Abstract: A credential caching system includes receiving a set of authentication credentials, storing the set of authentication credentials in a credential cache memory, wherein the credential cache memory is coupled with a management controller, and supplying the set of authentication credentials for automatic authentication during a reset or reboot. In the event of a security breach, the credential caching system clears the set of authentication credentials from the credential cache memory so that the set of authentication credentials may no longer be used for a reset or reboot.

Abstract: A secure decentralized storage system provides scalable security by addressing the performance bottleneck of the security manager and the complexity issue of security administration in large-scale storage systems.

Abstract: In a device having a plurality of circuits that can store at least a first value and a second value, a method can include configuring at least one circuit to persistently store the first value; determining whether the at least one circuit is storing the second value; and initiating a countermeasure if the at least one circuit is storing the second value. Determining whether the at least one circuit is storing the second value can include detecting whether the device has been attacked. Non-limiting examples of initiating a countermeasure can include resetting a portion of the device, powering down a portion of the device, activating an alarm circuit, causing protected data stored in the device to be erased, causing portions of the device to self-destruct, or causing the device to not respond to input applied to the interface.

Abstract: A computer-implemented method for detecting rootkits is disclosed. The computer-implemented method may include sending periodic security communications from a privileged-processor-mode region of a computing device. The computer-implemented method may also include identifying at least one of the periodic security communications. The computer-implemented method may further include determining, based on the periodic security communications, whether the privileged-processor-mode region of the computing device has been compromised. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A mobile computing device (MCD) can determine, based on model-specific test result information, whether an accessory may be incompatible with specific MCD functions. In some embodiments, the accessory provides test result information separately indicating a test result for each of a number of MCD models. Multiple MCD models can be grouped into a device class, and the MCD can deem the accessory compatible if he received test result information indicates a pass result for at least one of the device models associated with a device class to which the MCD belongs. If the accessory is not deemed to be compatible with the mobile computing device, the MCD can generate a warning.

Abstract: In at least some embodiments, an electronic device comprises a processor and an encryption/decryption (E/D) engine coupled to the processor via a bus. The E/D engine selectively operates in a first mode and a second mode. For the first mode, an E/D engine output is provided to the bus. For the second mode, the E/D engine output is not provided to the bus and is accessible only to the E/D engine.

Abstract: According to an aspect of an embodiment, an electronic apparatus comprises: an electronic apparatus powered by one of a plurality of electric power sources, comprising: a power supply unit for providing the interior of the electronic apparatus with the electric power from one of the electric power sources alternatively; and a controller for requesting user authentication when supply of the electric power to the interior of the electric apparatus is switched from one of the power sources to another.

Abstract: Theft deterrence and secure mobile platform subscription techniques for wireless mobile devices are described. An apparatus may comprise a removable secure execution module arranged to connect with a computing platform for a wireless mobile device. The removable secure execution module may comprise a first processing system to execute a security control module. The security control module may be operative to communicate with a security server over a wireless channel on a periodic basis to obtain a security status for the wireless mobile device. The security control module may output control directives to control operations for one or more components of the computing platform based on the security status. Other embodiments are described and claimed.

Abstract: Provided are a secure device and method for preventing a side channel attack. The secure device includes a secure module converting plaintext data received from the outside into ciphertext data to thereby store the converted ciphertext data, or converting stored ciphertext data into plaintext data to thereby output the converted plaintext data, and a side channel attack sensing module sensing a side channel attack upon the secure module, and, according to the sensing result, allowing the secure module to stop operating, inducing malfunctions of the secure module, delaying operations of the secure module, or making the secure module a device having the secure module disabled. The secure device can safely protect an internal security algorithm and data from the side channel attack.

Abstract: One embodiment of the present invention provides a system that non-intrusively detects counterfeit components in a target computer system. During operation, the system collects target electromagnetic interference (EMI) signals generated by the target computer system using one or more antennas positioned in close proximity to the target computer system. The system then generates a target EMI fingerprint for the target computer system from the target EMI signals. Next, the system compares the target EMI fingerprint against a reference EMI fingerprint to determine whether the target computer system contains a counterfeit component.

