Tamper Resistant Patents (Class 713/194)
  • Publication number: 20130073598
    Abstract: An entropy source and a random number (RN) generator are disclosed. In one aspect, a low-energy entropy source includes a magneto-resistive (MR) element and a sensing circuit. The MR element is applied a static current and has a variable resistance determined based on magnetization of the MR element. The sensing circuit senses the resistance of the MR element and provides random values based on the sensed resistance of the MR element. In another aspect, a RN generator includes an entropy source and a post-processing module. The entropy source includes at least one MR element and provides first random values based on the at least one MR element. The post-processing module receives and processes the first random values (e.g., based on a cryptographic hash function, an error detection code, a stream cipher algorithm, etc.) and provides second random values having improved randomness characteristics.
    Type: Application
    Filed: February 6, 2012
    Publication date: March 21, 2013
    Applicant: QUALCOMM Incorporated
    Inventors: David M. Jacobson, Xiaochun Zhu, Wenqing Wu, Kendrick Hoy Leong Yuen, Seung H. Kang
  • Patent number: 8402544
    Abstract: Incremental scanning of files for malicious codes. A file may be scanned for malicious codes in a first scanning instance in a client computer using a pattern of malicious code signatures. Thereafter, an update to the pattern for generating an updated pattern is received in the client computer. A delta pattern may be generated based on a difference between the pattern and the updated pattern. In a second scanning instance, the file may be rescanned using the delta pattern.
    Type: Grant
    Filed: December 22, 2008
    Date of Patent: March 19, 2013
    Assignee: Trend Micro Incorporated
    Inventors: Viswa Soubramanien, Shaohong Wei
  • Patent number: 8402287
    Abstract: The invention relates to a cryptographic mechanism and to a cryptographic device incorporating such cryptographic mechanism. The cryptographic mechanism offers a better resistance to side channel attacks than that of known cryptographic mechanisms by incorporating a new type of masking mechanism.
    Type: Grant
    Filed: March 23, 2007
    Date of Patent: March 19, 2013
    Assignee: Gemalto SA
    Inventors: David Vigilant, Guillaume Fumaroli
  • Patent number: 8401180
    Abstract: According to an aspect of the present invention, there is provided a non-linear data converter including: first to fourth converters that each performs a respective converting process on an input bit string to output respective output bit string; a generator that generates a random number bit string; and a selector that selects any one of the output bit strings from the first to fourth converters based on the random number bit string. Each of the converting processes is equivalent to performing a first mask process, a non-linear conversion predetermined for an encoding or a decoding and a second mask process.
    Type: Grant
    Filed: March 21, 2008
    Date of Patent: March 19, 2013
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yuichi Komano, Hideo Shimizu, Koichi Fujisaki, Hideyuki Miyake, Atsushi Shimbo
  • Patent number: 8396216
    Abstract: Systems and method for partial encryption are disclosed. One example method comprises: creating a program association table to include a first program number which identifies a program encrypted in accordance with a first encryption scheme, and a second program number which identifies the same program encrypted in accordance with a second encryption scheme; and creating a program map table for the same program to include first audio and video identifiers associated with the first encryption scheme and second audio and video identifiers associated with the second encryption scheme.
    Type: Grant
    Filed: January 13, 2009
    Date of Patent: March 12, 2013
    Inventors: Howard G. Pinder, Jonathan Bradford Evans, Anthony J. Wasilewski, William D. Woodward, Jr.
  • Patent number: 8397083
    Abstract: A system and method efficiently deletes a file from secure storage, i.e., a cryptainer, served by a storage system. The cryptainer is configured to store a plurality of files, each of which stores an associated file key within a special metadata portion of the file. Notably, special metadata is created by a security appliance coupled to the storage system and attached to each file to thereby create two portions of the file: the special metadata portion and the main, “file data” portion. The security appliance then stores the file key within the specially-created metadata portion of the file. A cryptainer key is associated with the cryptainer. Each file key is used to encrypt the file data portion within its associated file and the cryptainer key is used to encrypt the part of the special metadata portion of each file. To delete the file from the cryptainer, the file key of the file is deleted and the special metadata portions of all other files stored in the cryptainer are re-keyed using a new cryptainer key.
