Abstract: Methods and devices for instructing a subscriber identity module in a cellular communications network to process non-standard authentication information in a standard manner are disclosed. One embodiment of a method comprises receiving a first message authentication code (MAC) and an authentication management field (AMF) at a subscriber identity module as part of an authentication protocol, calculating a second MAC and determining whether the second MAC is equivalent to the first MAC. If the first and second MAC are not equivalent, the SIM calculates a third MAC and determines whether the first MAC is equivalent to the third MAC, and if so, the subscriber identity module processes the AMF in a predefined or standard manner.

Abstract: Techniques are generally disclosed for using an operating entity, including a method, apparatus, and/or system to control usage of the operating entity. In various embodiments, an in-use signal generator may be configured to generate at least one in-use signal, with the at least one in-use signal having a signal duration representative of at least one usage episode of the operating entity. An aging circuit may be coupled to the in-use signal generator and configured to output at least one age-affected signal in response to the at least one in-use signal. A metering module may be coupled to the aging circuit and, in response to the at least one age-affected signal, and configured to measure a signal characteristic of the at least one age-affected signal and translate the signal characteristic into a generated quantity of accumulative usage of the aging circuit.

Abstract: A method for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, and an apparatus thereof. The apparatus for encrypting and processing data in a flash translation layer includes a flash memory and a controller. The flash translation layer searches at least one page of the flash memory storing the data when a write of optional data is requested from the controller, generates, corresponding to respective searched pages, a page key according to a predetermined encrypting function when the searched page supports an encryption, and encrypts and stores the data by the page key in the respective searched pages.

Abstract: Bootstrapping an electronic communication device in a communications network by receiving a detection message from a detection source that a new device/subscriber combination is detected by the communications network and sending a notification message with basic device management parameters and subscriber identification to an operator's business system, notifying the operator's business system that a new device/subscriber combination has been detected, and to send—in response to the notification message—an order message to a smartcard management system to update a smartcard of the device with the basic device management parameters.

Abstract: Data, stored in MRAM-cells should be protected against misuse or read-out by unauthorized persons. The present invention provides an array of MRAM-cells provided with a security device for destroying data stored in the MRAM-cells when they are tampered with. This is achieved by placing a permanent magnet adjacent the MRAM-array in combination with a soft-magnetic flux-closing layer. As long as the soft-magnetic layer is present, the magnetic field lines from the permanent magnet are deviated and flow through this soft-magnetic layer. When somebody is tampering with the MRAM-array, e.g. by means of reverse engineering, and the flux-closing layer is removed, the flux is no longer deviated and affects the nearby MRAM-array, thus destroying the data stored in the MRAM-cells.

Abstract: A method and circuits for implementing a hacking detection and block function at indeterminate times, and a design structure on which the subject circuit resides are provided. A circuit includes an antenna wrapped around a dynamic bus inside circuitry to be protected. The antenna together with the dynamic bus node is designed so an average bus access activates a field effect transistor (FET) that is connected to a capacitor. The FET drains the capacitor in a specified number of activations by the antenna. The capacitor has a leakage path to a voltage supply rail VDD that charges the capacitor back high after a time, such as ten to one hundred cycles, of the dynamic bus being quiet. The capacitor provides a hacking detect signal for temporarily blocking operation of the circuitry to be protected responsive to determining that the dynamic bus is more active than functionally expected.

Abstract: In a method for securing and disabling an electronic device, the electronic device automatically executes a basic input/output system (BIOS) component of a security and tracking service during boot up. The BIOS component automatically determines whether an application component of the security and tracking service has requested disabling of the electronic device. In response to a determination that the application component has requested disabling of the electronic device, the BIOS component automatically displays system information and unlock key. The BIOS component also automatically prompts a user of the electronic device to enter an activation password to re-enable the electronic device. Other embodiments are described and claimed.

Abstract: Aspects describe remotely diagnosing unauthorized hardware changes on a mobile device. The changes can be identified based on hardware component identification and/or based on behavior characteristics of the device. If an unauthorized change is detected, information relating to that change can be reported to a service provider. Further, actions associated with the authorized change can be automatically implemented or implemented after confirmation to proceed with the recommended action.