Abstract: An exemplary electronic device includes a detecting component and a storage unit. The detecting component generates detecting signals when the electronic device has been disassembled. The storage unit stores disassemble history information based on detecting signals received from the detecting component.

Abstract: A communication device and method for securing data include connecting a processor and at least one storage device via active pins of a switch in the communication device, and setting a secure command for securing data stored in the at least one storage device. The communication device and method further include invoking the secure command to delete the data in the at least one storage device, if text data of a received message matches the secure command, and switching the active pins to the inactive pins so as to disconnect the processor and the at least one storage device, thereby disabling the at least one storage device.

Abstract: In an embodiment, to deter or delay counterfeiting/cloning of a replacement component of a host device, the replacement component is provided with a code value. The code value is generated from a value of at least one physical parameter of the replacement component and is stored on the replacement component. The host device determines whether the replacement component is authentic if the stored code value matches a reference code value.

Abstract: A port securing module includes a power gate that is operable to be coupled in series to a power source and to a load. A resistor is coupled in parallel to the power gate. An operational amplifier includes an inverting input and a non-inverting input that couple the operational amplifier in parallel to each of the power gate and the resistor. The operational amplifier also includes an output that is operable to indicate whether a load is coupled to the power gate and, if a load is coupled to the power gate, supply a voltage to activate the power gate such that power is supplied to the load.

Abstract: A chip mountable on a customer replaceable unit monitoring memory (CRUM) unit used in an image forming job includes a central processing unit (CPU) with an operating system (OS) thereof, which is separate from an OS of the image forming apparatus, to perform at least one of authentication and cryptographic data communication with a main body of an image forming apparatus by executing one cryptographic algorithm corresponding to a set state from among a plurality of pre-provided cryptographic algorithms, using the OS thereof. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.

Abstract: A chip mountable on a customer replaceable unit monitory (CRUM) unit used in an image forming job includes a central processing unit (CPU) to perform cryptographic data communication with a main body of an image forming apparatus, using an operating system (OS) of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.

Abstract: A method and an apparatus for securing stand-alone microdevices or parts of larger processing devices are arranged for prevention of tampering, unauthorized use, and unauthorized extraction of information from an information containing region of the secured microdevice.

Abstract: A method, computer program product, and data processing system provide an updateable encrypted operating kernel. Secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension, the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.

Abstract: Methods and arrangements to persist a trusted time for a protected clock based upon a non-trusted but persistent time source are disclosed. Embodiments may comprise an embedded device, which may be hardware, software, firmware, and/or other logic, to maintain a trusted time in a protected clock. The embedded device may initialize the protected clock by obtaining a trusted time from a trusted time source such as a network server. The embedded device then maintains the trusted time in the event of a power loss to the protected clock by monitoring a time differential between the protected clock and a non-trusted system clock. Many embodiments also employ the protected clock without a battery backup to advantageously save manufacturing costs and space, while maintaining the trusted time in the event of a power loss by relying on a battery backup for the non-trusted system clock. Other embodiments are disclosed and claimed.

Abstract: An electronic control device and method for operating an electric roller shutter include establishing a wireless connection between the electronic control device and an electronic device if a preset login password is input. The electronic control device provides an operation interface to the electronic device, and receives a function instruction from the electronic device if a function key on the operation interface is pressed. The electric roller shutter is operated by the electronic control device according to the received function instruction.

Abstract: A system and method to selectively isolate one or more unprotected computer devices from the rest of the computer system and/or from the network. The ability to isolate and/or authenticate the software and/or hardware on or interacting with the unprotected software and/or hardware provides for a secured system despite the presence or use of an unprotected computer device.