    Type: Grant
    Filed: August 23, 2006
    Date of Patent: March 12, 2013
    Assignee: NetApp, Inc.
    Inventors: Robert Jan Sussland, Lawrence Wen-Hao Chang, Ananthan Subramanian
  • Patent number: 8397078
    Abstract: Unlike the technology for a program downloaded through conventional broadcast waves, in the case of downloading a program via a network, there is a possibility that such program will be activated without noticing that the program is tampered with. For this reason, when a program is downloaded via a network, a file hierarchy for the program located on a server is constructed in a local area of a terminal. Subsequently, the authentication of the program is performed with respect to the file hierarchy constructed in the local area, and the credibility of the program is guaranteed.
    Type: Grant
    Filed: August 24, 2011
    Date of Patent: March 12, 2013
    Assignee: Panasonic Corporation
    Inventors: Tadao Kusudo, Yoshio Kawakami
  • Patent number: 8391477
    Abstract: A randomly selected point on an elliptic curve is set as the initial value of a variable and calculation including a random point value is performed in an algorithm for calculating arbitrary scalar multiple operation on an elliptic curve when scalar multiplication and addition on an elliptic curve are defined, then a calculation value obtained as a result of including a random point is subtracted from the calculation result, whereby an intended scalar multiple operation value on an elliptic curve is determined.
    Type: Grant
    Filed: July 24, 2007
    Date of Patent: March 5, 2013
    Assignee: Fujitsu Limited
    Inventors: Tetsuya Izu, Kouichi Itoh, Masahiko Takenaka
  • Patent number: 8393003
    Abstract: A computer-implemented method of tamper-protecting computer program code. The method comprises: obtaining an input representation of the computer program code; identifying a conditional program statement for causing a data processing system to selectively execute one of at least a first and a second sets of program statements when said computer program is executed by a data processing system; replacing said identified conditional program statement and the first and second sets of program statements with a set of transformed program statements to obtain obfuscated program code, wherein the set of transformed program statements is adapted to cause the data processing system to execute at least a part of each of the transformed program statements when said computer program is executed by the data processing system.
    Type: Grant
    Filed: November 20, 2007
    Date of Patent: March 5, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Johan Eker, Björn Johansson, Carl Von Platen
  • Patent number: 8392717
    Abstract: An authentication method is disclosed herein. The method includes: by a server, using a Trigger message nonce to generate a Trigger message, and sending the generated Trigger message to a client so that the client can extract the Trigger message nonce; after determining that the Trigger message nonce is valid, using the Trigger message nonce to generate a digest, and authenticating the Trigger message generated by using the Trigger message nonce; after the authentication succeeds, sending a session request to the server indicated by the Trigger message, where the session request carries a session ID. The corresponding system, server and client are disclosed herein. The present invention makes the authentication process more secure through the client and the server based on the DS or DM protocol.
    Type: Grant
    Filed: May 7, 2010
    Date of Patent: March 5, 2013
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Xiaoqian Chai, Hongtao Gao, Kepeng Li, Linyi Tian
  • Patent number: 8391480
    Abstract: Apparatus and method are disclosed for digital authentication and verification. In one embodiment, authentication involves storing a cryptographic key and a look up table (LUT), generating an access code using the cryptographic key; generating multiple parallel BPSK symbols based upon the access code; converting the BPSK symbols into multiple tones encoded with the access code using the LUT; and outputting the multiple tones encoded with the access code for authentication. In another embodiment, verification involves receiving multiple tones encoded with an access code; generating multiple parallel BPSK symbols from the multiple tones; converting the BPSK symbols into an encoded interleaved bit stream of the access code; de-interleaving the encoded interleaved bit stream; and recovering the access code from the encoded de-interleaved bit stream.
