Abstract: Techniques for authenticating certificates of authenticity (COAs) are discussed. The techniques provide for a simplified authentication system that is easily utilized in a field setting. In described embodiments, COAs are attached to or otherwise associated with goods to be authenticated. The COAs incorporate random or pseudo-random arrangements of optically sensitive fibers to create unique identifiers. A COA reader device optically scans each COA and characterizes the COA according to its unique arrangement of optical activity. A COA reader device may also scan data (e.g., a barcode) that is associated with the COA. The data contains information about the COA to further strengthen the COA authentication process. Based on the scan, the goods associated with the COAs can be verified as genuine (i.e., not pirated).

Abstract: Techniques are disclosed to enable utilization of randomly-occurring features of a label (whether embedded or naturally inherent) to provide counterfeit-resistant and/or tamper-resistant labels. More specifically, labels including randomly-occurring features are scanned to determine the labels' features. The information from the scan is utilized to provide identifying indicia which uniquely identifies each label and may be later verified against the label features that are present to determine whether the label is genuine. In a described implementation, the identifying indicia may be cryptographically signed.

Abstract: A tamper response mechanism introduces a delayed failure into a program in response to detected tampering with the program. The mechanism determines a manner of responding to the detected tampering. The manner of responding may include corrupting a global pointer or using other techniques. The mechanism also determines when to respond to the tampering and implements the response at the determined time.

Abstract: The claimed subject matter provides systems and/or methods that effectuate a simple protocol for tangible security on mobile devices. The system can include devices that generate sets of keys and associated secret identifiers, employs the one or more keys to encrypt a secret and utilizes the identifiers and encryptions of the secret to populate a table associated with a security token device that is used in conjunction with a mobile device to release sensitive information persisted on the mobile device for user selected purposes.

Abstract: Techniques are disclosed to enable utilization of randomly-occurring features of a label (whether embedded or naturally inherent) to provide counterfeit-resistant and/or tamper-resistant labels. More specifically, labels including randomly-occurring features are scanned to determine the labels' features. The information from the scan is utilized to provide identifying indicia which uniquely identifies each label and may be later verified against the label features that are present to determine whether the label is genuine. In a described implementation, the identifying indicia may be cryptographically signed.

Abstract: Systems and methods for compressing data, particularly for use in manufacturing and verifying certificates of authenticity (COA), are described herein. Data elements obtained from a COA are ordered based on an iterative selection process. First, one or more data ranges are defined. Having defined the ranges, a data element from within each of the ranges is selected. The selected data elements are then encoded. The encoding of each data element is based on a position of that data element within a range from which the data element was selected.

Abstract: The claimed subject matter provides systems and/or methods that effectuates and establishes mobile device security. The system can include devices that detect point of sale mechanisms or secure token devices and based at least in part on the detection of secure token devices the system effectuates release of electronic funds persisted on a mobile device in order to satisfy a debt accrued at the point of sale mechanism.

Abstract: An implementation of a technology, described herein, for facilitating the protection of computer-executable instructions, such as software. At least one implementation, described herein, may generate integrity signatures of one or more program modules—which are sets of computer-executable instructions—based upon a trace of activity during execution of such modules and/or near-replicas of such modules. With at least one implementation, described herein, the execution context of an execution instance of a program module is considered when generating the integrity signatures. With at least one implementation, described herein, a determination may be made about whether a module is unaltered by comparing integrity signatures. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

Abstract: An intrusion-resistant mechanism based on restricted code segments and code individualization is able to thwart significant amounts of known and unknown low-level attacks that inject invalid code, in the form of false data or instructions for execution by a victim application, by varying the locations of code-containing segments within a memory space corresponding to an application.

Abstract: Systems and methods are described that apply a watermark to data, such as data representing an image. In one implementation, the complexity of the image is measured. A quantization step size is calculated, based in part on the measured complexity of the image. A watermark or message is embedded into the image using the quantization step sizes derived for each coefficient of interest. In a further implementation, a mark decoding system is configured to extract the embedded message from the image data.

