Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.

Abstract: Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.

Abstract: Embodiments of systems and methods disclosed herein may isolate the working set of a process such that the data of the working set is inaccessible to other processes, even after the original process terminates. More specifically, in certain embodiments, the working set of an executing process may be stored in cache and for any of those cache lines that are written to while in secure mode those cache lines may be associated with a secure descriptor for the currently executing process. The secure descriptor may uniquely specify those cache lines as belonging to the executing secure process such that access to those cache lines can be restricted to only that process.

Abstract: Embodiments of systems and methods disclosed herein provide simple and effective methods for secure processes to share selected data with other processes and other memory locations, either secure or not, in a safe and secure manner. More specifically, in certain embodiments, systems and methods are disclosed that enable a secure data cache system to use one or more virtual machines to securely generate encryption keys based on information from multiple independent sources. In some embodiments, systems and methods are disclosed that provide protection from replay attacks by selectively changing the generated encryption keys.

Abstract: Embodiments of systems and methods disclosed herein may isolate the working set of a process such that the data of the working set is inaccessible to other processes, even after the original process terminates. More specifically, in certain embodiments, the working set of an executing process may be stored in cache and for any of those cache lines that are written to while in secure mode those cache lines may be associated with a secure descriptor for the currently executing process. The secure descriptor may uniquely specify those cache lines as belonging to the executing secure process such that access to those cache lines can be restricted to only that process.

Abstract: Embodiments as described herein provide systems and methods for sharing secrets between a device and another entity. The shared secret may be generated on the device as a derivative of a secret value contained on the device itself in a manner that will not expose the secret key on the device and may be sent to the entity. The shared secret may also be stored on the device such that it can be used in future secure operations on the device. In this manner, a device may be registered with an external service such that a variety of functionality may be securely accomplished, including, for example, the generation of authorization codes for the device by the external service based on the shared secret or the symmetric encryption of data between the external service and the device using the shared secret.

Abstract: Embodiments of systems and methods disclosed herein include a distributed device activation mechanism involving a group of external entities without using asymmetric cryptography. Systems and methods include techniques for deriving a device secret using a hardware secret and authenticated unique input data provided to the device by one or more external entities. A hardware hash function uses the hardware secret as a key and the authenticated unique input data as input data to output the derived device secret. The derived device secret is written to a security register of the device to enter a new security layer.

Abstract: Embodiments of systems and methods disclosed herein relate execution of related secure code blocks on a processor. Systems and methods include techniques by which impose a “secure code entry-point” condition for the individual code blocks to stop return oriented programming (ROP) attacks. Systems and methods include techniques for creating overall AuthCodes for a function chain based on the AuthCodes of the functions in the chain, rather than on the code itself, greatly increasing performance and security.

Abstract: Embodiments of systems and methods disclosed herein include renewable secure boot systems for renewing and booting a target device. Systems and methods include techniques by which a secure boot may be implemented in a renewable fashion on a reprogrammable device. More specifically, in certain embodiments, systems and methods are described where target devices securely receive an encrypted boot image and one or more authorization codes from a third party. The one or more authorization codes are derivatives of a target device hardware secret, allowing the authorization codes to be changed at will, thus increasing flexibility and security of the system.

Abstract: Embodiments of systems and methods disclosed herein provide a simple and effective method for authentication and key exchange that is secure from man-in-the-middle attacks and is characterized by perfect forward secrecy. More specifically, in certain embodiments, the systems and methods are disclosed that enable secure communications between a local device and a remote device(s) via a protocol that uses a Central Licensing Authority that shares derived secrets with the endpoints, without sharing the secrets themselves. The derived secrets may be comprised of public information, taking the form of nonces, in order to protect the system against replay-style attacks. Each endpoint can generate its own nonce with sufficient entropy such that neither endpoint is dependent on the trustworthiness of the other.

Abstract: Embodiments of systems and methods disclosed herein provide simple and effective methods for secure processes to share selected data with other processes, either secure or not, in a safe and secure manner. More specifically, in certain embodiments, systems and methods are disclosed that enable a secure data cache system to write certain data to main memory unencrypted. In other embodiments, systems and methods are disclosed that enable a secure data cache system to write encrypted data from one secure process to main memory, and to enable the decryption of the data by another secure process. In other embodiments, the ownership of data lines in a secure data cache is selectively changed from one process to another, effectively allowing different secure processes to share data.

Abstract: Systems and methods in which multiple key servers operate cooperatively to securely provide authorization codes to requesting devices. In one embodiment, a server cloud receives a device authorization code request and selects an “A server”. The “A server” requests authorization from one or more “B servers” and authorizes the “B servers” to respond. The “B servers” provide authorization to the “A server”, and may provide threshold key inputs to enable decryption of device authorization codes. The “A server” cannot provide the requested device authorization code without authorization from the “B server(s)”, and the “B server(s)” cannot provide the requested server authorization code and threshold inputs without a valid request from the “A server”. After the “A server” receives authorization from the “B server(s)”, it can provide the initially requested device authorization code to the requesting device.

Abstract: In various embodiments, a system may include a first conferencing system with a first speaker and a second speaker. The first conferencing system may be coupled to a second conferencing system and a third conferencing system. In some embodiments, audio from the second conferencing system may be reproduced through the first speaker, and audio from the third conferencing system may be reproduced through the second speaker. In some embodiments, audio from various participants at various conferencing systems may be reproduced on audio system components relative to the location of participants at the conferencing system. For example, audio from a first participant on the left side of a camera at a second conferencing system may be reproduced through left side speakers at the first conferencing system.

Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.

Abstract: Embodiments of systems and methods disclosed herein may isolate the working set of a process such that the data of the working set is inaccessible to other processes, even after the original process terminates. More specifically, in certain embodiments, the working set of an executing process may be stored in cache and for any of those cache lines that are written to while in secure mode those cache lines may be associated with a secure descriptor for the currently executing process. The secure descriptor may uniquely specify those cache lines as belonging to the executing secure process such that access to those cache lines can be restricted to only that process.

Abstract: Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.

Abstract: Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.

Abstract: In various embodiments, a system may include a first conferencing system with a first speaker and a second speaker. The first conferencing system may be coupled to a second conferencing system and a third conferencing system. In some embodiments, audio from the second conferencing system may be reproduced through the first speaker, and audio from the third conferencing system may be reproduced through the second speaker. In some embodiments, audio from various participants at various conferencing systems may be reproduced on audio system components relative to the location of participants at the conferencing system. For example, audio from a first participant on the left side of a camera at a second conferencing system may be reproduced through left side speakers at the first conferencing system.

Abstract: In various embodiments, a system may include a first conferencing system with a first speaker and a second speaker. The first conferencing system may be coupled to a second conferencing system and a third conferencing system. In some embodiments, audio from the second conferencing system may be reproduced through the first speaker, and audio from the third conferencing system may be reproduced through the second speaker. In some embodiments, audio from various participants at various conferencing systems may be reproduced on audio system components relative to the location of participants at the conferencing system. For example, audio from a first participant on the left side of a camera at a second conferencing system may be reproduced through left side speakers at the first conferencing system.

Abstract: In various embodiments, a system may include a first conferencing system with a first speaker and a second speaker. The first conferencing system may be coupled to a second conferencing system and a third conferencing system. In some embodiments, audio from the second conferencing system may be reproduced through the first speaker, and audio from the third conferencing system may be reproduced through the second speaker. In some embodiments, audio from various participants at various conferencing systems may be reproduced on audio system components relative to the location of participants at the conferencing system. For example, audio from a first participant on the left side of a camera at a second conferencing system may be reproduced through left side speakers at the first conferencing system.