Abstract: A method of identifying invalid participants in a synchronization group. The method generates a device synchronization group identifier (DSGI) for a first device from a device-specific key of the first device. The method joins the first device in the synchronization group by using the DSGI of the first device. Prior to the joining of the first device, the synchronization group stores a set of DSGIs of a set of devices that have joined the synchronization group. The method determines that a particular DSGI stored in the synchronization group is the same as the DSGI of the first device. The method identifies the particular DSGI stored in the synchronization group as a DSGI of an invalid participant of the synchronization group.

Abstract: A device may include a secure processor and a secure memory coupled to the secure processor. The secure memory may be inaccessible to other device systems. The secure processor may store some keys and/or entropy values in the secure memory and other keys and/or entropy values outside the secure memory. The keys and/or entropy values stored outside the secure memory may be encrypted using information stored inside the secure memory.

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

Abstract: The system described may implement a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations of the system may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES. Accordingly, the system provides an efficient mechanism for implementing differential privacy.

Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

Abstract: Some embodiments provide a method for providing public keys for encrypting data. The method receives (i) a first request from a first source for a public key associated with a particular user and (ii) a second request from a second source for the public key associated with the particular user. In response to the first request, the method distributes a first public key for the particular user to the first source. In response to the second request, the method distributes a second, different public key for the particular user to the second source. Data encrypted with the first public key and data encrypted with the second public key are decrypted by a device of the particular user with a same private key.

Abstract: Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

Abstract: Some embodiments provide a method for providing public keys for encrypting data. The method receives (i) a first request from a first source for a public key associated with a particular user and (ii) a second request from a second source for the public key associated with the particular user. In response to the first request, the method distributes a first public key for the particular user to the first source. In response to the second request, the method distributes a second, different public key for the particular user to the second source. Data encrypted with the first public key and data encrypted with the second public key are decrypted by a device of the particular user with a same private key.

Abstract: A user equipment (UE) may camp on a network following a SIM bootup. Specifically, the UE may determine that a SIM implementation module of the UE includes a first SIM application (e.g., USIM) associated with a first cellular radio access technology (RAT) (e.g., LTE) and a second SIM application (e.g., CSIM) associated with a second cellular RAT (e.g., CDMA). The UE may then initialize the first SIM application and the second SIM application. The UE may determine whether the network is configured to support both voice and data communications using the first cellular RAT. If so, the UE may initiate camping on the network with the first cellular RAT in response to determining that the first SIM application is ready, but before the second SIM application is ready. If not, the UE may wait until both the first and second SIM applications are ready before initiating camping on the network.

Abstract: In order to simplify and reduce the cost of an electronic device, the size of a first non-volatile memory associated with an integrated circuit is significantly reduced. Instead of using the first non-volatile memory, a second non-volatile memory associated with a processor in the electronic device is used to store an embedded operating system of the integrated circuit, as well as associated data and a configuration of the integrated circuit. To reduce the security risks associated with using this remote second non-volatile memory, the first non-volatile memory may store authorization information and anti-replay information. During a secure boot of the integrated circuit, the authorization information is used to verify that the embedded operating system, the data and the configuration are authorized. In addition, the anti-replay information is used to determine that the embedded operating system, the data and the configuration are different than previously received versions of these items.

Abstract: Some embodiments provide a method for a first device for joining a group of related devices. The method receives input of a password for authorization with a centralized entity. The method receives input of a code generated by a second device already established in the group of related devices. The method uses the password and the code to (i) join the group of related devices in order to synchronize user data with the devices in the group of related devices and (ii) authorize the first device with the centralized entity as a valid device for a particular account with the centralized entity.

Abstract: Some embodiments provide a method for a first device to join a group of related devices. The method receives input of a password for an account with a centralized entity and a code generated by a second device in the group. When the second device determines that the code input on the first device matches the generated code, the method receives an authentication code from the second device for authorizing the first device with the entity as a valid device for the account. The method uses the password and information regarding the first device to generate an application to the group. After sending the application to the second device, the method receives information from the second device that enables the first device to add itself to the group. The second device verifies the generated application, and the method uses the information received from the second device to join the group.

Abstract: This disclosure relates to caching SIM files at a baseband processor to reduce cellular bootup time. According to one embodiment, a wireless device may read SIM files from a SIM and store a local copy of each file in a cache of the baseband processor of the wireless device. SIM identification information for the SIM from which the cached files were read may be associated with the cache. Indicator information usable for comparing file versions may also be generated and stored in the cache for each file. Upon a subsequent SIM initialization, the wireless device may read SIM files from the cache instead of from the initialized SIM if the cached version is identical to the SIM version, which may be determined based at least in part on the SIM identification information and the indicator information for such files.

Abstract: A user equipment (UE) may camp on a network following a SIM bootup. Specifically, the UE may determine that a SIM implementation module of the UE includes a first SIM application (e.g., USIM) associated with a first cellular radio access technology (RAT) (e.g., LTE) and a second SIM application (e.g., CSIM) associated with a second cellular RAT (e.g., CDMA). The UE may then initialize the first SIM application and the second SIM application. The UE may determine whether the network is configured to support both voice and data communications using the first cellular RAT. If so, the UE may initiate camping on the network with the first cellular RAT in response to determining that the first SIM application is ready, but before the second SIM application is ready. If not, the UE may wait until both the first and second SIM applications are ready before initiating camping on the network.

Abstract: A method of identifying invalid participants in a synchronization group. The method generates a device synchronization group identifier (DSGI) for a first device from a device-specific key of the first device. The method joins the first device in the synchronization group by using the DSGI of the first device. Prior to the joining of the first device, the synchronization group stores a set of DSGIs of a set of devices that have joined the synchronization group. The method determines that a particular DSGI stored in the synchronization group is the same as the DSGI of the first device. The method identifies the particular DSGI stored in the synchronization group as a DSGI of an invalid participant of the synchronization group.

Abstract: In order to simplify and reduce the cost of an electronic device, the size of a first non-volatile memory associated with an integrated circuit is significantly reduced. Instead of using the first non-volatile memory, a second non-volatile memory associated with a processor in the electronic device is used to store an embedded operating system of the integrated circuit, as well as associated data and a configuration of the integrated circuit. To reduce the security risks associated with using this remote second non-volatile memory, the first non-volatile memory may store authorization information and anti-replay information. During a secure boot of the integrated circuit, the authorization information is used to verify that the embedded operating system, the data and the configuration are authorized. In addition, the anti-replay information is used to determine that the embedded operating system, the data and the configuration are different than previously received versions of these items.

Abstract: This disclosure relates to caching SIM files at a baseband processor to reduce cellular bootup time. According to one embodiment, a wireless device may read SIM files from a SIM and store a local copy of each file in a cache of the baseband processor of the wireless device. SIM identification information for the SIM from which the cached files were read may be associated with the cache. Indicator information usable for comparing file versions may also be generated and stored in the cache for each file. Upon a subsequent SIM initialization, the wireless device may read SIM files from the cache instead of from the initialized SIM if the cached version is identical to the SIM version, which may be determined based at least in part on the SIM identification information and the indicator information for such files.