Abstract: A method for protecting computer software code is disclosed. In the embodiment, the method involves receiving instructions corresponding to computer software code for an application, the instructions including a first section of instructions to protect that is indicated by a first indicator and a second section of the instructions to protect that is indicated by a second indicator, rewriting the first section of instructions into a first section of virtual instructions, and rewriting the second section of instructions into a second section of virtual instructions, wherein the first section of instructions includes a first virtual instruction that corresponds to a first handler and the second section of virtual instructions includes a second virtual instruction that corresponds to a second handler, the first handler having different properties than the second handler.

Abstract: Various exemplary embodiments relate to a method, device, and storage medium including: receiving an NDEF message by an NFC device including a payload and at least one of a digital signature and a reference to a digital signature; stripping data from the payload to produce a stripped payload; verifying the payload using the digital signature and the stripped payload; and conditionally interpreting the payload based on whether the payload is verified. Various embodiments are described wherein: the payload includes a URI including a fragment denoted by a pound character; and stripping data includes stripping the fragment from the URI. Various embodiments are described wherein the payload is verified, the fragment comprises fragment data, and interpreting the payload comprises: transmitting a message requesting a resource identified by the URI, wherein the request omits the fragment data; executing a received script to transmit the fragment data to a device.

Abstract: A method for obfuscating functionality of computer software is disclosed. In an embodiment, the method involves determining a first set of instructions needed to perform a target operation and a second set of instructions for at least one or more additional operations. The second set of instructions is tuned to contain instructions such that, by executing the second set of instructions, the function of the first set of instructions can be performed. Once the first and second sets of instruction are determined and tuned, a code library is created and code fragments in the library correspond to code needed to perform the function of the first set of instructions when executed. Instructions are then added to the second set of instructions such that, when executed, will cause the functionality of the first set of instructions to be achieved.

Abstract: Various embodiments include a method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, including transmitting, by the processor, an authentication challenge to the SIM card; receiving an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling the secure software application when the authentication response from the SIM card is verified.

Abstract: A mobile device, including: a wireless communication interface; a memory storing a secure software application; and a processor in communication with the memory, the processor being configured to: transmit an authentication challenge to the SIM card; receive an authentication response from the SIM card; verify the authentication response from the SIM card; and enable the secure software application when the authentication response from the SIM card is verified.

Abstract: A method for obfuscating functionality of computer software is disclosed. In an embodiment, the method involves determining a first set of instructions needed to perform a target operation and a second set of instructions for at least one or more additional operations. The second set of instructions is tuned to contain instructions such that, by executing the second set of instructions, the function of the first set of instructions can be performed. Once the first and second sets of instruction are determined and tuned, a code library is created and code fragments in the library correspond to code needed to perform the function of the first set of instructions when executed. Instructions are then added to the second set of instructions such that, when executed, will cause the functionality of the first set of instructions to be achieved.

Abstract: A method of binding a software to a device is disclosed. Accordingly, during a setup of the software in the device, a unique identifier is derived from contents stored in the device and the derived unique identifier is encrypted. The derived unique identifier is then stored in a configuration of the software. During a next invocation of the software in the device, a new unique identifier is derived from the contents stored in the device. The newly derived unique identifier is then matched with the stored unique identifier. The execution of the software is terminated if the matching fails.

Abstract: A portion of a reprogrammable storage device is used to implement permanent data storage. The storage device includes a plurality of electrically erasable memory elements and a controller. The plurality of electrically erasable memory elements are configured to store data. Each memory element is programmable a number of write cycles before reaching a write failure state. The controller is coupled to the plurality of memory elements. The controller includes a receiver and a write engine. The receiver receives an instruction to drive a selected memory element to the write failure state. The write engine repeatedly writes a data value, in a plurality of write operations, to the selected memory element until the write failure state of the selected memory element is established.

Abstract: Various exemplary embodiments relate to a method, device, and storage medium including: receiving an NDEF message by an NFC device including a payload and at least one of a digital signature and a reference to a digital signature; stripping data from the payload to produce a stripped payload; verifying the payload using the digital signature and the stripped payload; and conditionally interpreting the payload based on whether the payload is verified. Various embodiments are described wherein: the payload includes a URI including a fragment denoted by a pound character; and stripping data includes stripping the fragment from the URI. Various embodiments are described wherein the payload is verified, the fragment comprises fragment data, and interpreting the payload comprises: transmitting a message requesting a resource identified by the URI, wherein the request omits the fragment data; executing a received script to transmit the fragment data to a device.

