random number generator function that is instantiated with the secret encryption key. The key-stream is generated on a block-by-block basis, until the key-stream reaches in aggregate the message-length of the message. Each block of bits of the message is encrypted, on a per-block basis, with a corresponding block from the key-stream. Authentication is performed on the result of the encrypting operation, or on the message, by applying a keyed cryptographic checksum function that ascertains integrity and that utilizes the secret authentication key.

Abstract: Device, system, and method of managing trustworthiness of electronic device. For example, an Internet of Things (IoT) device is able to transmit data to a recipient device. The recipient device operates as a querying device, and utilizes a query agent to query a trust-management server with regard to the trustworthiness of the IoT device. The trust-management server receives from the IoT device a set of values indicating various parameters of the IoT device. The trust-management server generates a trustworthiness report pertaining to the IoT device, and sends the report as a response to the trustworthiness query. Optionally, a caching agent caches copies of trustworthiness reports and provides to querying devices such previous reports, together with an indication of their freshness level.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

Abstract: System, device, and method of provisioning cryptographic assets to devices.

Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

Abstract: System, device, and method of provisioning cryptographic assets to devices.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A server includes: an authentication module to send, to a remote client device, a server authentication certificate; an accreditation certificate stored in a pre-defined location on the server, wherein the pre-defined location is accessible to the remote client device; wherein the accreditation certificate indicates a condition that the server authentication certificate needs to meet in order for the server authentication certificate to be accepted for authentication by the remote client device.

Abstract: System, device, and method of provisioning cryptographic assets to devices.

Abstract: Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A mobile electronic device includes: a secure execution environment (SEE) to securely execute code; and a secure video path (SVP) to securely exchange information between the SEE and a touch-screen of the mobile electronic device; wherein the SEE includes a secure password entry module to generate a scrambled on-screen interface, and to send the scrambled on-screen interface to the touch-screen through the SVP.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A server includes: an authentication module to send, to a remote client device, a server authentication certificate; an accreditation certificate stored in a pre-defined location on the server, wherein the pre-defined location is accessible to the remote client device; wherein the accreditation certificate indicates a condition that the server authentication certificate needs to meet in order for the server authentication certificate to be accepted for authentication by the remote client device.