Abstract: The invention relates to a cryptographic method involving an integer division of type q=a div b and r=a mod b, wherein a is a number of m bits, b is a number of n bits, with n being less than or equal to m, and bn?1 being non-null and the most significant bit of b. In addition, each iteration of a loop subscripted by i, which varies between 1 and m?n+1, involves a partial division of a word A of n bits of number a by number b in order to obtain one bit of quotient q. According to the invention, the same operations are performed with each iteration, regardless of the value of the quotient bit obtained. In different embodiments of the invention, one of the following is also performed with each iteration: the addition and subtraction of number b to/from word A; the addition of number b or a complementary number /b of b to word A; or a complement operation at 2n of an updated datum (b or /b) or a dummy datum (c or /c) followed by the addition of the datum updated with word A.

Abstract: Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures.

Abstract: Systems and methods of providing security to an external Serial Advanced Technology Attachment (SATA) device are described herein. A controller is connected between the eSATA device and the computing device. On startup, the controller presents a first partition of eSata device as a Read Only Memory, e.g., CD-ROM, but at the same time it restricts access of the computing device to a second partition of the eSata device until receiving a valid identity authentication. The second partition is preferably encrypted with a key stored on a first partition. Decryption is performed in the controller as part of presenting the eSata device. The authentication process is preferably stored in the first partition and downloaded to the computing device on startup.

Abstract: To address security that can arise in information systems, the present invention uses novel methods and/or systems to enhance security in information systems, using a new way to deploy selected security policies. Instead of trying to modify a whole binary file all at once to add in code to implement additional security policies, the current invention modifies the code in memory in a piecemeal, as-needed fashion.

Abstract: Techniques for seeding data among client machines, also referred to as boxes herein, are disclosed. To prevent the data distributed among the boxes from being illegitimately accessed or possessed, according to one aspect of the present invention, each box is configured to perform what is referred to herein as a transcription process. In other words, when encrypted data is received, the data is decrypted and then re-encrypted with a key agreeable with a next box configured to receive the data.

Abstract: An intrusion detection module includes an enclosure and a sensor to detect a predetermined type of intrusion. The module further includes a tamper sensor to detect a tampering attempt. An encryption mechanism is coupled to receive signals from the sensor and tamper sensor and encrypt such signals for transmission to a control panel.

Abstract: A method for accessing data in a data storage system is presented. The method includes supplying a host computer that is in communication with the data storage system, where the data storage system includes a data storage medium and a holographic data storage medium. A first request is generated to access a directory encoded in the data storage medium and includes a first encryption key. The requested directory recites a listing of data files encoded in the holographic storage medium. If the first encryption key decrypts the directory, the directory is read and a data file encoded in the holographic data storage medium is identified. A second request is then generated to access the data file and includes a second encryption key. Finally, if the second encryption key decrypts the data file, then it is read.

Abstract: A method and apparatus are provided for combating malicious code. In one embodiment, a method for combating malicious code in a network includes implementing a resource-limiting technique to slow a propagation of the malicious code and implementing a leap-ahead technique in parallel with the resource-limiting technique to defend against the malicious code reaching a full saturation potential in the network.

Abstract: A method, program product and apparatus include resistance structures positioned proximate security sensitive microchip circuitry. Alteration in the position, makeup or arrangement of the resistance structures may be detected and initiate an action for defending against a reverse engineering or other exploitation effort. The resistance structures may be automatically and selectively designated for monitoring. Some of the resistance structures may have different resistivities. The sensed resistance may be compared to an expected resistance, ratio or other resistance-related value. The structures may be intermingled with false structures, and may be overlapped or otherwise arranged relative to one another to further complicate unwelcome analysis.

Abstract: Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

Abstract: The teachings herein present a method and apparatus for protecting usage restriction data that governs usage of an electronic device. A cryptographic circuit supports secure and non-secure accesses. When non-securely accessed, it is operable only to verify the stored usage restriction data, and, when securely accessed, it is operable to generate a new message authentication code for changed usage restriction data, for subsequent authentication of that data. The usage restriction data may be stored in non-secure memory and may include static and dynamic parts. One or more embodiments include a secure circuit indicating whether the device has been initialized. The cryptographic circuit outputs a message authentication code for the static part using a permanent device key from the secure circuit, only if the device has not been initialized, and outputs a message authentication code for the dynamic part as needed to support authorized changes to the dynamic part.