Abstract: A push update system for a security system having a plurality of network nodes connected in a hierarchy to a root node, including: (i) an upstream agent of an upstream node for sending updates for respective downstream nodes; (ii) a schedule agent for scheduling processing by the upstream agent; (iii) a downstream agent of a downstream node for receiving and storing updates; and (iv) an update agent for processing received updates to queue updates for a downstream node. The root node includes the upstream agent and the schedule agent. Leaf nodes include the downstream agent, and intermediate nodes include all four agents. The updates include Internet threat signatures for Internet protection appliances of the leaf nodes.

Abstract: Various methods for detecting the removal of a processing unit, such as a microprocessor or a microcontroller, form a printed circuit board in a secure printing system, such as a postage metering system are provided. The methods utilize one or more of a real time clock provided internal to the processing unit, a CMOS device provided on the printed circuit board external to the processing unit, and CMOS memory internal to the processing unit to detect the removal of the processing unit and therefore an attack.

Abstract: A container security device includes a housing, electronic circuitry, and cabling. The electronic circuitry is disposed within the housing, and includes first and second microprocessor functions and an interface for accepting and providing data. The cabling is removably coupled to the housing, provides the only communicative coupling between the first microprocessor function and the second microprocessor function, and is adapted to be attached to a container latch so as to break the communicative coupling if the latch is opened. The housing includes a port for the electronic circuitry interface. A method of providing container security includes closing a container using a latch device and removably coupling the cabling to the housing so that the communicative coupling is broken if the latch is opened., providing the only communicative coupling between the first microprocessor function and the second microprocessor function.

Abstract: A method for service delivery to a client, in which the client selects a service, and establishes a connection with a system server to which it sends an identity associated with the client and an identifier of the service. The system server verifies that the client is authorized to access to the service and that the client is non-emulated. If this is verified, the service is provided to the client. In a preferred embodiment, the service is scrambled content and the system server provides a descrambling key to the client, and instructs a content server to provide the scrambled content to the client. Also claimed are a device, a system, and a system server.

Abstract: A home relationship is established between a device and a network by storing an ownership record in the device that identifies the network, and storing in the network a device identifier that identifies the device. Thereafter, communication is established between the device and the network. The ownership record is then transmitted from the network to the device, and automatic access to the device is granted to the network once the device verifies the transmitted ownership record against the ownership record stored in the device. In addition, the device identifier is transmitted from the device to the network, and automatic access to the network is granted to the device once the network verifies the transmitted device identifier against the device identifier stored in the network.

Abstract: A wireless security authentication system comprises a wireless element configured to determine validity of a user credential to enable use of a computing system, the wireless element powered by inductive coupling.

Abstract: A data protecting method for a portable memory storage apparatus is provided. The method includes determining whether a mode signal is at a data protecting mode, and performing a file hiding procedure to change a file allocation table if the mode signal is at the data protecting mode, wherein a host system coupled to the portable memory storage device is allowed to only access a portion of logical addresses of the portable memory storage apparatus according to the changed file allocation table and files stored in the portable memory storage apparatus before the file hiding procedure are written into another portion of the logical addresses. Additionally, the method still includes performing a file showing procedure to change the file allocation table if the mode signal is not at the data protecting mode, wherein the host system may access all the logical addresses according to the changed file allocation table.

Abstract: A method for protecting a volatile memory against a virus, wherein: rights of writing, reading, or execution are assigned to certain areas of the memory; and a first list of opcodes authorized or forbidden as a content of the areas is associated with each of these areas.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: Tamper detection circuitry includes a first surface layer surrounding a protected memory, the first surface layer comprising a first plurality of conductive sections; a second surface layer surrounding the protected memory, the second surface layer comprising a second plurality of conductive sections; a programmable interconnect located inside the first surface layer, the programmable interconnect being connected to each conductive section by a plurality of conductive traces, the programmable interconnect being configured to group the conductive section of the first and second plurality of conductive sections into a plurality of circuits, each of the plurality of circuits having a different respective voltage; and a tamper detection module, the tamper detection module configured to detect tampering in the event that a conductive section that is part of a first circuit comes into physical contact with a conductive section that is part of a second circuit.

