Abstract: In an embodiment of a method of and system for detecting rollback of usage data, the usage data is recording in a database. A sequence value in the database is repeatedly advanced. A copy of the sequence value is repeatedly saved to protected storage. The copy of the sequence value in the protected storage is compared with the sequence value in the database, and it is determined whether the result of the comparison is consistent with normal operation of the database since the previous save to protected storage.

Abstract: A method for preventing unauthorized use of a software program on a computing device includes updating a state of a software program on a computing device to an updated state. Transmitting an update signal from the software program to a hardware token coupled to the computing device and updating a state of the hardware token to an updated state in response to the received update signal. Performing a first cryptographic check using the updated state of the software program and the updated state of the hardware token with the hardware token. Transmitting the first cryptographic check from the hardware token to the software program and performing a second cryptographic check using the state of the hardware token and the state of the software program with the computing device.

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

Abstract: A hypervisor runs on a host computer system and defines at least one virtual machine. An address space of the virtual machine resides on physical memory of the host computer system under control of the hypervisor. A guest operating system runs in the virtual machine. At least one of a host operating system and the hypervisor sets parts of the address space of the host computer system corresponding to parts of the address space of the virtual machine to a locked state in which those parts can be read but not written to.

Abstract: An apparatus, computer readable medium, and method of protecting an application, the method including responding to receiving a level of security for the application by evaluating each of a plurality of routines of the application to generate an evaluation for each of the plurality of routines of the application; selecting a number of the plurality of routines to protect based on the evaluation for each of the plurality of routines and the received level of security; and protecting the selected number of the plurality of routines.

Abstract: A hypervisor runs on a host computer system and defines at least one virtual machine. An address space of the virtual machine resides on physical memory of the host computer system under control of the hypervisor. A guest operating system runs in the virtual machine. At least one of a host operating system and the hypervisor sets parts of the address space of the host computer system corresponding to parts of the address space of the virtual machine to a locked state in which those parts can be read but not written to.

Abstract: A system and method for obfuscating a database's schema while preserving its functionality by modifying the original table names, column names, table order, column order, and/or data character set such that the standard order of the original characters is maintained.

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

Abstract: A system and method for obfuscating a database's schema while preserving its functionality by modifying the original table names, column names, table order, column order, and/or data character set such that the standard order of the original characters is maintained.

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

Abstract: In an embodiment of a method of and system for detecting rollback of usage data, the usage data is recording in a database. A sequence value in the database is repeatedly advanced. A copy of the sequence value is repeatedly saved to protected storage. The copy of the sequence value in the protected storage is compared with the sequence value in the database, and it is determined whether the result of the comparison is consistent with normal operation of the database since the previous save to protected storage.

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

Abstract: A method and apparatus for booting a computer. The method comprises the steps of emulating a floppy disk drive communicatively coupled to a computer in a token via a USB-compatible interface, and booting the computer using the token. The apparatus comprises means for performing these functions, including a token with a processor having one or more memories storing processor instructions and data for performing the method steps. The memory may also securely store sensitive data.

Abstract: A system and method in which the operating system of the user computer loads the software application and a DLL having a portion of the application execution code stored therein into memory is disclosed. At selected points during its execution, the software application calls the DLL to execute a portion of the application code that was saved into the DLL before delivery to the end user. Since this code is encrypted and the encryption key is stored in a hardware security device and not in the DLL or the software application, the application code portion cannot be executed without recovering the key.

Abstract: A device that secures a token from unauthorized use is disclosed. The device comprises a user interface for accepting a personal identifier, a processor, communicatively coupled to the user interface device, and a token interface. The token interface includes a token interface IR emitter that produces an IR signal having information included in the PIN. The token IR emitter is coupled to the processor and is further communicatively coupled to a token IR sensor when the token is physically coupled with the token interface. The token interface also includes a shield, substantially opaque to the IR signal, for substantially confining the reception of the IR signal to the token IR sensor. In one embodiment, the shield substantially circumscribes the IR emitter. In another embodiment, the interface also comprises a token interface IR sensor, which allows communications from the token to the device as well.

Abstract: A method, apparatus, and article of manufacture for protecting a shelled computer program with a startup code featuring multiple-route execution. In one embodiment, the startup code comprises a sequence of tasks, collectively executing a startup code, wherein one or more of the tasks is selectably performed by one of a plurality of task code variations as selected by a selection code associated with the task.

Abstract: A method for preventing unauthorized use of a software program on a computing device includes updating a state of a software program on a computing device to an updated state. Transmitting an update signal from the software program to a hardware token coupled to the computing device and updating a state of the hardware token to an updated state in response to the received update signal. Performing a first cryptographic check using the updated state of the software program and the updated state of the hardware token with the hardware token. Transmitting the first cryptographic check from the hardware token to the software program and performing a second cryptographic check using the state of the hardware token and the state of the software program with the computing device.

Abstract: A system and method for binding a protected application to a shell module. The shell module is appended to the application. The shell module executes prior to the execution of the application, and first creates a resource. After the shell module finishes execution, the application tries to access the created resource. If the access is successful, the application is allowed to proceed. Otherwise, the application terminates. The inability of the application to access the resource is an indication that the shell module never actually created the resource. This suggests that the shell module never executed; the shell module may have been either removed or functionally disconnected from the application. This further implies that the security functionality of the shell module has not executed. The application is therefore not permitted to execute, since the shell's security checks have probably not been performed.

Abstract: A “dual” personal key/token is disclosed. The “dual” personal key is useful for installing drivers and other command interfaces which allow the personal key to be coupled to and used with a host computer. In a first embodiment, the personal key operates as a USB hub, and reports two devices, a storage device and a personal key, to the host computer. In a second embodiment presents a single device, and different portions of the personal key are activated as required.