Abstract: A system to prevent content spoofing by detecting phishing attacks is provided. The system checks each webpage visited by a user and determines if the page is legitimate. To determine if a page is legitimate, the system employs fingerprints to check how similar the browsed page is with respect to an original page. If the similarity between browsed page and the original page is found to be more than a preset threshold, then the browsed page is considered to be a spoofed page. Access to the spoofed page is then either denied and/or an alarm is triggered.

Abstract: Various embodiments of a system and method for providing protection against malicious software programs are disclosed. The system and method may be operable to detect that a first window of a legitimate software program has been replaced by a second window of a malicious software program, e.g., where the second window includes features to mimic the first window in an effort to fool the user into inputting sensitive information into the second window. The method may operate to alert the user when the window replacement is detected.

Abstract: Method and apparatus for ensuring randomness of pseudo-random numbers generated by a conventional computer operating system or electronic device. Typically pseudo-random number generators used in computer operating systems or electronic devices may be penetrated by a hacker (pirate), who penetrates a cryptographic or other supposedly secure process using the random numbers by tampering with the input random numbers, thus making them nonrandom. The present method and apparatus are intended to verify such random numbers to make sure that they are indeed random enough, by applying suitable random tests. Only if the values pass the test are they passed on for use in the cryptographic or other process. If they fail the test, a new set of random numbers is requested from the pseudo-random number generator. These are again tested. Further a diversity function may be applied to the random numbers even if they have passed the random number test in order to improve their randomness.

Abstract: The present invention provides systems and methods for providing distributed, adaptive IP filtering techniques used in detecting and blocking IP packets involved in DDOS attacks through the use of Bloom Filters and leaky-bucket concepts to identify “attack” flows. In an exemplary embodiment of the present invention, a device tracks certain criteria of all IP packets traveling from IP sources outside a security perimeter to network devices within the security perimeter. The present invention examines the criteria and places them in different classifications in a uniformly random manner, estimates the amount of criteria normally received and then determines when a group of stored classifications is too excessive to be considered normal for a given period of time. After the device determines the criteria that excessive IP packets have in common, the device then determines rules to identify the packets that meet such criteria and filters or blocks so identified packets.

Abstract: A method, system and computer program product for tamper-proofing an executable assembly, including identifying assembly-time constants in source code; encrypting the assembly-time constants during the assembly process using public key cryptography; and signing the executable assembly using a digital signature. The executable assembly, at run-time, decrypts the assembly-time constants using the digital signature. A hashing function, a compression function or a one-way cryptographic block function is used to encrypt the assembly-time constants. Different keys or the same keys can be used to launch the assembly and to encrypt the assembly-time variables. The assembly-time constants are placed into a heap prior to the encrypting step. The assembly-time constants include strings and databases.

Abstract: The present invention provides a computer implemented method, data processing system, and computer program product for verifying a return address. A computer stores the return address into a stack based on a function call. The computer generates a first hash based on a first stack frame and a second stack frame. The computer stores the first hash in a first canary location, wherein the first canary location is in the first stack frame. The computer executes at least one instruction of a routine referenced by the function call. The computer reads the first canary location to form a first suspect hash. The computer calculates a first verification hash based on the first stack frame and the second stack frame. The computer determines that the first verification hash matches the first suspect hash to form a first positive determination. The computer responsive to the first positive determination, the computer reads a second canary location to form a second suspect hash.

Abstract: A memory controller for a smart card including a non-volatile memory can include an internal circuit that is configured to perform cryptographic key processing responsive to a first clock and a non-volatile memory interface circuit for transferring/receiving a signal to/from the internal circuit in synchronization with the first clock and transferring/receiving the signal to/from an external device in synchronization with a second clock that is asynchronous relative to the first clock.

Abstract: The claimed method and system monitors computer system timer(s) relative to other timers to detect discrepancies and/or may capture an offset to provide a method of more accurately determining a current time. The invention may also provide a method to detect power source tampering using a last known good time and may provide a means to securely initialize system time using an encrypted time stamp.

