Abstract: A device includes a non-maskable interrupt (NMI) signal path, a processor, and a peripheral component. The peripheral component may comprise secret data, such as a secret key. The processor may perform a preconfigured NMI interrupt service routine (ISR), in response to detecting a preconfigured signal in the NMI signal path. Access to at least a part of the peripheral component may be enabled in response to detecting the preconfigured signal in the NMI signal path. Thus, the processor may be able to access the secret data, for example, when the processor is running the NMI ISR.

Abstract: An apparatus includes a processor coupled to a memory. The processor calls a second function from a first function by coloring with an inaccessible color value a first memory area associated with the first function, branching to the second function, coloring with a second color value a second memory area associated with the second function, operating on the second memory area, and coloring with the inaccessible color value the second memory area. The processor then returns control to the first function, and colors with a first color value the first memory area. The coloring step includes branching to a coloring routine that includes a basic block beginning with a single branch target instruction, identifying and authorizing the calling routine, coloring with a hardcoded color value a memory area associated with the calling routine, and returning to the calling routine.

Abstract: A method for attestation of Control Flow Integrity (CFI) of an application running on an end entity whereby an asymmetric key pair is generated by a Key Management Module (KMM) comprising a private key and a public key, then the public key is signed with a device key unique to the end entity thereby generating a public key certificate which attests to the private key being in possession of the end entity. The asymmetric key pair is based on the executing code of the application and the device key. The attestation claims regarding CFI of the application are signed by the private key in a dedicated signature module.

Abstract: According to an embodiment, a device comprises a non-maskable interrupt (NMI) signal path, a processor, and a peripheral component. The peripheral component may comprise secret data, such as a secret key. The processor may perform a preconfigured NMI interrupt service routine (ISR), in response to detecting a preconfigured signal in the NMI signal path. Access to at least a part of the peripheral component may be enabled in response to detecting the preconfigured signal in the NMI signal path. Thus, the processor may be able to access the secret data, for example, when the processor is running the NMI ISR. A device, a method, and a computer program are described.

Abstract: An apparatus includes a processor coupled to a memory. The processor calls a second function from a first function by coloring with an inaccessible color value a first memory area associated with the first function, branching to the second function, coloring with a second color value a second memory area associated with the second function, operating on the second memory area, and coloring with the inaccessible color value the second memory area. The processor then returns control to the first function, and colors with a first color value the first memory area. The coloring step includes branching to a coloring routine that includes a basic block beginning with a single branch target instruction, identifying and authorizing the calling routine, coloring with a hardcoded color value a memory area associated with the calling routine, and returning to the calling routine.

Abstract: A method for attestation of Control Flow Integrity (CFI) of an application running on an end entity whereby an asymmetric key pair is generated by a Key Management Module (KMM) comprising a private key and a public key, then the public key is signed with a device key unique to the end entity thereby generating a public key certificate which attests to the private key being in possession of the end entity. The asymmetric key pair is based on the executing code of the application and the device key. The attestation claims regarding CFI of the application are signed by the private key in a dedicated signature module.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store a user key, a token relating to a resource, the token comprising the user key in encrypted form, and management data received in the apparatus from a server, and at least one processing core configured to participate in an access interaction with the resource, the access interaction being based at least partly on the token and the user key and the access interaction comprising first sending the management data to the resource and then completing the access interaction to access the resource.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising: a memory configured to store a user key specific to a particular user or token; software code; a token relating to a second apparatus, the token comprising the user key and the software code, and at least one processing core configured to: participate in an interaction with the second apparatus, the interaction being based at least partly on the token and the user key and the interaction comprising transmitting the token to the second apparatus.

Abstract: A method, apparatus and computer program are disclosed, which receive information from near field communication for a near field communication application or service, using a protocol stack containing an SNEP layer, SNEP referring to a simple near field communication data exchange format exchange protocol. A short message is received from a mobile telecommunication network. A near field communication extension message is identified in the received short message. The identified near field communication extension message is passed to the near field communication application or service via the SNEP layer in response to the identifying of the near field communication extension message.

Abstract: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.

Abstract: An approach is provided for providing security mechanism for proximity-based interactions among devices. A first device (e.g., a memory tag) may determine a request for interaction between the first device and a second device (e.g., a mobile phone), wherein at least the first device is associated with at least one first antenna and at least one second antenna. The first device may determine a first signal received by the at least one first antenna and a second signal received by the at least one second antenna. Further, the first device may determine one or more differences in one or more characteristics of the first signal and the second signal. Furthermore, the first device may process or facilitate a processing of the one or more differences to determine whether to allow the interaction.

Abstract: A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.

Abstract: A system for wireless memory device authentication is provided, wherein a communications device receives a certified public key from a wireless memory device. The communications device validates the public key and send a challenge to the wireless memory device. The wireless memory device sends a signature to the communications device and the communications device validates the signature in order to authenticate the wireless memory device.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising: a memory configured to store a user key specific to a particular user or token; software code; a token relating to a second apparatus, the token comprising the user key and the software code, and at least one processing core configured to: participate in an interaction with the second apparatus, the interaction being based at least partly on the token and the user key and the interaction comprising transmitting the token to the second apparatus.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store a user key, a token relating to a resource, the token comprising the user key in encrypted form, and management data received in the apparatus from a server, and at least one processing core configured to participate in an access interaction with the resource, the access interaction being based at least partly on the token and the user key and the access interaction comprising first sending the management data to the resource and then completing the access interaction to access the resource.

Abstract: A system for identity based ticketing is provided, wherein a user device sends a challenge to a terminal; the terminal updates a filter based on the challenge and sends the contents of the filter to the user device. The user device sends the contents of the filter, relating to the user device and the terminal, to a backend server; and the backend server derives from the contents of the filter information concerning user behavior.

Abstract: An apparatus comprising: a requester configured to request a certificate comprising at least one identifier associated with the apparatus from at least one network node; a first receiver configured to receive the certificate from the at least one network node; and a forwarder configured to forward the certificate to at least one further apparatus; a second receiver configured to receive a further certificate from the further apparatus, the further certificate comprising at least one further identifier associated with the further apparatus; and an authenticated configured to authenticate the further apparatus based on the further certificate.

Abstract: Embodiments of the present invention provide methods and apparatuses of providing content data and accessing content data. The method for providing content data comprises: receiving a first request for content data, the first request being originated from a first user equipment and comprising an indication of the requested content data and an indication from where the requested content data is accessible; identifying a local equipment that is in proximity to the first user equipment and has pre-stored the requested content data; and returning a first response directed to the first user equipment, by which the first user equipment is informed to access the requested content data from the local equipment via a first device-to-device communication with the local equipment. With the proposed solutions, network loads can be reduced.

Abstract: Radio communications is performed within a mobile telecommunication network. Billing related information is obtained by radio-physical detection. Within a trusted execution environment, a challenge known by the mobile telecommunication network is obtained; billing related information is received; billing related information is attested; and the attested billing related information is caused to be sent to the mobile telecommunication network.

Abstract: An apparatus, a computer program and a method in an apparatus for causing obtaining from a wireless charging detector (220) an indication of the presence of a wireless charging field; causing obtaining from a near field communication circuitry (210) an indication of proximity of a near field communication device (1 10, 120); and responsively to obtaining the indications, causing negotiating with the near field communication device (1 10, 120).