Abstract: A sensor may obtain sensor data. The sensor may transmit the sensor data to a controller via a sensor-controller interface. The sensor may determine, based on the sensor data, a security characteristic for the sensor data. The sensor may encrypt the security characteristic to generate an encrypted security characteristic. The sensor may transmit the encrypted security characteristic to the controller via the sensor-controller interface.

Abstract: A debug system includes a chip to be tested and a debug controller. The chip to be tested includes a circuit to be tested, a debug access circuit and a debug protection circuit. When a protection function is not enabled, the debug protection circuit enables a communication between the debug access circuit and the chip to be tested, the debug controller accesses the data of the chip to be tested via the debug access circuit for debugging the circuit to be tested. When the protection function is enabled, the debug protection circuit blocks the communication between the debug access circuit and the chip to be tested, the debug controller transmits a message to the debug protection circuit via the debug access circuit, and the debug protection circuit determines whether to disable the protection function according to the message.

Abstract: An information processing system includes: a first authentication unit that authenticates a user by a first method; a first providing unit that provides a service to the user authenticated by the first authentication unit; a second authentication unit that authenticates a user by a second method; and a second providing unit that provides a service to the user authenticated by the second authentication unit and also provides a service to the user authenticated by the first authentication unit in a case where the first method satisfies a condition determined according to the second method.

Abstract: Systems and methods are provided for authenticating a user of a computing device. An example system includes a memory storing instructions, and a processor configured to execute the instructions to receive an authentication request from a user of a computing device, determine a context of the authentication request, determine a physical location of the user, and perform, based on the context of the authentication request and the physical location of the user, an associate proximity detection. The associate proximity detection includes steps to identify an associate based on at least one of the context of the authentication request or the physical location of the user, determine a physical location of the identified known associate, and determine a proximity of the user to the identified known associate. The authentication request may be approved when the determined proximity is within a threshold.

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

Abstract: Agnostic domain communication via a user interface of a communication platform is described. A user interface associated with the communication platform can be presented via a client, wherein an instance of a first workspace of the communication platform that is associated with a first domain is presented via the user interface. A request to access a second workspace of the communication platform that is associated with a second domain that is different from the first domain can be received. Based at least partly on a determination that the request is associated with an attribute that satisfies a criteria, an instance of the second workspace can be presented via the user interface.

Abstract: Provided is a method for erasing security-relevant information in a device, having the method steps of: ascertaining at least one movement parameter of the device over time, monitoring the ascertained movement parameters over time on the basis of at least one prescribed movement pattern, and triggering an erase process for the security-relevant information if the ascertained movement parameter over time is consistent with the at least one prescribed movement pattern. An apparatus and a computer program product for carrying out the method to ensure that security-relevant data of the device are erased reliably and completely even in the event of an accident or another unforeseen event is also provided.

Abstract: Computer systems and methods are disclosed to implement a virtual machine monitor (VMM) that stores cryptographic keys for guest virtual machines (VMs) and securely executes cryptographic operations on the VMs' behalf using the stored cryptographic keys. The cryptographic keys are maintained in a key store that is accessible to the VMM but not accessible to the guest VMs. The cryptographic operations are executed in a manner that does not reveal the cryptographic keys to the guest VMs. In embodiments, the guest VMs may invoke the cryptographic operations via a device driver, a memory access interface, or some other mechanism. Advantageously, the guest VMs cannot obtain the cryptographic keys in their own memory space, so that the keys cannot be exfiltrated from the guest VMs. Embodiments of the VMM may be used to implement cryptographic operations such as request signing and verification, data encryption and decryption, and others.

Abstract: An integrated circuit (122) includes an on-chip boot ROM (132) holding boot code, a non-volatile security identification element (140) having non-volatile information determining a less secure type or more secure type, and a processor (130). The processor (130) is coupled to the on-chip boot ROM (132) and to the non-volatile security identification element (140) to selectively execute boot code depending on the non-volatile information of the non-volatile security identification element (140). Other technology such as processors, methods of operation, processes of manufacture, wireless communications apparatus, and wireless handsets are also disclosed.

Abstract: A portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure. One computer module is for Higher-Security applications (refer higher-security to as “red”) and the other is for Lower-Security applications such as email and internet (refer lower-security to as “black”). The two modules are coupled together to secure Peripheral Sharing Switch that enables intuitive user interaction while minimizing the security risk resulted from sharing same peripheral device.