Abstract: Methods for authenticating firmware in a computing device include partitioning functions critical to the intended role of the computing device so that, upon successful authentication of the firmware, all functions of the device are made operational. Otherwise, the computing device behaves in a diagnostic mode of operation to assist users in troubleshooting to eventually authenticate firmware. At least first and second sets of firmware are loaded at various times into a controller of the computing device with the first set occurring without verification of trustworthiness, while the second set occurs upon authentication of the first. The second is used to authenticate a remainder set of firmware. Particular computing devices contemplate laser printers, mobile phones, PDA's, gaming consoles, etc. Firmware downloads, error messaging, hash comparisons, signature table construction, page-in techniques, computer program products, and particular computing arrangements are other noteworthy features, to name a few.

Abstract: An IC card includes a tamper resistant module which has one or more applications and a card control unit for controlling an operation of the IC card, a secure memory area which is accessible from only the tamper resistant module, and a contactless interface which serves to communicate with a service terminal. The card control unit generates storage instruction information, and the contactless interface transmits the storage instruction information to the service terminal. The storage instruction information contains an address of the secure memory area as a write area of data, an address of a normal memory area that indicates a save area for temporarily saving the data, an identifier of the application which executes a data movement from the normal memory area to the secure memory area, and an address of a relay terminal which relays the data.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Abstract: Application protection systems and methods. The system comprises a security platform device comprising a storage unit and a processing unit. The storage unit comprises a root security key and an application security key. The security platform device receives a unique key from an application. The processing unit encrypts the unique key using the root security key, and determines whether the encrypted unique key conforms to the application security key. If so, the application is allowed to execute.

Abstract: A data leakage prevention system, method, and computer program product are provided for preventing a predefined type of operation on predetermined data. In use, an attempt to perform an operation on predetermined data that is protected using a data leakage prevention system is identified. Additionally, it is determined whether a type of the operation attempted includes a predefined type of operation. Furthermore, the operation on the predetermined data is conditionally prevented based on the determination to prevent circumvention of the protection of the data leakage prevention system.

Abstract: Method for embedding a session secret, within an application instance, comprising the steps of generating an ephemeral session secret by a master application. Embedding, by master application, secret bytes, within application bytes of a slave application. Calculating said ephemeral session secret, by slave application, from said embedded secret bytes, when slave application is executed.

Abstract: In the field of computer software, obfuscation techniques for enhancing software security are applied to compiled (object) software code. The obfuscation results here in different versions (instances) of the obfuscated code being provided to different installations (recipient computing devices). The complementary code execution uses a boot loader or boot installer-type program at each installation which contains the requisite logic. Typically, the obfuscation results in a different instance of the obfuscated code for each intended installation (recipient) but each instance being semantically equivalent to the others. This is accomplished in one version by generating a random value or other parameter during the obfuscation process, and using the value to select a particular version of the obfuscating process, and then communicating the value along with boot loader or installer program software.

Abstract: An encryption apparatus (14) includes a secure processing system (12) in the form of an integrated circuit. The secure processing system (12) includes an on-chip secure memory system (30). The secure memory system (30) includes a non-volatile, read-only, permanent key register (62) in which a permanent cryptographic key (64) is stored. The secure memory system (30) also includes a non-volatile, read-write, erasable key register (56) in which an erasable cryptographic key (60) is stored. Symmetric cryptographic operations take place in an encryption engine (46) using an operating cryptographic key (68) formed by combining (96) the permanent and erasable keys (64, 60). A tamper detection circuit (70) detects tampering and erases the erasable key (60) when a tamper event is detected.

Abstract: A method of securely controlling through a private network a computer protected by a hardware-based inner access barrier or firewall and configured to operate as a general purpose computer connected to the Internet, comprising: two separate network connections separated by an inner hardware-based access barrier or inner hardware-based firewall protecting a private network connection configured for connection to a private network of computers but not protecting a public network connection configured for connection to a public network configured to include the Internet, the method including the step of controlling at least one operation of the computer, the control being provided through the private network and the operation involving data and/or code transmitted through an out-only bus or channel. Another method includes the step of controlling an operation of a second or third private protected unit of the computer, the control being provided through a second or third private network, respectively.