    Type: Grant
    Filed: February 3, 2009
    Date of Patent: March 5, 2013
    Assignee: QUALCOMM Incorporated
    Inventors: Jack Steenstra, Alexander Gantman, John W. Noerenberg, II, Ahmad Jalali, Gregory Rose
  • Patent number: 8386763
    Abstract: A system and method is disclosed for locking down a capability of a computer system. Hardware instructions initiate a sequence of boot cycles to launch a computer operating system on a computer-enabled device. During the boot cycles, multiple levels of boot code are verified. Each verified stage of boot code verifies a subsequent stage of boot code. If the subsequent stage of boot code cannot be verified, the verified stage locks a capability of the computer so that the subsequent stage of boot code cannot modify the capability.
    Type: Grant
    Filed: January 4, 2012
    Date of Patent: February 26, 2013
    Assignee: Google Inc.
    Inventors: Randall R. Spangler, William F. Richardson, Sumit Gwalani, Luigi Semenzato, William A. Drewry
  • Patent number: 8387022
    Abstract: Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program's local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program's operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program's source code, object code, or executable image.
    Type: Grant
    Filed: August 11, 2010
    Date of Patent: February 26, 2013
    Assignee: Intertrust Technologies Corp.
    Inventors: James J. Horning, W. Olin Sibert, Robert E. Tarjan, Umesh Maheshwari, William G. Home, Andrew K. Wright, Lesley R. Matheson, Susan S. Owicki
  • Patent number: 8387147
    Abstract: A method and system for detecting and removing a hidden pestware file is described. One illustrative embodiment detects, using direct drive access, a file on a computer storage device; determines whether the file is also detectable by the operating system by attempting to access the file using a standard file Application-Program-Interface (API) function call of the operating system; identifies the file as a potential hidden pestware file, when the file is undetectable by the operating system; confirms through an automated pestware-signature scan of the potential hidden pestware file that the potential hidden pestware file is a hidden pestware file; and removes automatically, using direct drive access, the hidden pestware file from the storage device.
    Type: Grant
    Filed: July 18, 2011
    Date of Patent: February 26, 2013
    Assignee: Webroot Inc.
    Inventor: Patrick Sprowls
  • Patent number: 8384414
    Abstract: A method and circuits for implementing a hacking detection and block function at indeterminate times, and a design structure on which the subject circuit resides are provided. A circuit includes an antenna wrapped around a dynamic bus inside circuitry to be protected. The antenna together with the dynamic bus node is designed so an average bus access activates a field effect transistor (FET) that is connected to a capacitor. The FET drains the capacitor in a specified number of activations by the antenna. The capacitor has a leakage path to a voltage supply rail VDD that charges the capacitor back high after a time, such as ten to one hundred cycles, of the dynamic bus being quiet. The capacitor provides a hacking detect signal for temporarily blocking operation of the circuitry to be protected responsive to determining that the dynamic bus is more active than functionally expected.
    Type: Grant
    Filed: February 22, 2011
    Date of Patent: February 26, 2013
    Assignee: International Business Machines Corporation
    Inventors: Karl R. Erickson, Phil C. Paone, David P. Paulsen, John E. Sheets, II, Gregory J. Uhlmann, Kelly L. Williams
  • Patent number: 8385551
    Abstract: A system and method for managing trusted platform module (TPM) keys utilized in a cluster of computing nodes. A cluster-level management unit communicates with a local TPM agent in each node in the cluster. The cluster-level management unit has access to a database of protection groups, wherein each protection group comprises one active node which creates a TPM key and at least one standby node which stores a backup copy of the TPM key for the active node. The local TPM agent in the active node automatically initiates a migration process for automatically migrating the backup copy of the TPM key to the at least one standby node. The system maintains coherency of the TPM keys by also deleting the backup copy of the TPM key in the standby node when the key is deleted by the active node.
    Type: Grant
    Filed: December 22, 2006
    Date of Patent: February 26, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Makan Pourzandi, András Méhes
  • Patent number: 8381271
    Abstract: A method and system for providing remote user access to secure financial applications by deployment of SSO software (126) to client workstations (120), including receiving a password for collaborating access to a secure server (110); navigating to the secure server (110) using a web browser (124) on a remote workstation (120); providing user authorization details and the received password to the secure server (120); generating a subsequent password at the secure server (110) upon validation of the user authorization details and received password; downloading an SSO deployment file (122) to the remote workstation (120), said deployment file (122) including the subsequent password; executing the SSO deployment file (122) to install an SSO client application (126) on the remote workstation; reading workstation settings and user credentials from a secure file or data store; and running the SSO client application (126) on the workstation to employ the user credentials and subsequent password to logon to the secure
    Type: Grant
    Filed: September 19, 2006
    Date of Patent: February 19, 2013
    Assignee: Actividentity (Australia) Pty, Ltd.