Abstract: Embodiments including protected paths for digital rights management of digital objects are disclosed. Some embodiments disclosed herein may comprise processes or apparatus for transferring data from one or more peripherals to one or more computers or digital data processing systems for the latter to process, store, and/or further transfer and/or for transferring data from the computers or digital data processing systems to the peripherals. Some embodiments disclosed herein may comprise processes or apparatus for interconnecting or communicating between two or more components connected to an interconnection medium a within a single computer or digital data processing system.

Abstract: A manageability engine of a processor based device and a host theft-deterrence agent of the processor based device, jointly implement a theft-deterrence protocol with a theft-deterrence service, remotely disposed from the processor based device, to deter theft of the processor based device. The host theft-deterrence agent is configured to operate in a processor operated application execution environment of the processor based device, and the manageability engine is configured to operate outside the application execution environment.

Abstract: A system and method of owner control of an electronic device are provided. Owner identification information, such as data integrity and source authentication information, is stored on the electronic device. Received owner control information is stored on the electronic device where the integrity of the received owner control information is verified and/or the source is authenticated using the owner identification information. In one embodiment, owner identification information comprises an owner signature private key.

Abstract: In an embodiment, a method is provided.

Abstract: An active shield can be configured to receive a test signal, and configured to output a plurality of shield signals, derived from the test signal, via a plurality of signal paths. A compare logic can be configured to compare the test signal with each of the plurality of shield signals to provide at least two comparison signals indicating comparison results and can be configured to output the at least two comparison signals. A detection and decision logic can be configured to determine whether the active shield is subject to attack based on patterns of the at least two comparison signals.

Abstract: Processor arrangement having a first processor, a second processor, and at least one memory configured to be shared by the first processor and the second processor. The second processor has a memory interface configured to provide access to the at least one memory, and a processor communication interface configured to provide a memory access service to the first processor. The first processor has a processor communication interface configured to use the memory access service from the second processor. The first processor and the second processor use at least one cryptographic mechanism in the context of the memory access service.

Abstract: A system and method for electronic device protection. A method includes activating the electronic device; transferring control to a Basic Input/Output System (BIOS) component after activation; transferring control to a non-viewable component from the BIOS component; verifying that an application component operated correctly during a previous device activation; and continuing with activation of the electronic device if the application component operated correctly during the previous device activation.

Abstract: An electronic device has software for protecting the electronic device from unauthorized utilization. When executed, the software causes the electronic device to execute an application component, wherein the application component is configured to automatically ascertain whether the electronic device has been reported stolen, based on information received from a server system. The electronic device also automatically determines whether the application component is operating correctly, and if so, automatically provides a basic input/output system (BIOS) component of the electronic device with information indicating that the application component is operating correctly. During a subsequent boot process for the electronic device, the software automatically prevents the electronic device from completing the boot process if the BIOS component does not find the information from the application component indicating that the application component was operating correctly. Other embodiments are described and claimed.

Abstract: The present invention aims to provide a network projector which has a simple security function via a network. The network projector comprises a power source unit which supplies power to the network projector and a display signal control unit which, when confirming that a connection confirmation signal which is transmitted at a fixed period from a host computer via a network is not inputted for more than a predetermined time, outputs a supply stop signal to the power source unit indicating that the supply of power should be stopped.

Abstract: A protected data storage device that protects data from a wireless computer network from theft and environmental conditions includes a housing having front, rear, top, and bottom walls each constructed of a rigid, fire resistant material, the housing defining an interior area. A digital storage unit is positioned in the housing interior area. A processor is situated in the housing interior area in data communication with the digital storage unit. A wireless receiver is coupled to an outer surface of a respective housing wall in data communication with the storage unit and processor. Programming in data communication with the processor causes the processor to actuate the receiver to receive data signals from the wireless network and store received data in the storage unit.

