Abstract: A mobile device operating system pools any available entropy. The resulting entropy pool is stored in device memory. When storing entropy in memory, preferably memory addresses are randomly allocated to prevent an attacker from capturing entropy that might have already been used to create a random number. The stored entropy pool provides a readily-available entropy source for any entropy required by the operating system or device applications. Then, when a cryptographic application requests a true random number, the operating system checks to determine whether the pool has available entropy and, if so, a portion of the entropy is provided to enable generation (e.g., by a TRNG) of a true random number that, in turn, may then be used for some cryptographic operation. After providing the entropy, the operating system clears the address locations that were used to provide it so that another entity cannot re-use the entropy.

Abstract: A mobile device operating system pools any available entropy. The resulting entropy pool is stored in device memory. When storing entropy in memory, preferably memory addresses are randomly allocated to prevent an attacker from capturing entropy that might have already been used to create a random number. The stored entropy pool provides a readily-available entropy source for any entropy required by the operating system or device applications. Then, when a cryptographic application requests a true random number, the operating system checks to determine whether the pool has available entropy and, if so, a portion of the entropy is provided to enable generation (e.g., by a TRNG) of a true random number that, in turn, may then be used for some cryptographic operation. After providing the entropy, the operating system clears the address locations that were used to provide it so that another entity cannot re-use the entropy.

Abstract: An unattended computer-based machine is authenticated by the present invention method, system or apparatus. The subject machine may be an auto-restarted machine or similar machine configured to be unattended. Upon receipt of initializing input from a user at a subject computer-based machine, a working process authenticates the user and generates resulting credentials. The working process stores the generated credentials in a memory area of the subject machine. Separate from and independent of the working process is a security monitor of the present invention. A monitoring module of the present invention monitors user activity on the subject machine and upon detecting suspect activity destroys the stored credentials of the working process. Suspect activity includes any activity raising a suspicion of compromise.

Abstract: An unattended computer-based machine is authenticated by the present invention method, system or apparatus. The subject machine may be an auto-restarted machine or similar machine configured to be unattended. Upon receipt of initializing input from a user at a subject computer-based machine, a working process authenticates the user and generates resulting credentials. The working process stores the generated credentials in a memory area of the subject machine. Separate from and independent of the working process is a security monitor of the present invention. A monitoring module of the present invention monitors user activity on the subject machine and upon detecting suspect activity destroys the stored credentials of the working process. Suspect activity includes any activity raising a suspicion of compromise.