Abstract: In some examples, a dock may determine that computing device is connected to the dock. The dock may authenticate the computing device, a user of the computing device, or both. The dock may select a policy based on the type (e.g., provided by a corporation or by the user) of the computing device, the type of user (e.g., employee, contractor, or visitor), or both. The dock may configure the dock to enforce the policy. For example, for one or more of the ports of the dock, the dock may enable a port, disable the port, monitor data sent and received using the port, restrict an upload and/or download speed of the port, prevent the port from accessing one or more locations (e.g., addresses or paths), or any combination thereof.

Abstract: An electronic circuit includes a plurality of processing elements, a register bank, and a control circuit. The processing elements consume power by processing a plurality of operands to generate a plurality of result values. The register bank has a plurality of registers. The control circuit is configured to determine one or more unused processing elements among the processing elements by snooping one or more incoming operands and an instruction type, control routing of one or more random operands from the register bank to the unused processing elements, and control routing of a random result value generated by one of the unused processing elements into a trash register of the registers. The power consumed by the unused processing elements in the generation of the random result value and a write of the random result value into the trash register temporally blurs a total power consumed by the electronic circuit.

Abstract: An apparatus includes integrated circuitry (IC) and a further circuit. The IC includes internal circuits having sensitive/secret data (SSD) to be maintained as confidential relative to a suspect Hardware Trojan (HT) and including access ports through which information associated with the internal circuits is accessible by external circuitry associated with the HT. The further circuit to learn behavior of the internal circuits that is unique to the integrated circuitry under different operating conditions involving the internal circuits, involving the SSD and involving other data that is functionally associated with an application of the integrated circuitry.

Abstract: An information processing apparatus includes a verification unit that performs verification of software to be executed by an execution unit, a retaining unit that retains information indicating a voltage supposed to be applied to the execution unit, a power supply unit that applies a predetermined voltage to the execution unit on the basis of the information, and a clock signal output unit that outputs clock signals having frequencies, and the clock signal output unit outputs a clock signal having a first frequency to the verification unit when verification of the software is performed, outputs a clock signal having a second frequency lower than the first frequency to the execution unit before the predetermined voltage is applied to the execution unit, and outputs a clock signal having a third frequency higher than the second frequency to the execution unit after the predetermined voltage is applied to the execution unit.

Abstract: An apparatus and a method for preserving the privacy of at least a user, wherein the method includes an authentication phase during which authentication information specifying a first level of access and a second level of access are detected, a determination phase during which it is determined, on the basis of the authentication information, whether the first or the second level of access is enabled, a first output phase during which at least one first set of personal information (P1) is outputted, through the output apparatus, if either the first level of access or the second level of access is enabled, and a second output phase during which at least one second set of personal information (P2) is outputted, through the output apparatus, only if the second level of access is enabled.

Abstract: An application-specific integrated circuit (ASIC) and method are provided for executing a memory-hard algorithm requiring reading generated data. A processor or state machine executes one or more steps of the memory-hard algorithm and requests the generated data. At least one specialized circuit is provided for generating the generated data on demand in response to a request for the generated data from the processor. Specific embodiments are applied to memory-hard cryptographic algorithms, including Ethash and Equihash.

Abstract: Disclosed is an electronic device that receives a first input received through a stylus pen connected with the electronic device through wireless communication in a lock state of the electronic device, identifies unlock history information by at least one user authentication method in response to receiving the first input, and changes a state of the electronic device to an unlock state, based at least partially on an existence of the identified unlock history information.

Abstract: Embodiments of the present application provide an acoustic sensing-based text input method, comprising: obtaining audio information corresponding to text to be input; dividing the audio information to obtain an audio segment for each letter to be recognized in the text to be input; sending to the server, a type of the text to be input, the audio segments for letters to be recognized, and arrangement of the audio segment for the letter to be recognized in the audio information; receiving input result returned by the server, and displaying, based on the input result, text information corresponding to the text to be input on the display screen of the mobile terminal. The method allows effective text input without relying on a display screen.

Abstract: A first fraction of an electrical stimulation is allocated to a first electrode. In response to user input, the first fraction of the electrical stimulation is fixed to the first electrode such that the first fraction is user-adjustable but cannot be automatically changed. In response to the first fraction being fixed to the first electrode, a respective second fraction of the electrical stimulation is automatically allocated to a plurality of second electrodes. The second fraction is a function of the first fraction and a total number of the second electrodes. Thereafter, a new electrode is added to, or deleting from, the second electrodes, while the first fraction is still fixed to the first electrode. The respective second fractions are automatically adjusted in response to the adding or the deleting, without affecting the first fraction of the electrical stimulation that has been fixed to the first electrode.