Abstract: A secure insert comprises a shell including a lid and a container configured to receive and encase one or more circuit cards, wherein the shell is further configured to be inserted into and engage a card slot area of a chassis. A bridge connector is disposed inside the shell and configured to couple the one or more circuit cards to a chassis connector. A tamper sensor is disposed inside the shell and configured to detect unauthorized tamper events.

Abstract: Provided are a computer program product, system, and method to allocate blocks of memory in a memory device having a plurality of blocks. At least one unencrypted memory allocation function coded in an application is executed to request allocation of unencrypted blocks in the memory device. An encrypted memory allocation function coded in the application is executed to request allocation of encrypted blocks in the memory device. At least one unencrypted Input/Output (I/O) request function coded in the application indicating an I/O operation to perform against the unencrypted blocks in the memory device is executed. At least one encrypted I/O request function coded in the application indicating an I/O operation to perform against the encrypted blocks in the memory device is executed.

Abstract: A security memory device includes a memory cell array that stores a plurality of contents, including a mine, which is stored as a portion of the plurality of contents. The mine is triggered when it is accessed, typically such that the mine erases the memory contents. Also, control logic is included that controls access to the plurality of contents. In one aspect, the memory cell array can include a protected-cell zone and a free-cell zone. In this aspect, the security memory device can further include a lock that provides protection for contents stored in the protected-cell zone from access and a key that is capable of unlocking the lock.

Abstract: A portable storage device contains a real time clock, an onboard power source and secure storage. These components enable the device to securely store data and control access thereto. A secret key can be maintained in secure storage, such that access to the device can be denied to external systems that do not have a matching key. A log detailing connections can also be maintained in secure storage, such that device activity can be accurately documented, and made available in a trusted manner to a management system. Furthermore, the onboard real time clock allows stored data to be encrypted and decrypted in conjunction with specified time periods, such that a session key is destroyed after a time out, or is not made available until a given period of time has transpired.

Abstract: A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.

Abstract: A system, method, and computer program product are provided for isolating a device associated with at least potential data leakage activity, based on user input. In operation, at least potential data leakage activity associated with a device is identified. Furthermore, at least one action is performed to isolate the device, based on user input received utilizing a user interface.

Abstract: A method and system for unlocking diagnostic functions in a hardware device for a user. The method obtains a signed permission object for the hardware device, and validates the signed permission object. A memory of the hardware device stores a device identifier and a last recorded sequence number. The signed permission object includes a sequence number and is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object. When the signed permission object is valid, the method updates the expiration counter to decrease the lifetime of the signed permission object, stores the sequence number associated with the signed permission object as the last recorded sequence number in the hardware device, and unlocks the diagnostic functions for the user based on the signed permission object.

Abstract: A monitoring device for a computing device of a computer system includes a remote control module, and a wireless receiving unit disposed on a computing device. The computing device includes an input/output control unit connected electrically to a central processing unit. The remote control module includes a microprocessor, and a connecting interface, a plurality of key units, and a wireless transmitting unit connected electrically to the microprocessor. Each of the key units is depressible to generate a control signal which is transmitted to the microprocessor. The microprocessor transmits the control signal to the input/output control unit through the connecting interface or the wireless transmitting and receiving units according to whether the connecting interface is connected to or disconnected from the input/output control unit so as to communicate with the computing device, thereby protecting the computer system and permitting power management.

Abstract: Described herein are devices and techniques related to implementation of a trustworthy electronic processing module. During fabrication, a manufacturer is provided with partial technical specifications that intentionally exclude at least one critical design feature. Fabrication of the electronic processing module is monitored from a trusted remote location; wherefrom, the intentionally excluded at least one critical design feature is implemented, thereby completing manufacture of the trustworthy electronic processing module. At least one of the acts of monitoring and implementing can be accomplished by instantiating executable software remotely from a trusted remote location and immediately prior to execution. It is the executable software that enables at least one of the acts of monitoring and implementing. Further, the instantiated executable software is removed or otherwise rendered inoperable immediately subsequent to execution.