Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.

Abstract: Described herein is a platform and method for determining a confidence level associated with a transaction that utilizes dynamic data. In some embodiments, the confidence level is determined based on location data received in relation to the transaction. For example, some embodiments are directed to storing first location information collected from a mobile device provided in a request for the dynamic data, receiving second location information related to a transaction conducted using the dynamic data, and comparing the two with respect to the amount of time that has elapsed between collection of each to determine a confidence level associated with a likelihood that the transaction is authentic.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: Embodiments of the invention are directed to systems and methods for maintaining coherency between different entities in a distributed system. A coherency module automatically detects a change in state in a first entity, wherein the change in state relates to a change in functional code in the first entity. A synchronization message is transmitted to a second entity to synchronize data in the second entity with data in the first entity as a result of the change in state, The second entity is configured to synchronize the data in the second entity with the data in the first entity after receiving the synchronization message.

Abstract: Embodiments of the invention are directed to systems and methods for maintaining coherency between different entities in a distributed system. A coherency module automatically detects a change in state in a first entity, wherein the change in state relates to a change in functional code in the first entity. A synchronization message is transmitted to a second entity to synchronize data in the second entity with data in the first entity as a result of the change in state. The second entity is configured to synchronize the data in the second entity with the data in the first entity after receiving the synchronization message.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: A dynamic root of trust can be injected in an application module on a client device using a backend server and can be continuously monitored to ensure authenticity, integrity and confidentiality at load time, run time and update time of the application module. The dynamic root of trust can be updated directly from the backend server and can be used to establish a time bound trust chain for the other software modules loaded and executed as part of the application module.

Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.

Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.

Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.

Abstract: Systems and methods of delivering data from a range of input devices may involve detecting an availability of data from an input device, wherein the input device is associated with a default input path of a mobile platform. An input device driver can be invoked in a security engine in response to the availability of the data if a hardware component in the default input path is in a secure input mode, wherein the security engine it associated with a secure input path of the mobile platform. Additionally, the input device driver may be used to retrieve the data from the input device into the security engine.

Abstract: Techniques for assessing the trustworthiness of a target device that a user device is attempting to communicate with are described. A user device may request one or more trustworthiness attributes of a target device before exchanging data with the target device. The user device may receive the one or more trustworthiness attributes of the target device, and determine, based on the received one or more trustworthiness attributes of the target device, a set of one or more security policies to enforce on a communication channel used for exchanging data between the user device and the target device. A communication channel between the user device and the target device can then be established according to the set of one or more security policies.

Abstract: Methods and systems may include a computing system having a display, a display controller with a decryption module, and a security element with security logic. The security logic can be configured to establish a secure path between the secure element and the display in response to a secure output mode request, wherein the secure path includes the display controller. In addition, the security logic may be configured to prevent the decryption module from being bypassed, and transmit encrypted data from the secure element to the display via the secure path.

Abstract: Systems, devices, and methods used to provide real-time product information for retail products and services are generally disclosed herein. One example embodiment includes a referral application operating on a smartphone, configured to correlate data from multiple sources and provide context-aware recommendations and information relevant to a product or service being evaluated by a consumer in the physical shopping environment (such as a retail store). For example, the data may be obtained from a retailer's product information database, a retailer's competitor information database, an advertiser information database, an Internet-hosted service, a social network, or similar internal or external information sources. The real-time product information may be correlated, aggregated, and displayed to the user to either facilitate the retail purchase in the store, or encourage another online or retail purchase.

Abstract: Embodiments of an invention for repeatable application-specific encryption key derivation are disclosed. In one embodiment, a processor includes a root key, an encryption engine, and execution hardware. The encryption engine is to perform an encryption operation using the root key, wherein the root key is accessible only to the encryption engine. The execution hardware is to execute instructions to deterministically generate an application-specific encryption key using the encryption algorithm.

Abstract: Steganographic techniques are used to embed financial information or authentication information within an image, audio, or video file using a quantization table and/or other filter. The file is then transmitted over an insecure network, such as a GSM cell phone network, and a server extracts the information from the image, audio, or video using the same quantization table and/or filter. Multiple sets of information, such as telephone numbers and/or payment account numbers, are extracted from the same image by those entities possessing the appropriate keys. The filters and tables used to embed financial information can be updated periodically or according to events. A video of images, some with embedded information, some with ‘dummy’ data, can be used to hide information over insecure networks for payment transactions.

Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.

Abstract: Techniques are described for generating high quality entropy in a software only or a hardware assisted software environment, such as a virtualized environment. Embodiments of the invention describe creating an entropy pool within the virtualized environment using multiple sources of entropy. The entropy pool may be used in creating dynamically customizable and high entropy RNG and PUF. The sources of entropy may include trusted sources, untrusted sources and entropy sources with a varied scale of trust and entropy quality associated with them.