Abstract: A method of securely implementing functions in a secure software application, including: determining, by a processor, two functions to be implemented by the secure software application; generating a first function lookup table; encrypting the first function lookup table; sorting the first function lookup table by encrypted operand; generating a second function lookup table; encrypting the second function lookup table; sorting the second function lookup table by encrypted operand; generating a flattened lookup table from a combination of the encrypted first and second function lookup tables; permutating the flattened table indices e.g. by use of public key cryptography encryption; and sorting the flattened table by the permutated flattened table indices.

Abstract: A mobile device, including: a wireless communication interface; a memory storing a secure software application; and a processor in communication with the memory, the processor being configured to: transmit an authentication challenge to the SIM card; receive an authentication response from the SIM card; verify the authentication response from the SIM card; and enable the secure software application when the authentication response from the SIM card is verified.

Abstract: An apparatus for restricting execution of software is disclosed. The apparatus includes a telecommunication device configured to communicate with a wireless device (e.g., an RFID device) using a first wireless communication protocol. The telecommunication device is configured to determine whether or not the telecommunication device is located in an authorized wireless environment, based on wireless devices detected by the telecommunication device. The telecommunication device is also configured to execute a program in response to determining that it is located in an authorized wireless environment. Conversely, the telecommunication device is also configured to inhibit execution of the program in response to determining that it is not located in an authorized wireless environment.

Abstract: A method for verifying the integrity of navigation data used to produce random values for a white-box cryptography system including: receiving information from a navigation system; verifying the integrity of the received navigation information; extracting random information from the received navigation information; and performing a white-box cryptography operation using the extracted random information. Also, a method for determining that the random information samples used to produce random values for a white-box cryptography system have sufficient entropy, including: determining a number of random samples to initially collect; collecting the number of random samples from an external random number generator; calculating the entropy of the collected random samples; encrypting or hashing the collected random samples using the white-box cryptography system and a secret key; and performing a white-box cryptography operation using the encrypted collected random samples.

Abstract: Disclosed is a method of generating a structure comprising at least one virtual machine, the method comprising: obfuscating a first virtual machine source code, thereby yielding a first obfuscated virtual machine (OVM) source code; associating a processor identifier with the first OVM source code, thereby yielding a processor-specific first OVM source code; compiling the processor-specific first OVM source code, thereby yielding a processor-specific first OVM. Furthermore, a structure generated by said method is disclosed.

Abstract: An electronic component is provided having a plurality of functionalities. The electronic component comprises a control logic, and a non-volatile storage element. The control logic is coupled to the non-volatile storage element and is adapted for storing values in the non-volatile storage element based on an external input signal to the electronic component, each value being indicative for one or more functionalities of the plurality of functionalities. The control logic is adapted for controlling the availability of the plurality of functionalities based on one or more values stored in the non-volatile storage element and for outputting a confirmation signal being indicative for the availability of the plurality of functionalities.

Abstract: A smartcard communicating simultaneously with a smart phone and a point of sale, thereby allowing the smartcard to act as a bridge between the point of sale and the smart phone. The smart card is typically powered by the point of sale and typically communicates with the smart phone using BLUETOOTH Low Energy (BLE).

Abstract: Pairing is achieved between a host communications device and a peripheral communications device, in order to establish an ad hoc wireless or wired network. A device identification, relating uniquely to the peripheral device, is displayed on the host device. In order to accept the pairing, the user confirms that the device identification displayed on the host device matches that printed on the peripheral device, and then completes the pairing procedure by pressing a key on the peripheral device, or, if Near Field Communication (NFC) techniques are implemented in the devices, by placing the peripheral device in contact with, or sufficiently close to, the host device. Thus, secure pairing is achieved, without requiring a complex user interface on the peripheral device.

Abstract: A reconfigurable digital wallet device such as a smart card containing a secure element and acting as an instantiation of a subset of a virtual wallet stored in the cloud. The digital wallet device is managed and synchronized with the virtual wallet in the cloud using a mobile device such as a smartphone.

Abstract: Aspects of the present disclosure are directed toward a method that includes a physically-unclonable function (PUF) device that receives a communication that includes a first challenge value, a second challenge value and a remote message authenticity value. The method includes the generation of additional challenge-response pairs in a secure manner. The additional challenge-response pairs are securely communicated between the PUF device and an authenticating server or other device for subsequent use in authentication.

Abstract: The present invention relates to a method for watermarking a processing module. The processing module is designed to process an electronic signal and form a processed signal involving steps of applying a first functional operator to cause a significant alteration to the processed signal. The first operator is embedded in the processing module. Additionally, a second functional operator is provided to co-operate with the first operator-so the alteration is essentially cancelled. The second operator-is adapted to act as an extractable identifier serving as a watermark for the processing module. An advantage with the method is the fact that since the first and the second operators are implemented as functional processing blocks, conventional debugging tools cannot be used to attack the processing module.