Abstract: Magnetic PUFs (Physical Unclonable Function) may utilizes a single 3-axis Hall-effect sensor for enrollment. When a PUF is manufactured, a Hall-effect sensor is used to model the PUF disk and store that data where it may be accessed. This process is called “enrollment.” This invention improves upon the PUF implementation by introducing controlled variability into the enrollment, the reading of the PUF data from the Hall-effect sensors (the number and position of read sensors), the sampling method of the read sensor(s), and the processing of the PUF data.

Abstract: A request is received from a security tool, the request relating to an event involving data records in a storage device. An application programming interface (API) is used to interface with secure storage functionality of the storage device, the secure storage functionality enabling a set of secure storage operations. A security operation is caused to be performed at the storage device involving the data records based at least in part on the request. In one aspect, the set of secure storage operations can include a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation.

Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) code. The examples detect whether a change has occurred to the SMM code based on the monitoring of the expected functionality. The change indicates that the SMM code is compromised.

Abstract: An authentication tag and a method for producing the same are disclosed. For example, the authentication tag includes a substrate, a correlation mark printed on a first part of the substrate, a key printed on the second part of the substrate, wherein a portion of the substrate is transparent, and at least one raised feature is printed on the substrate.

Abstract: Methods and systems are presented for providing enriched technical security data to a risk engine of an online service provider, and for adjusting security settings based on the enriched data. The enriched security data may be generated by recursively deriving additional security information from an initial security data input. The initial security data input may be associated with a risk source, such as a person or a device that submits an electronic request to the online service provider. Based on the initial security data input, the risk engine may recursively derive additional security information that enriches the initial security data input. The risk engine may then use the derived security information as well as the initial security data input to assess a risk level of the risk source, and then adjust a security setting of the online service provider based on the assessed risk level of the risk source.

Abstract: A mobile device allows transmission of additional outgoing application data requests in response to occurrence of receipt of data transfer from a remote entity, user input in response to a prompt displayed to the user, and a change in a background status of an application executing on the mobile device. Additional outgoing application data requests are foreground application requests.

Abstract: An electronic system includes a plurality of hardware devices and an authenticated circuit. The authenticated circuit is integrated, as fixed hardware, in the electronic system together with the plurality of hardware devices during a manufacturing process of the electronic system, the authenticated circuit configured to verify system integrity based on a system identification code provided from inside of the electronic system by at least one of the plurality of hardware devices, the system integrity indicating that a combination of the authenticated circuit and the plurality of hardware devices has not been modified since the manufacturing process, the authenticated circuit configured to perform a mining operation to generate a next block, the next block to be linked to a blockchain only in response to the authenticated circuit verifying the system integrity. Indiscriminate mining competition may be prevented or reduced in likelihood of occurrence.

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

Abstract: Techniques are described for energy scoring of a monitored property and users of the monitored property. A system provides users with information related to the efficiency of the monitored property and aggregates data over multiple monitored properties. The system computes and outputs a score for a monitored property that reflects efficiency of the property and/or the users of the property. The system may track how that score changes through time, and how it relates to neighboring properties. The score may be expressed as both a number and a percentile.

Abstract: At the start of an I/O cutover process that changes host computer access to a logical volume from a source data storage appliance to a destination data storage appliance, and during which processing of host I/O operations directed to the logical volume is frozen, at least one I/O freeze timer is set. In response to expiration of the I/O freeze timer, and prior to completion of the I/O cutover process, processing of host I/O operations directed to the logical volume is resumed.

Abstract: A device includes a memory. The device also includes a controller. The controller includes a register configured to store an indication of whether an ability of a received command to alter an access protection scheme of the memory is enabled. The received command may alter the access an access protection scheme of the memory responsive to the indication.

Abstract: A method for secure boot includes, in a processor, retrieving from a memory device a firmware boot code for bootstrapping a firmware of the processor. The firmware boot code is authenticated using an authentication key. In response to failing to authenticate the firmware boot code using the authentication key, an attempt is made to authenticate a recovery firmware code, which has reduced functionality relative to the firmware boot code, using a recovery key. Upon successfully authenticating the recovery firmware code using the recovery key, the firmware boot code is restored from a host, the restored firmware boot code is authenticated by executing the recovery firmware code, and the firmware is bootstrapped using the authenticated firmware boot code.