    Inventors: Timothy Dingwall, Matthew Herscovitch, Jason Hart, John F. Clark, John Boyer
  • Patent number: 8375227
    Abstract: Providing for a paradigm shift in block-level abstraction for storage devices is described herein. At a block-level, storage is characterized as a variable size data record, rather than a fixed size sector. In some aspects, the variable size data record can comprise a variable binary key-data pair, for addressing and identifying a variable size block of data, and for dynamically specifying the size of such block in terms of data storage. By changing the key or data values, the location, identity or size of block-level storage can be modified. Data records can be passed to and from the storage device to facilitate operational commands over ranges of such records. Block-level data compression, space management and transactional operations are provided, mitigating a need of higher level systems to characterize underlying data storage for implementation of such operations.
    Type: Grant
    Filed: February 2, 2009
    Date of Patent: February 12, 2013
    Assignee: Microsoft Corporation
    Inventors: Soner Terek, Vladimir Sadovsky, Surendra Verma, Avi R. Geiger
  • Patent number: 8375441
    Abstract: Embodiments of the invention provide a portable consumer device configured to store dynamic authentication data in memory. The portable consumer device also includes an interface for transmitting data to and receiving power from an external device. The dynamic authentication data is read from the memory by a read-write device located on the portable consumer device. The authentication data is updated and the updated data may be written into memory using the read-write device. In some embodiments, an authentication value read from the memory may be used to generate another authentication value based on an algorithm. The portable consumer device is further configured to transmit authentication data to an external device. The process of reading, updating, generating, transmitting, and rewriting the authentication data may occur each time external power is provided to the portable consumer device via the interface.
    Type: Grant
    Filed: September 1, 2010
    Date of Patent: February 12, 2013
    Assignee: Visa U.S.A. Inc.
    Inventors: Ayman Hammad, Patrick Faith
  • Patent number: 8375226
    Abstract: A system and method for providing a firewall system that prevents a computer from being accessed by an unauthorized user via a computer network. The system includes a switch assembly that connects and disconnects the computer from a computer network. The switch assembly is controlled by the types of data transmissions generated by the computer. If the computer generates a data transmission addressed to the computer network, the switch assembly automatically interconnects the computer to the computer network. If the data transmission generated by the computer includes a data request from some point on the computer network, the interconnection with the computer network is held open until the requested data is received. Once the requested data is received, the switch assembly disconnects the computer from the computer network.
    Type: Grant
    Filed: September 18, 2007
    Date of Patent: February 12, 2013
    Inventor: Raymond Brandl
  • Patent number: 8375216
    Abstract: Determination is executed as to whether an electronic document has been edited after addition of a second signature added after addition of a first signature. When it is determined that editing is made after the addition of the second signature, a verification result of the electronic document is output without determining whether editing is made after the addition of the first signature. If it is determined that editing is not made after the addition of the second signature, determination is executed as to whether editing is made after the addition of the first signature and the verification result of the electronic document is output based on an obtained determination result.
    Type: Grant
    Filed: August 9, 2007
    Date of Patent: February 12, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventor: Takafumi Mizuno
  • Publication number: 20130036314
    Abstract: Embodiments of memory devices, computer systems, security apparatus, data handling systems, and the like, and associated methods facilitate security in a system incorporating the concept of a security perimeter which combines cryptographic and physical security. The memory device can comprise a memory operable to store information communicated with a processor, and a logic operable to create at least one cryptographic security perimeter enclosing at least one selected region of the memory and operable to manage information communication between the processor and the at least one selected region of the memory.