Abstract: A method and system prevents data stored in a computer system from being manipulated, particularly via hacker attacks and virus infection. The computer system comprises means for switching a portion of system memory into a write-protected mode which is exclusively operable from outside of the computer's operating system. During boot or during an installation process of an application program, writing to a write-protectable area is temporarily enabled, and security-relevant information is written into said write-protectable area. A user is then prompted to perform a manual switching to restrict writing to said write-protectable area, and write access to said write protected area is thereafter restricted in response to said manual switching during further runtime of said computer system.

Abstract: In one or more implementations, a computing device may receive information from a matrix code reader that scans multiple matrix codes, each displayed by one of multiple devices. The computing device may determine whether or not the devices are being fraudulently utilized, such as whether the devices are in the same location. Additionally, in some implementations, a computing device may receive a service request from a matrix code reader that includes an associated telephone number. The computing device may extract the number and may handle the service request based on the number. Moreover, in various implementations, a computing device may receive information from a matrix code reader that scans a displayed matrix code. The information may include an electronic signature that is included in the matrix code by the device. After receiving the information, the computing device may analyze the information to determine that the electronic signature is valid.

Abstract: A method and apparatus for configuring an electronics device. The method includes receiving, by the electronics device, a request for a command to perform a predetermined operation by the electronics device and sending the command in response to receiving the request. The electronics device then receives a signature based upon the command, whereupon the electronics device verifies the signature by the electronics device and, following an affirmative verification, executes the command for performing the predetermined operation. In this way, the electronics device may be reconfigured remotely without knowledge of the particular command for performing the predetermined operation by the electronics device.

Abstract: A power supply that can be authenticated is disclosed. An apparatus according to aspects of the present invention includes an external power supply of an electronic product that modulates an output of the power supply with information encoded to identify the power supply to the product.

Abstract: The method includes the steps of receiving at the PEAD first digital data representing the transaction request. The PEAD provides information to the user regarding an ability to approve the transaction request. When the transaction request is approved by the user, the PEAD receives second digital data representing the electronic service authorization token. A remote agent server may provided a bridge between the electronic transaction system and the PEAD. In another embodiment, the private key is stored on the portable device, encrypted. The decryption key is stored outside of the device, at a trusted 3rd party location. When the user attempts to make a signature the software sends a request for the decryption key, along with the user's password or pass phrase keyed in at the keyboard of the PDA, smart phone, or cell phone, to a server belonging to the trusted 3rd party.

Abstract: A secure PIN entry device including a PIN entry assembly operative to receive a PIN from a user, a PIN entry prompter operative when actuated to prompt a user to enter a PIN via the PIN entry assembly, a PIN entry prompt security check enabled controller operative to prevent operation of the PIN entry prompter unless a predetermined security check has been successfully completed and security check functionality operative to check at least part of the PIN entry device for the presence of an unauthorized PIN eavesdropping element thereat and to provide an output to the PIN entry prompt security check enabled controller indicating whether the predetermined security check has been successfully completed.

Abstract: A method for electronically storing and retrieving at a later date a true copy of a document stored on a remote storage device comprises: sending a document in electronic format from a document owner's computing device to a store entity for storing the document; generating a digest of the document while the document is at the store entity by applying a hash function to the document; signing the digest electronically with a key while said document is at the store entity; generating a receipt that includes the digest and the key; sending the receipt to the document owner; and verifying, at the document owner's computing device, that the received receipt corresponds to the document sent from the owner's computing device.

Abstract: A secured computing system and container therefor may comprise: a base for receiving a computing device; a securable first cover for substantially enclosing at least part of the computing device when the first cover is in a first position in the base; a securable second cover for preventing access to the computing device when the second cover is in a secured position, wherein access to the computing device is available when the second cover is not in the secured position. The computing device may be substantially enclosed when the first cover is in the first position in the base and the second cover is in the secured position; and one or more user features of the computing device may be accessible when the first cover is not in the first position in the base. The computing device may include a computer processor or computer peripheral.

Abstract: In an embodiment, a method is provided. The method of this embodiment provides receiving a packet having a wake-up pattern, and waking up if the wake-up pattern corresponds to one of a number of dynamically modifiable passwords on a pattern wake list, each of the dynamically modifiable passwords being based, at least in part, on a seed value.