Abstract: Customers of a service provider are able to provision compartments of the accounts. The both the accounts and the compartments, in some embodiments, may have associated computing resources and identities. One or more identities of the account may be authorized to perform administrative operations in the compartment. Identities of the compartment may lack the ability to perform any administrative actions outside of the compartment but inside of the account.

Abstract: A method for processing data in a plurality of processing acts includes: configuring a plurality of processing circuits in a first configuration, in such a way that both a first and a second of the plurality of processing circuits execute a first of the plurality of processing acts; and configuring the plurality of processing circuits in a second configuration, in such a way that the first processing circuit executes a second processing act and the second processing circuit executes a third processing act, which is different than the second processing act. An apparatus is designed for carrying out the method.

Abstract: An electronic device and a method for processing an image by the electronic device according to various embodiments of the present invention are provided. The method may comprise: generating password information for a first image using security information of a user; changing the first image to a second image using the generated password information; and transmitting the second image and the password information in response to a transmission request of the first image. Various other embodiments may be available.

Abstract: Some embodiments described herein include a method to validate supply chains for electronic devices using side-channel information in a signature analysis. The method includes sending, to a target device, a first signal associated with a set of codes to be executed by the target device, and then receiving first side-channel information associated with the target device in response to the target device executing the set of codes. The method also includes determining second side-channel information associated with a simulated device in response to the set of codes. The method further includes comparing a discriminatory feature of the first side-channel information with a discriminatory feature of the second side-channel information to determine a characteristic of the target device based on a pre-determined characteristic of the simulated device. Finally, the method includes sending, to a user interface, a second signal associated with the characteristic of the target device.

Abstract: One example provides, on a USB input device, a method comprising receiving an unlock request to change a firmware lock state of a controller of the USB input device from a locked state to an unlocked state, determining whether the unlock request is valid or invalid, when the unlock request is valid, updating the firmware lock state from the locked state to the unlocked state and sending a process completion message, when the unlock request is invalid, sending the process completion message without updating the firmware lock state, receiving a firmware update request, determining whether the firmware lock state is in the locked state or the unlocked state, receiving a firmware payload, authenticating data of the firmware payload, and when the firmware lock state is determined to be in the unlocked state and when the data of the firmware payload is authenticated, then installing the firmware payload.

Abstract: A film includes: a first electrode facing a desired position in a screen of a display device, a capacitive touch panel being included in or externally attached to the display device; a second electrode electrically connected to the first electrode; and an optical layer that refracts light from the screen of the display device in a desired direction.

Abstract: In one embodiment, a method includes accessing, by a stylus, data indicating a customization of a device for the particular user. The stylus is associated with a particular user and is configured to transmit signals wirelessly to the device through a touch sensor of the device. The data indicating the customization is stored in a memory of the stylus. The method also includes wirelessly transmitting the data by the stylus to the device through the touch sensor of the device to affect the customization of the device for the particular user.

Abstract: The present disclosure includes a method for authenticating a field device of automation technology with respect to a destination device. A telegram is created by the field device, which telegram includes a first data field and at least a second data field. The first data field includes information on the status of the field device and/or of the device components of the field device and/or information on the device parameterization/configuration, and a sequence counter or a time stamp. Security data are generated from the first data field via a cryptographic method, which security data are stored in the second data field. The telegram is transmitted from the field device to the destination device, wherein the destination device verifies the second data field as to authenticity or integrity upon receipt of the telegram, and wherein a first alarm is generated if the authenticity or the integrity of the second data field is not successfully verified.

Abstract: Systems and methods are provided for control of a personal computing device based on user face detection and recognition techniques.

Abstract: A battery cell for a battery of a motor vehicle with a battery cell housing, in which a galvanic element is accommodated. The battery cell can be electrically connected to at least one other battery cell by way of two electrical connection terminals. A control device of the battery cell is operatively connected to at least one functional unit of the battery cell. The control device of the battery cell is designed for the purpose of receiving a command issued by an external control device. The control device includes a verification unit, which is designed for the purpose of verifying an authorization of the external control device to issue the command.

