Abstract: Encrypted information is conventionally broken into blocks which are transmitted sequentially. Because the order and the size of such blocks can be easily determined, an eavesdropper can gain valuable information regarding the content of the communication. More specifically, if known types of information exist within a block, the encryption key may be determined allowing the content of other encrypted blocks to be obtained. Embodiments of a system, method and computer program product described herein can overcome this deficiency by securely transferring information through random ordering and random block sizing. An original data set to be transferred is divided into a plurality of blocks, where at least two blocks have different sizes. The blocks are encrypted and inserted into a sequence of data transfer slots. The blocks are then selected for transfer in random order by selecting a slot to transfer based on a generated random number.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.

Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.

Abstract: A secure network of electronic elements (“network”) ensures the electronic elements that implement an electronic device are functioning properly. The network selects at least one master electronic element to consistently check that each of the electronic elements are functioning properly. When the master electronic element identifies that an electronic element is not functioning properly, the network executes a predefined response, such as a counter measure that limits the functional capability of the improperly functioning electronic element or other electronic elements. Electronic elements can identify when a master electronic element is improperly functioning by observing that the master electronic element has ceased checking on the electronic elements. The secure network can then execute a response that includes the counter measure of limiting the functional capability of the improperly functioning master electronic element and assigning a new master electronic element.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: A secure active network includes a plurality of secure elements which communicate with one another to share and log information such as identification, location, and user activity associated with each secure element. Secure elements exchange data with one another, and log data received. The periodicity of communication between secure elements, encryption of the information, and the operating frequency in which the information is transmitted and received may be changed if communication is lost between any of the secure elements or if a determination is made that a secure element has traveled outside a predetermined zone. The integrity of the secure network may be verified at any time by comparing the logged information to a reference network.

Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.

Abstract: Disclosed are various embodiments providing a portable wireless communication device that includes a secure element configured to route a set of input/output (I/O) channels to host processing circuitry of a mobile communication device. The secure element includes an application executable by the secure element, the application being configured to obtain a policy via an I/O channel of the set of I/O channels. The application is further configured to prevent the host processing circuitry from accessing data corresponding to at least a portion of the set of I/O channels according to the policy.

Abstract: An apparatus may comprise a secure portion of a chip and an external memory device. The secure portion of the chip may be configured to receive an encryption key, and the memory device may be configured to receive an encrypted processing code. The secure portion of the chip may be configured to verify the encrypted processing code by decrypting the encrypted processing code using the encryption key. A non-secure portion of the chip may be configured to write the encrypted processing code on the memory device while the memory device is coupled to the chip. The encryption key may be associated with an identifier of the chip.

Abstract: A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode.

Abstract: Methods and systems for authentication of a device are disclosed. An exemplary method includes transmitting an energy towards the device including a material, monitoring a response of the device to the transmitted energy, generating a signature of the device based on the response of the device to the transmitted energy, comparing the device signature to an enrolled signature for the device, and indicating that authentication of the device is successful when the generated signature matches the enrolled signature. An exemplary system includes a transmitter configured to transmit an energy towards the device, a receiver configured to monitor a response of the device, and a processor configured to generate a signature of the device based on the response of the device, compare the device signature to an enrolled signature for the device, and indicate that authentication of the device is successful when the generated signature matches the enrolled signature.

Abstract: A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode.

Abstract: A system monitors an application. The system includes a state table with state table nodes corresponding to application checkpoints. The state table nodes include an authorized time interval and application path. The system also includes a time counter that tracks an operation time between successive application checkpoints, and a program counter that tracks and stores an operation path for the application. A checkpoint module verifies an operation of the application at a checkpoint by comparing the authorized time interval for the checkpoint state table node and the operation time tracked by the time counter, as well as the authorized application path for the checkpoint state table node and the operation path tracked by the program counter. A security action is performed when the tracked operation time is not within the authorized time interval, or when the tracked operation path does not match the authorized application path.

Abstract: A host apparatus to obtain electronic authentication of a request associated with a group, the host apparatus including a processor to receive the request from an external device external to the group, to generate a digital document based on information associated with the request, to transmit the digital document to a trusted entity device for electronic authentication of the request, to receive the digital document from the trusted entity device, to determine whether the electronic authentication of the request was successful, and to process the request when it is determined that the electronic authentication of the request was successful.

Abstract: A secure integrated circuit (IC) to provide access to an electronic storage, the secure IC including a memory and a processor. The processor may generate a first key and a second key, and enable storing the first key in the memory and storing the second key in a device memory of a device. The processor may then receive the second key from the device when the device wants to access the electronic storage, and grant the device access to the electronic storage by using the first key and the second key received from the device.

Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.

Abstract: A secure element operating in conjunction with a secure partition of a system-on-a-chip (SoC) having set top box (STB) functionality allows for digital rights management (DRM) key handling in a mobile platform. The secure element can include a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The secure element and the secure partition of the SoC may be operatively connected by a secure cryptographic channel.

Abstract: A secure active network includes a plurality of secure elements which communicate with one another to share and log information such as identification, location, and user activity associated with each secure element. Secure elements exchange data with one another, and log data received. The periodicity of communication between secure elements, encryption of the information, and the operating frequency in which the information is transmitted and received may be changed if communication is lost between any of the secure elements or if a determination is made that a secure element has travelled outside a predetermined zone. The integrity of the secure network may be verified at any time by comparing the logged information to a reference network.

Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.