Abstract: A system for identifying peripheral devices in an information handling system uses a path-based signature for each peripheral component device. A static table is included for listing the path of each peripheral device and is accessible to the Basic Input-Output System (BIOS). The BIOS is configured to identify peripheral components associated and determine a path-base device signature for each peripheral component.

Abstract: A system and method for identifying lost/stale peripheral hardware devices connected to an enterprise computer system is disclosed. In one embodiment, a method for identifying lost peripheral hardware devices connected to an enterprise computer system includes initializing system memory by obtaining data structures associated with last detected connected peripheral hardware devices stored in an external database upon reboot, initiating an enterprise computer system wide scanning to obtain the detected data structures associated with current connected peripheral hardware devices during the reboot, and comparing the obtained data structures associated with the last detected connected peripheral hardware devices and the current connected peripheral hardware devices to determine whether there is any chance in system resources associated with the connected peripheral hardware devices during the reboot.

Abstract: A secure switch assembly for controlling first and second computers using a common keyboard and a common mouse is provided. The switch assembly comprises a secure controller together with first and second switching elements. The secure controller comprises receiving means, configured to receive a selection signal from a user, determining means configured to determine whether the selection signal represents a single, coherent selection and transmitting means configured to emit first and second enabling signals. The first switching element is associated with a first computer and is configured to receive a signal indicative of a mouse instruction from a mouse, a signal indicative of a keyboard instruction from a keyboard and a first enabling signal from the secure controller.

Abstract: An apparatus for recognizing security situation and generating situation information based on spatial linkage of physical and IT security, the apparatus includes: a security event collection unit for mapping, when a security event is detected from a security device, unique information of the security device to a location or an object in a real space, and collecting correlated security events based on the mapped information; a security situation awareness unit for determining a type of a security situation and a degree of threat based on the correlated security events; and a situation information generation unit for analyzing a correlation between the correlated security events and the security event to generate security situation information.

Abstract: In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification.

Abstract: The invention comprises an intrusion-detection system based on a switch 1 that provides more effective protection by means of an innovative arrangement of three intrusion-detection contacts 16-17-18 on an electronic circuit, connected to two different intrusion-detection electronic circuit and an intrusion-detection switch 1 with a special design that provides three different interconnections between said contacts in response to different intrusion attacks. The special arrangement of the contacts on the electronic board provides protection against different sophisticated attacks even without the participation of the intrusion-detection switch.

Abstract: Method, computer program product and apparatus for physically securing a server in response to detecting an unauthorized intrusion event. The method comprises detecting an unauthorized physical intrusion event to a data center, rack or chassis including a plurality of servers, communicating the detected unauthorized intrusion event to a management module that manages the plurality of servers, and automatically physically securing one or more of the plurality of servers against manual removal. Optionally, the step of physically securing may include disabling one or more front panel controls on the plurality of servers, such as a physical power switch. In a further option, the step of physically securing may include disabling one or more external ports on the plurality of servers, such as a keyboard-video-mouse port. A preferred method allows the one or more physically secured servers to continue to operate.

Abstract: A cryptographic device that will actively clear its memory even in the absence of external power when a security breach is detected is provided. The memory cell clusters of the cryptographic device are provided with an internal power source that provides sufficient energy for the memory cell clusters to perform a clearing operation. If the external power source for the memory is removed and a physical security breach is detected, the power from the internal power source will allow the memory cells to actively clear their contents, thereby rendering any attempt to obtain the contents of the memory cells fruitless.

Abstract: A circuit and method for securing against non-reset of a device associated with the circuit, the circuit comprising: a first register for holding a first multi-bit value and to produce a first multi-bit output value related to the first multi-bit value; a second register for holding a second multi-bit value and to produce a second multi-bit output value related to the second multi-bit value; an inverter means arranged to invert only one of the first and second output values; and a comparator arranged to compare the inverted and non-inverted output values to produce a comparator output, wherein the first and second registers are arranged such that they are subject to substantially the same operational conditions.

Abstract: A process is provided in which a first device, e.g., a hub device of a home network, is temporarily provided with a SIM to store a challenge-response, and thereafter the first device uses the stored challenge-response to interrogate a second device, e.g., a mobile telephone, to authenticate that the second device now has the SIM with which the first device was previously provided. A further process is provided in which the second device authenticates that the first device previously had access to the SIM by verifying that a response from one or more challenge-response pairs provided by the first device to the second device is the same as a response received by the second device from the SIM when the second device interrogates the SIM with the challenge of the challenge-response pair received earlier from the first device.