Abstract: A system includes a storage medium enterprise and a processing component. The storage medium enterprise includes a first storage medium configured to store data and a second storage medium configured to store data. The processing component external to the storage medium enterprise is configured to receive and process data received from the storage medium enterprise. The first storage medium is configured to transmit a first operational data associated with the first storage medium to the processing component and the second storage medium is configured to transmit a second operational data associated with the second storage medium to the processing component. The first operational data is formed into a block of a block chain prior to transmission to the processing medium and the second operational data is formed into another block of the block chain prior to transmission to the processing medium.

Abstract: Disclosed in some examples are systems, methods, memory devices, and machine readable mediums for a fast secure data destruction for NAND memory devices that renders data in a memory cell unreadable. Instead of going through all the erase phases, the memory device may remove sensitive data by performing only the pre-programming phase of the erase process. Thus, the NAND doesn't perform the second and third phases of the erase process. This is much faster and results in data that cannot be reconstructed. In some examples, because the erase pulse is not actually applied and because this is simply a programming operation, data may be rendered unreadable at a per-page level rather than a per-block level as in traditional erases.

Abstract: Described are techniques for determining a qualification status of a device in a system. An occurrence of a trigger event for the device is determined. The trigger event is caused by an occurrence of any of a time-based event, a performance-based event, a usage-based event, and an unscheduled event. A user notification is provided to perform a first action responsive to the occurrence. The first action is an action to perform any of a maintenance activity, a repair activity, and a test for the device. The qualification status of the device is updated in accordance with said first action. Also described are techniques for more generally determining a compliance status of a device where the compliance status may be related to any one or more of qualification, verification, validation and/or calibration of the device.

Abstract: Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices, including: reading, from at least a majority of the storage devices, a portion of an apartment key; reconstructing the apartment key using the portions of the apartment key read by the majority of the storage devices; unlocking the main portion of each of the storage devices utilizing the apartment key; reading, from the main portion of one of the storage devices, a portion of a third-party resource access key; requesting, from the third-party resource utilizing the third-party resource access key, an encryption key; receiving, from the third-party resource, the encryption key; and decrypting the data stored on the storage devices utilizing the encryption key.

Abstract: A tracking device can securely communicate with a secondary device. The secondary device can provide locations associated with the tracking device to a tracking system. When the secondary device determines that the tracking device is lost (for instance, in response to no longer receiving communications from the tracking device), the secondary device can provide additional locations associated with the secondary device to the tracking system. The tracking system can store locations received before and after the tracking device was lost, and can provide these locations to the user for display within a map interface, enabling a user to digitally retrace the user's steps in order to aid the user in locating the lost tracking device.

Abstract: A tracking device can securely communicate with a secondary device. The secondary device can provide locations associated with the tracking device to a tracking system. When the secondary device determines that the tracking device is lost (for instance, in response to no longer receiving communications from the tracking device), the secondary device can provide additional locations associated with the secondary device to the tracking system. The tracking system can store locations received before and after the tracking device was lost, and can provide these locations to the user for display within a map interface, enabling a user to digitally retrace the user's steps in order to aid the user in locating the lost tracking device.

Abstract: A system and device for adding electronics to materials of a wallet to form a smart wallet. A smart wallet stows and retrieves information stored or displayed on various transaction cards and other information typically carried within the wallet. Electronic and physical features of a smart wallet include devices and techniques for attaching electronics to accessories, and also for attaching accessories, to primary devices to form a smart wallet. The user can then interact with the smart wallet and its cards, information and accessories using an interface that governs that interaction while retaining the security of the information. Mechanical features include techniques for integrating electronics within materials to add electronic functionality to make any device a smart wallet. Several accessory styles and devices for attaching same to electronics are also disclosed.

Abstract: Systems and methods for providing and verifying customer-owned trust of device firmware are described. In some embodiments, an Information Handling System (IHS), may include a processor and a Basic Input/Output System (BIOS) coupled to the processor, the BIOS having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a user, selection of a pre-boot code module; export a digest of the pre-boot code module to the user; and import the digest signed by the user.

Abstract: A method for voltage regulation includes reducing a power consumption of a voltage regulator during an IDLE phase, by disabling a feedback loop configured to regulate an internal voltage to a multiple of a reference voltage in response to the voltage regulator receiving a digital signal from a digital circuit. The internal voltage is proportional to an external voltage supplied to the digital circuit. A regulated accuracy of the external voltage is increased during a MEASUREMENT phase by enabling the feedback loop in response to the voltage regulator receiving the digital signal from the digital circuit.