    Type: Application
    Filed: August 4, 2011
    Publication date: February 7, 2013
    Inventors: Andrew F. Glew, Daniel A. Gerrity, Clarence T. Tegreene
  • Patent number: 8370641
    Abstract: An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The microprocessor has secure execution mode initialization logic and an authorized public key. The secure execution mode initialization logic provides for initialization of a secure execution mode within the microprocessor. The secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter directing entry into the secure execution mode. The authorized public key is used to decrypt the enable parameter, the enable parameter having been encrypted according to the asymmetric key algorithm using an authorized private key that corresponds to the authorized public key.
    Type: Grant
    Filed: October 31, 2008
    Date of Patent: February 5, 2013
    Assignee: VIA Technologies, Inc.
    Inventors: G. Glenn Henry, Terry Parks
  • Patent number: 8369528
    Abstract: A method and apparatus for providing an encrypted key based on a DRM type of a host device are provided. The method includes receiving available DRM type information of a host device, making a request for generation of a key object based on the received available DRM type information, and transmitting the generated key object to the host device.
    Type: Grant
    Filed: May 23, 2008
    Date of Patent: February 5, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Ki-Won Kwak, Chang-Nam Chu, Chun-Un Kang, Min-Woo Ko, Min-Woo Jung, Jeong-Su Yun
  • Patent number: 8369522
    Abstract: A common-key blockcipher processing structure that makes analysis of key more difficult and enhances security and implementation efficiency is realized. In a key scheduling part in an encryption processing apparatus that performs common-key blockcipher processing, a secret key is input to an encryption function including a round function employed in an encryption processing part to generate an intermediate key, and the result of performing bijective transformation based on the intermediate key, the secret key, and the like and the result of performing an exclusive-OR operation on the bijective-transformed data are applied to round keys. With this structure, generation of round keys based on the intermediate key generated using the encryption function whose security has been ensured is performed, thereby making it possible to make analysis of the keys more difficult. The structure of the key scheduling part can be simplified, thereby making it possible to improve the implementation efficiency.
    Type: Grant
    Filed: August 29, 2007
    Date of Patent: February 5, 2013
    Assignee: Sony Corpoation
    Inventors: Taizo Shirai, Kyoji Shibutani, Toru Akishita, Shiho Moriai
  • Patent number: 8364808
    Abstract: A device management system for managing a device based on management information is presented. The system includes a device monitoring unit for obtaining management information from a device, a relay server coupled to the device monitoring unit over a network, and a management server, coupled to the relay server over a network, configured to manage the device based on the management information. The device monitoring unit obtains the management information from the device and transmits the obtained management information without encryption. Upon receiving the management information, the relay server encrypts and transmits to the management server the received management information.
    Type: Grant
    Filed: September 28, 2006
    Date of Patent: January 29, 2013
    Assignee: Seiko Epson Corporation
    Inventor: Toshihiro Shima
  • Patent number: 8364950
    Abstract: An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using messaging protocols for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the individual device messaging protocols over a network.
    Type: Grant
    Filed: July 18, 2012
    Date of Patent: January 29, 2013
    Assignee: DJ Inventions, LLC
    Inventor: Douglas C. Osburn, III
  • Patent number: 8363837
    Abstract: In a preferred embodiment a method of operating an intelligent disk drive is described which includes compression and/or encryption capability at the file level. The intelligent disk drive includes means for executing distributed computing tasks including a CPU and associated memory. The communication interface with the host computer or other device on the communication bus is modified to allow the device to send executable code for a task to the drive and to allow the drive to communicate the results and status information about the task to the host device. In a preferred embodiment the disk drive has a task control program, task program code, task data and status information for the distributed task. The task control program implements the basic task management functions of storing the task program, reporting results and saving progress information to allow the task to be interrupted by other drive functions.
    Type: Grant
    Filed: February 28, 2005
    Date of Patent: January 29, 2013
    Assignee: HGST Netherlands B.V.
    Inventor: Larry Lynn Williams
  • Patent number: 8359478
    Abstract: A method and a system for protecting a static digital datum contained in a first element of an electronic circuit, intended to be exploited by a second element of this circuit, in which: on the side of the first element, the static datum is converted into a dynamic data flow by at least one first linear shift feedback register representing a different polynomial according to the value of the static datum; the dynamic flow is transmitted to the second element; and on the side of the second element, the received dynamic flow is decoded by at least one second shift register representing at least one of the polynomials that has been used by the first element.