Abstract: An implementation of a technology, described herein, for facilitating the protection of computer-executable instructions, such as software. At least one implementation, described herein, may generate integrity signatures of one or more program modules—which are sets of computer-executable instructions—based upon a trace of activity during execution of such modules and/or near-replicas of such modules. With at least one implementation, described herein, the execution context of an execution instance of a program module is considered when generating the integrity signatures. With at least one implementation, described herein, a determination may be made about whether a module is unaltered by comparing integrity signatures. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

Abstract: Systems and methods that supply a fair transaction when a user (e.g., buyer) obtains digital content that is ordered from a merchant. A trusted component associated with a device of a user can compute a cryptographic hash value for the digital content (e.g., during a download thereof), wherein such hash value cannot be altered (e.g., tampered) by the user. Accordingly, the subject innovation implements a trusted agent on a user's device, wherein such agent itself can further be downloaded to the user device as part of the transaction.

Abstract: The claimed subject matter provides a system and/or a method that facilitates securing a wireless digital transaction. A terminal component can receive a portion of data related to a payment for at least one of a good or a service. A mobile device can include at least one mobile payment card (m-card), wherein the m-card is created by establishing a link to an account associated with a form of currency. The mobile device can employ public-key cryptography (PKC) to securely and wirelessly transmit a payment to the terminal component utilizing the m-card and linked account.

Abstract: Techniques are disclosed to enable utilization of randomly-occurring features of a label (whether embedded or naturally inherent) to provide counterfeit-resistant and/or tamper-resistant labels. More specifically, labels including randomly-occurring features are scanned to determine the labels' features. The information from the scan is utilized to provide identifying indicia which uniquely identifies each label and may be later verified against the label features that are present to determine whether the label is genuine. In a described implementation, the identifying indicia may be cryptographically signed.

Abstract: Techniques for authenticating certificates of authenticity (COAs) are discussed. The techniques provide for a simplified authentication system that is easily utilized in a field setting. In described embodiments, COAs are attached to or otherwise associated with goods to be authenticated. The COAs incorporate random or pseudo-random arrangements of optically sensitive fibers to create unique identifiers. A COA reader device optically scans each COA and characterizes the COA according to its unique arrangement of optical activity. A COA reader device may also scan data (e.g., a barcode) that is associated with the COA. The data contains information about the COA to further strengthen the COA authentication process. Based on the scan, the goods associated with the COAs can be verified as genuine (i.e., not pirated).

Abstract: An implementation of a technology, described herein, for facilitating the protection computer-executable instructions, such as software. At least one implementation, described herein, may generate integrity signatures of multiple sets of computer-executable instructions based upon the output trace and/or an execution trace of such sets. With at least one implementation, described herein, a determination may be made about whether two or more of such sets are unaltered duplicates by comparing integrity signatures of such sets. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

Abstract: A network-based data protection scheme for a mobile device utilizes encryption techniques and a remote key server that stores encryption keys on behalf of the mobile device. The mobile device stores encrypted data, preferably having no unencrypted counterpart stored therewith. On an as-needed basis, the mobile device requests a decryption key (or an encrypted version of a decryption key) from the key server, where the decryption key can be used by the mobile device to decrypt the encrypted information. The key server transmits the decryption key to the mobile device after authenticating the user of the mobile device.

Abstract: A tamper response mechanism introduces a delayed failure into a program in response to detected tampering with the program. The mechanism determines a manner of responding to the detected tampering. The manner of responding may include corrupting a global pointer or using other techniques. The mechanism also determines when to respond to the tampering and implements the response at the determined time.

Abstract: A method, apparatus, and article of manufacture for providing secure and opaque type libraries to automatically provide secure variables within a programming module. A system for providing secure and opaque type libraries to automatically provide secure variables within a programming module. The system includes an OTL selection module, an OTL substitution module, an OTL type library database, a compiler module; and a linker module to create an executable processing module. The OTL selection module randomly selects or generates one of the possible variable obfuscation functions for each declared secure variable. The OTL substitution module substitutes the separate instance of the selected variable obfuscation function for every reference to the declared secure variable. The OTL type library database receives queries from the OTL selection module a database to identify of possible variable obfuscation functions applicable for the variable type corresponding to the declared secure variables.

Abstract: A plurality of access units may be established with varying levels of privilege and access rights, such that the user may perform tasks carrying with them a high risk of viral infection in an access unit with a low level of privilege and access rights. When an authenticated user desires to perform tasks requiring a higher level of privilege and access rights, the user may switch to an access unit having a higher privilege and access rights level by instigating a physical action. The physical action may include selecting a button (included in either a UI or on a peripheral device), or inputting biometric data to switch among running access units. A signal instigated by the physical action is transmitted along a trusted path between the isolation kernel and where the physical action was instigated.