Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: Wireless mobile communication (WMC) devices located in near proximity of each other may be enabled to form a mesh (ad hoc wireless) network. WMC devices may form and/or tear down intra-mesh connection with other WMC devices in the same mesh network. WMC devices may utilize information related to other WMC devices in the mesh network in determining formation and tearing down of intra-mesh connections. This information may comprise relative speeds, locations, and directions of movement of the WMC devices forming/tearing intra-mesh connections. Other information including data bandwidth and/or power consumption may be utilized in such determination. This information may also comprise available services advertised by WMC devices in the mesh network.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: Wireless mobile communication (WMC) devices located in near proximity of each other may be enabled to form a mesh (ad hoc wireless) network. WMC devices may form and/or tear down intra-mesh connection with other WMC devices in the same mesh network. WMC devices may utilize information related to other WMC devices in the mesh network in determining formation and tearing down of intra-mesh connections. This information may comprise relative speeds, locations, and directions of movement of the WMC devices forming/tearing intra-mesh connections. Other information including data bandwidth and/or power consumption may be utilized in such determination. This information may also comprise available services advertised by WMC devices in the mesh network.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: Methods and associated systems are disclosed for providing secured data transmission over a data network. Data to be encrypted and encryption information may be sent to a security processor via a packet network so that the security processor may extract the encryption information and use it to encrypt the data. The encryption information may include flow information, security association and/or other cryptographic information, and/or one or more addresses associated with such information. The encryption information may consist of a tag in a header that is appended to packets to be encrypted before the packets are sent to the security processor. The packet and tag header may be encapsulated into an Ethernet packet and routed via an Ethernet connection to the security processor.

Abstract: A secure digital system including a number of ICs that exchange data among each other. Each of the ICs includes a key generator for generating a cipher key; a memory for securely storing the generated cipher key; an authenticating module for authenticating neighboring ICs of a respective IC; an encryption module for encrypting data communicated from the respective IC to the neighboring ICs; and a decryption module for decrypting data received from the neighboring ICs.

Abstract: A dynamically programmable security device. The device includes: a secure nonvolatile read only memory (NVMROM) for securely storing a unique device cipher key; a secure interface for dynamically loading authenticated application code; a cryptographic engine for encrypting, decrypting data and authenticating the application code; a secure random access memory (RAM) for storing the authenticated application code and application data; and a processor for executing the authenticated application code.

Abstract: A system and method for secure processing is provided, wherein a monitor application is injected into a secure application binary within the security perimeter of a secure processor. The components of the monitor application are injected into different portions of the application binary utilizing a seed value. In this manner, the positioning of the monitor application in the application binary is altered each time the application binary is booted. After the monitor application is inserted into the application binary, the secure process is passed to the host processor for execution. During execution of the secure process, a system and method is provided for the monitor application to communicate, to the secure processor, attempts to tamper with or attack the secure process.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: A secure digital system including a number of ICs that exchange data among each other. Each of the ICs includes a key generator for generating a cipher key; a memory for securely storing the generated cipher key; an authenticating module for authenticating neighboring ICs of a respective IC; an encryption module for encrypting data communicated from the respective IC to the neighboring ICs; and a decryption module for decrypting data received from the neighboring ICs.

Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.

Abstract: A secure digital system including a number of ICs that exchange data among each other. Each of the ICs includes a key generator for generating a cipher key; a memory for securely storing the generated cipher key; an authenticating module for authenticating neighboring ICs of a respective IC; an encryption module for encrypting data communicated from the respective IC to the neighboring ICs; and a decryption module for decrypting data received from the neighboring ICs.

Abstract: A dynamically programmable security device. The device includes: a secure nonvolatile read only memory (NVMROM) for securely storing a unique device cipher key; a secure interface for dynamically loading authenticated application code; a cryptographic engine for encrypting, decrypting data and authenticating the application code; a secure random access memory (RAM) for storing the authenticated application code and application data; and a processor for executing the authenticated application code.

Abstract: Systems and methods are disclosed for using cryptographic techniques to configure data processing systems. A configuration manager cryptographically controls the configuration of a system by ensuring that only authorized users or applications can change the configuration. For example, requests to change configuration information may include authenticated and/or encrypted data. These cryptographic techniques are employed to enable and/or disable functions, features and capabilities of a system. For example, a system may be reconfigured to provide strong or weak encryption based on parameters in the configuration information.

Abstract: Methods and associated systems for processing data are disclosed. A hashing function sequentially processes a hash key to generate a hash value. A policy management system processes packets according to defined policies.

Abstract: A dynamically programmable security device. The device includes: a secure nonvolatile read only memory (NVMROM) for securely storing a unique device cipher key; a secure interface for dynamically loading authenticated application code; a cryptographic engine for encrypting, decrypting data and authenticating the application code; a secure random access memory (RAM) for storing the authenticated application code and application data; and a processor for executing the authenticated application code.

Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.

Abstract: Methods and systems are disclosed for generating random numbers and initial vectors. A random number generator generates one or more random numbers that are used to repetitively seed pseudo random number generators so that the pseudo random number generators generate random numbers. Thus, a single random number generator may be used to simultaneously generate several random numbers. The random numbers generated by the pseudo random number generators may be used as initial vectors in encryption engines.

Abstract: A system and method for secure processing is provided, wherein a monitor application is injected into a secure application binary within the security perimeter of a secure processor. The components of the monitor application are injected into different portions of the application binary utilizing a seed value. In this manner, the positioning of the monitor application in the application binary is altered each time the application binary is booted. After the monitor application is inserted into the application binary, the secure process is passed to the host processor for execution. During execution of the secure process, a system and method is provided for the monitor application to communicate, to the secure processor, attempts to tamper with or attack the secure process.