Abstract: A method for protecting a secured real time clock module, the method includes: locking multiple input ports of the secured real time clock module if the multiple input ports of the secured real time clock module are idle during at least a first duration; unlocking the multiple input ports of the secured real time clock module if a predefined high frequency code is received over a control input port of the secured real time clock module; and providing a secured real time clock signal when the multiple input ports of the secured real time clock module are locked and when the multiple input ports of the secured real time clock module are unlocked; wherein changes in a supply voltage results in a supply voltage induced changes of an input signal provided to an input port of the secured real time clock module; wherein a maximal frequency of the supply voltage induced changes of the input signal is lower than the high frequency of the predefined high frequency code.

Abstract: Program obfuscation is accomplished with tamper proof token including an embedded oracle. A public obfuscation function can be applied to any program/circuit to produce a new obfuscated program/circuit that makes calls to the corresponding oracle to facilitate program execution. A universal circuit representation can be employ with respect to obfuscation to hide circuit wiring and allow the whole circuit to be public. Furthermore, the token or embedded oracle can be universal and stateless to enable a single token to be employed with respect to many programs.

Abstract: Methods for licensing functionality after an initial transaction are provided. One such method is directed to licensing after an initial transaction of a customer obtaining a supply item including the step of prompting the customer to acquire a usage license for the supply item.

Abstract: A self-modifying FPGA system includes an FPGA and a configuration memory device coupled to the FPGA for providing the FPGA with configuration information. The configuration memory device is programmed with configuration data and dormant data. The FPGA system is also provided with a configuration assist circuit coupled to the FPGA and the configuration memory device for controlling loading of configuration information from the configuration memory device to the FPGA. A tamper detection system provides a tamper signal to the FPGA, wherein when a tamper signal is received by the FPGA the configuration data is replaced with the dormant data.

Abstract: Apparatus and method to verify the integrity of a digital image (i.e., deciding whether or not the entire image or just a portion has been tampered with, and/or finding the doctored area in the image). One first determines the imaging sensor's reference pattern noise, which serves as a unique fingerprint that identifies the imaging sensor that captured the image. To verify the integrity of the content in a region of the image, a correlation detector determines the presence or absence of the imaging sensor's reference pattern noise in that region, thereby verifying whether or not the image has integrity. The correlation detector can also find automatically one or more regions in the image that were tampered with. In another embodiment, one determines the pattern noise of only the image in question and tests that noise to determine whether or not the image has integrity.

Abstract: Methods, computer networks, and computer program products that reduce the vulnerability of network user devices to security threats include scanning a user device connected to a network to determine whether the user device contains a particular version of an application; downloading the particular version of the application via the network in response to verifying that the user device does not contain the particular version of the application; installing the downloaded application on the user device; scanning the user device for security vulnerabilities; downloading a patch via the network in response to detecting a security vulnerability, wherein the patch is configured to remedy the security vulnerability; and executing the downloaded patch on the user device to remedy the detected security vulnerability.

Abstract: A tool kit for accessing data stored on an electronic SMART card is provided, the kit comprising a SMART card reader and recorder, at least one storage card, and a control card. The card reader and recorder is operative to read and copy the electronic SMART card onto the storage card, and to read the control card, the storage card comprising a storage card security key. The control card comprises code generation means operative to generate a control card security key, copying of the electronic SMART card onto the storage card being prevented unless the control card security key is verified against the storage card security key.

Abstract: A circuit and method increases the repeatability of physically undetectable functions (PUFs) by enhancing the variation of signal delay through two delay chains during chip burn-in. A burn-in circuit holds the inputs of the two delay chains at opposite random values during the burn-in process. All the PFETs in the delay chains with a low value at the input will be burned in with a higher turn on voltage. Since the PFETs affected in the two delay chains are driven by opposite transitions at burn-in, alternating sets of delay components in the two delay chains are affected by the burn-in cycle. Under normal operation, both of the delay chains see the same input so only one chain has an increase in delay to achieve a statistically reliable difference in the two delay paths thereby increasing the overall repeatability of the PUF circuit.

Abstract: Code is associated to a target based on an inspection of the code. A target may be a device or a user. A number of code components may be inspected at one time and then transferred or otherwise associated to a target based on the target's profile. A code component may be a policy of an information management system.

Abstract: A method and apparatus for detecting an originator of traffic of interest is provided. One or more honeypots are established. Mobility is then provided to the one or more honeypots. In one embodiment, mobility is provided by communicating information associated with one or more dark prefixes. In another embodiment, mobility is provided by varying information related to the one or more dark prefixes.