    Type: Grant
    Filed: January 3, 2008
    Date of Patent: January 22, 2013
    Assignee: STMicroelectronics S.A.
    Inventors: Loïc Bonizec, Stéphane Chesnais
  • Patent number: 8359481
    Abstract: A coprocessor includes a calculation unit for executing at least one command, and a securization device. The securization device includes an error detection circuit for monitoring the execution of the command so as to detect any execution error, putting the coprocessor into an error mode by default as soon as the execution of the command begins, and lifting the error mode at the end of the execution of the command if no error has been detected, an event detection circuit for monitoring the appearance of at least one event to be detected, and a masking circuit for masking the error mode while the event to be detected does not happen, and declaring the error mode to the outside of the coprocessor if the event to be detected happens while the coprocessor is in the error mode. Application in particular but not exclusively to coprocessors embedded in integrated circuits for smart cards.
    Type: Grant
    Filed: April 19, 2011
    Date of Patent: January 22, 2013
    Assignee: STMicroelectronics S.A.
    Inventors: Frederic Bancel, Nicolas Berard
  • Patent number: 8356188
    Abstract: The aim of the present invention is to provide a secure system-on-chip for processing data, this system-on-chip comprising at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory, characterized in that, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said central processing unit receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said central processing unit reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel.
    Type: Grant
    Filed: December 21, 2006
    Date of Patent: January 15, 2013
    Assignee: Nagravision S.A.
    Inventor: André Kudelski
  • Patent number: 8356189
    Abstract: The invention describes a method for hardening a security mechanism against physical intrusion and substitution attacks. A user establishes a connection between a network peripheral device and a network via a security mechanism. The security mechanism includes read only memory (ROM) that contains code that initiates operation of the mechanism and performs authentication functions. A persistent memory contains configuration information. A volatile memory stores user and device identification information that remains valid only for a given session and is erased thereafter to prevent a future security breach. A tamper-evident enclosure surrounds the memory elements, which if breached, becomes readily apparent to the user.
    Type: Grant
    Filed: August 23, 2010
    Date of Patent: January 15, 2013
    Assignee: AT&T Intellectual Property II, L.P.
    Inventors: Sandra Lynn Carrico, Philippe Hebrais
  • Patent number: 8353058
    Abstract: A computer-implemented method for detecting rootkits is disclosed. The computer-implemented method may include sending periodic security communications from a privileged-processor-mode region of a computing device. The computer-implemented method may also include identifying at least one of the periodic security communications. The computer-implemented method may further include determining, based on the periodic security communications, whether the privileged-processor-mode region of the computing device has been compromised. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 24, 2009
    Date of Patent: January 8, 2013
    Assignee: Symantec Corporation
    Inventors: Bruce McCorkendale, Sourabh Satish, William E. Sobel
  • Patent number: 8352753
    Abstract: A microcontroller comprises a microprocessor (1), a test interface (4) and an internal non-erasable memory (2). First control means (6) are provided which are able to activate and deactivate the test interface (4), and second control means (7) are provided which are able to activate and deactivate the internal non-erasable memory (2). The microprocessor (1) of the microcontroller comprises control outputs (101) which are connected with the first and second control means (6, 7). With appropriate timing of activation and deactivation of the test interface (4) and the internal non-erasable memory (2), the microcontroller offers the possibility of preventing an unauthorized access to contents of the internal non-erasable memory (2) without limiting the usability of the test interface (4) for the development of application programs.
    Type: Grant
    Filed: September 7, 2007
    Date of Patent: January 8, 2013
    Assignee: Austriamicrosystems AG
    Inventors: Werner Schoegler, Michael Böhm
  • Patent number: 8352749
    Abstract: Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.
    Type: Grant
    Filed: September 17, 2011
    Date of Patent: January 8, 2013
    Assignee: Google Inc.
    Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya
  • Patent number: 8352752
    Abstract: In a device having a plurality of circuits that can store at least a first value and a second value, a method can include configuring at least one circuit to persistently store the first value; determining whether the at least one circuit is storing the second value; and initiating a countermeasure if the at least one circuit is storing the second value. Determining whether the at least one circuit is storing the second value can include detecting whether the device has been attacked. Non-limiting examples of initiating a countermeasure can include resetting a portion of the device, powering down a portion of the device, activating an alarm circuit, causing protected data stored in the device to be erased, causing portions of the device to self-destruct, or causing the device to not respond to input applied to the interface.
    Type: Grant
    Filed: September 1, 2006
    Date of Patent: January 8, 2013
    Assignee: Inside Secure
    Inventors: Alexandre Croguennec, Yves Fusella
  • Patent number: 8352374
    Abstract: Methods and systems for controlling the distribution of digital content are provided. A license holder acquires protected content and an original digital license to the protected content from a content provider system. The license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients. The content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered. The original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider.
    Type: Grant
    Filed: August 30, 2010
    Date of Patent: January 8, 2013
    Assignees: Sony Corporation, Sony Electronics Inc.
    Inventors: Eric John Swenson, Ryuji Ishiguro, Motohiko Nagano, Pierre Chavanne
  • Publication number: 20120331309
    Abstract: A data processing system having a first processor, a second processor, a local memory of the second processor, and a built-in self-test (BIST) controller of the second processor which performs BIST memory accesses on the local memory of the second processor and which includes a random value generator is provided. The system can perform a method including executing a secure code sequence by the first processor and performing, by the BIST controller of the second processor, BIST memory accesses to the local memory of the second processor in response to the random value generator. Performing the BIST memory accesses is performed concurrently with executing the secure code sequence.
    Type: Application
    Filed: June 27, 2011
    Publication date: December 27, 2012
    Inventors: Jeffrey W. Scott, William C. Moyer
  • Patent number: 8341431
    Abstract: A number of digital content rendering modules are equipped such that selective subsets of the modules may be employed to render digital content of different media, and of different format types. The modules are organized into a hierarchy, with a selected one occupying a root position of the hierarchy, to exclusively receive the digital contents to be rendered, and that each module is further responsible for verifying the integrity of its immediate downstream modules, to collectively protect the digital contents being rendered. Additionally, in accordance with another aspect, a tamper resistant module is employed to recover digital contents provided in a protected state, obfuscating the recovery. Further, the modules may be of different application domains.
    Type: Grant
    Filed: November 24, 2009
    Date of Patent: December 25, 2012
    Assignee: Intel Corporation
    Inventors: Jeffrey M. Ayars, Rahul Agarwal, Alain Hamel, Darren P. Schack
  • Patent number: 8341728
    Abstract: An authentication device and method of a semiconductor chip which sends and receives authentication information, performs a login process for permitting an input to the semiconductor chip and an output from the semiconductor chip, controls acquisition of the authentication information and controls installation or uninstallation of a loadable program, assignment of a session to the loadable program unit, and use of the loadable program unit based on the session.
    Type: Grant
    Filed: October 23, 2008
    Date of Patent: December 25, 2012
    Assignee: Fujitsu Semiconductor Limited
    Inventors: Seigo Kaihoko, Ai Yodokawa, Nobuo Takahashi
  • Patent number: 8340299
    Abstract: Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.
    Type: Grant
    Filed: July 28, 2010
    Date of Patent: December 25, 2012
    Assignee: Broadcom Corporation
    Inventors: Mark L. Buer, Joseph J. Tardo
  • Patent number: 8341430
    Abstract: Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device.
    Type: Grant
    Filed: October 3, 2008
    Date of Patent: December 25, 2012
    Assignee: Microsoft Corporation
    Inventors: Octavian T. Ureche, Scott A. Brender, Karan Mehra, David Rudolph Wooten
  • Patent number: 8336105
    Abstract: A method and devices for a control of usage of content is disclosed. In one embodiment, a user device performs the steps of obtaining the content, defining usage rights, generating integrity protection information for defined usage rights, encrypting the content with a content encryption key, encrypting the content encryption key with a key encryption key associated with a recipient device and/or an operator of the recipient device, communicating the encrypted content, the defined usage rights, the encrypted content encryption key, and the integrity protection information to the recipient device.
    Type: Grant
    Filed: October 31, 2003
    Date of Patent: December 18, 2012
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Frank Hartung, Silke Holtmanns
  • Patent number: 8336111
    Abstract: A communication device and method for securing data include connecting a processor and at least one storage device via active pins of a switch in the communication device, and setting a secure command for securing data stored in the at least one storage device. The communication device and method further include invoking the secure command to delete the data in the at least one storage device, if text data of a received message matches the secure command, and switching the active pins to the inactive pins so as to disconnect the processor and the at least one storage device, thereby disabling the at least one storage device.
    Type: Grant
    Filed: October 21, 2009
    Date of Patent: December 18, 2012
    Assignees: Shenzhen Futaihong Precision Industry Co., Ltd., Chi Mei Communication Systems, Inc.
    Inventor: Li-Tao Chen
  • Patent number: 8335932
    Abstract: Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.
    Type: Grant
    Filed: September 26, 2011
    Date of Patent: December 18, 2012
    Assignee: Google Inc.
    Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya
  • Patent number: 8332659
    Abstract: Method and apparatus and associated method of detecting microchip tampering may include a conductive element in electrical communication with multiple sensors for verifying that signal degradation occurs at an expected region of the conductive element. A detected variance from the expected region may automatically trigger an action for impeding an integrated circuit exploitation process.
    Type: Grant
    Filed: July 29, 2008
    Date of Patent: December 11, 2012
    Assignee: International Business Machines Corporation
    Inventors: Gerald K Bartley, Darryl J Becker, Paul E Dahlen, Philip R Germann, Andrew B Maki, Mark O Maxson
  • Patent number: 8332662
    Abstract: A semiconductor integrated circuit including a detector and a secure checker. The detector generates a detection signal upon sensing an abnormal state in an operating environment of the semiconductor integrated circuit. The secure checker generates a check signal to find an operating condition of the detector and receives the detection signal. The detector activates the detection signal in response to the check signal.
    Type: Grant
    Filed: October 10, 2008
    Date of Patent: December 11, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sun-Kwon Kim, Byeong-Hoon Lee, Ki-Hong Kim, Hyuck-Jun Cho
  • Patent number: 8332661
    Abstract: A method and an apparatus for securing stand-alone microdevices or parts of larger processing devices are arranged for prevention of tampering, unauthorized use, and unauthorized extraction of information from an information containing region of the secured microdevice.
    Type: Grant
    Filed: September 11, 2008
    Date of Patent: December 11, 2012
    Inventor: Andrew N. Mostovych
  • Patent number: 8332660
    Abstract: A data processor for processing data in a secure mode having access to secure data that is not accessible to the data processor when processing data in the non-secure mode. A further processing device for performing a task in response to a request from the data processor issued from the non-secure mode. The further processing device including a secure data store not accessible to processes running on the data processor when in the non-secure mode. Prior to issuing requests, the data processor in the secure mode performs a set up operation on the further data processing device storing secure data in the secure data store. In response to receipt of the request from the data processor operating in the non-secure mode, the further data processing device performs the task using data stored in the secure data store to access any secure data required.
    Type: Grant
    Filed: January 2, 2008
    Date of Patent: December 11, 2012
    Assignee: ARM Limited
    Inventors: Nigel Charles Paver, Stuart David Biles, Donald Felton
  • Patent number: 8327152
    Abstract: This invention describes a system and methods for media content subscription service distribution; typical services include cable television, premium content channels, pay-per-view, XM radio, and online mp3 services. Subscribers use portable electronic devices to store digital certificates certifying the subscriber's privileges and an assigned public key. The devices can communicate with specially enabled televisions, radios, computers, or other media presentation apparatuses. These, in turn, can communicate with central databases owned by the provider, for verification purposes. Methods of the invention describe media content subscription service privilege issuing and use. The invention additionally describes methods for protecting media content transmitted to users with a variety of encryption schemes.
    Type: Grant
    Filed: August 23, 2010
    Date of Patent: December 4, 2012
    Assignee: Privaris, Inc.
    Inventors: David C. Russell, Barry W. Johnson, Kristen R. Olvera