Abstract: Embodiments of methods and systems for controlling access to information stored on memory or data storage devices are disclosed. In various embodiments, methods of retrieving information from a data storage device previously deactivated by modification or degradation of at least a portion of the data storage device are disclosed.

Abstract: A memory device includes a storage unit having a decryption key storage section that stores key information for decryption and a data storage section that stores to-be-read data requested from the exterior, and a decryption control unit capable of decrypting an externally input encrypted read instruction and address based on the key information stored in the decryption key storage section, and causing data corresponding to the decrypted read instruction and address to be output from the data storage section. The decryption key storage section is composed of arrays of a flash memory.

Abstract: Instruction set architecture (ISA) extension support is described for control-flow integrity (CFI) and for XFI memory protection. ISA replaces CFI guard code with single instructions. ISA support is provided for XFI in the form of bounds-check instructions. Compared to software guards, hardware support for CFI and XFI increases the efficiency and simplicity of enforcement. In addition, the semantics for CFI instructions allows more precise static control-flow graph encodings than were possible with a prior software CFI implementation.

Abstract: A method and a circuit for protecting a numerical quantity contained in an integrated circuit on a first number of bits, in a modular exponentiation computing of a data by the numerical quantity, including: selecting at least one second number included between the unit and said first number minus two; dividing the numerical quantity into at least two parts, a first part including, from the bit of rank null, a number of bits equal to the second number, a second part including the remaining bits; for each part of the quantity, computing a first modular exponentiation of said data by the part concerned and a second modular exponentiation of the result of the first by the FIG. 2 exponentiated to the power of the rank of the first bit of the part concerned; and computing the product of the results of the first and second modular exponentiations.

Abstract: Embodiments of the invention relate generally to a method, to a data processing apparatus and to a wireless device. In an embodiment of the invention a data processing apparatus is provided. The data processing apparatus may include a chip-integrated unit to select a check location of an external memory and to generate a check value, an internal memory associated with the chip-integrated unit, the internal memory to save the check location and the check value, and an external memory coupled to the chip-integrated unit, the external memory to store the check value at the check location.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: An efficient pseudo-random function and an efficient limited number of times authentication system using such a function are realized. A pseudo-random function calculating device comprises a key creating means and a pseudo-random function calculating means. The key creating means creates a public key made of a set of at least a first component and a second component as components constituting an element of a finite group and a secret key made of an integer and secretly saves the created secret key in a secret key memory section but makes the public key public. The pseudo-random function calculating means outputs the element of a finite group as function value of the pseudo-random function upon receiving an integer as input.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: Realizing a data communication device and a data communication method enabling to specify an IC memory mounted in the communication device and to perform data communication to the communication device in which the IC memory is mounted. A mobile device 100 of transmitting side accepts a domain ID specifying a detachable IC memory uniquely from an application 102, a communication driver 105 obtains an IP address of the device of correspondent on the basis of the accepted domain ID from a name server 300 storing the domain ID and the IP address being associated with each other. Then, the communication driver 105 obtains a port ID which an IC memory of the device of correspondent assigned to an application, and transmits the domain ID and the port ID together with a transmission data to the IP address. The device of correspondent rims the application based on the received port ID and executes an appropriate processing.

Abstract: A network security system and method performs quantifying and billing for network security consumed during a period of time. Implementations may include billing server configured to calculate the security protection consumed by calculating damages avoided from attacks that were blocked. The network security system also may include a scanner inside the customer network configured to scan devices for vulnerabilities and to quantify assets at risk. The system may further include an intrusion suppression module outside the customer network configured to maintain a list of attacks sustained and blocked during a period of time. The network security system may also include a blocker inside the customer network configured to detect unauthorized disclosures of confidential information and block the disclosures in real time.

Abstract: A BD-ROM stores a disc root certificate 301 that is issued by a root certificate authority and assigned to the disc medium. An application manger 2 acquires a hash value from the disc root certificate 301 and verifies the authenticity of an application by using the hash value. If the authenticity is verified, the virtual machine 3 executes the application. A local storage 5 has a plurality of domain areas. Form among the plurality of domain areas, a security manger 4 allocates to the application a domain area that corresponds to the hash value.