Abstract: Methods for authenticating firmware in a computing device include partitioning functions critical to the intended role of the computing device so that, upon successful authentication of the firmware, all functions of the device are made operational. Otherwise, the computing device behaves in a diagnostic mode of operation to assist users in troubleshooting to eventually authenticate firmware. At least first and second sets of firmware are loaded at various times into a controller of the computing device with the first set occurring without verification of trustworthiness, while the second set occurs upon authentication of the first. The second is used to authenticate a remainder set of firmware. Particular computing devices contemplate laser printers, mobile phones, PDA's, gaming consoles, etc. Firmware downloads, error messaging, hash comparisons, signature table construction, page-in techniques, computer program products, and particular computing arrangements are other noteworthy features, to name a few.

Abstract: The present invention teaches a powerless lockable UFD system and a method for securely protecting information stored and retrieved on UFDs (USB flash drives) that does not require electric power in order to enter a password to the UFD. The system also features an alarm and reset mechanism for clearing entered passwords. Passwords are concealed from the sight of a viewer for further protection. The system can be similarly incorporated into peripheral devices such as hard-disk drives (HDDs), printers, scanners, cameras, and portable memory devices.

Abstract: Systems and methods for handling user interface field data. A system and method can be configured to receive input which indicates that the mobile device is to enter into a protected mode. Data associated with fields displayed on a user interface are stored in a secure form on the mobile device. After the mobile device leaves the protected mode, the stored user interface field data is accessed and used to populate one or more user interface fields with the accessed user interface field data for display to a user.

Abstract: A secure system (1) for processing data includes a first device (2), and at least one second device (3) is characterized in that—each second device (3) comprises monitoring elements (7) suitable for transmitting operating information to the first device (2), and—the first device (2) includes elements (8) for storing a behavioral model of each second device (3) and elements (9) for comparing the operating information received from each second device (3) with the behavioral model so as to determine whether the operation of the second device (3) is compliant with the behavioral model stored, and validation elements (10) suitable for preventing the running of a sensitive operation on this second device or for instructing a change of state of the second device if the second device does not manifest compliant operation. A method and a computer program are also described.

Abstract: An electronic device security and tracking system. A system includes one or more clients, wherein the clients are electronic devices; and a server computer system connected to each of the clients, wherein the server computer system is capable of tracking and locating each of the clients. In one aspect, the server computer system includes one or more web servers coupled to each of the clients, wherein the web servers include a website for the electronic device security and tracking system; one or more file transfer protocol servers coupled to each of the web servers; and one or more database servers connected to each of the web servers.

Abstract: The present application relates generally to content management (e.g., managing audio and video items in portable devices). One claim recites a method comprising: utilizing electronic memory housed in a portable device, maintaining a listing of up to N identifiers associated with previously accessed audio or video items, where N is an integer, and where each previously accessed audio or video item has an identifier associated therewith; utilizing a programmed electronic processor housed in the portable device, i) restricting access to a new audio or video item if an identifier associated with the new audio or video item is one of the N identifiers associated with the previously accessed audio or video items, or ii) limiting a number of content items each with a different user identifier associated therewith that can be accessed in a certain amount of time. Of course, other claims and combinations are provided as well.

Abstract: A process is provided for protection against theft of electronic payment terminals utilized in a group including at least two electronic payment terminals organized as a network. The process includes the following steps: mutual detection of the presence of each of the terminals of the group; and transmission of absence information if at least one of the terminals is not detected.

Abstract: In a method for detecting anomalies in a circuit protected by differential logic and which processes logic variables represented by a pair of components, a first network of cells carrying out logic functions on the first component of said pairs, a second network of dual cells operating in complementary logic on the second component, the logic functions being carried out by each pair of cells in a pre-charge phase placing the variables in a known state on input to the cells and followed by an evaluation phase where a calculation is performed by the cells, the method includes detecting an anomaly by at least one non-consistent state.

Abstract: A communications system includes a plurality of patch panels having a plurality of connector ports connected to individual communication channels, a switch that provides access to multiple networks via one or more switch ports, a system manager that controls interconnections between the patch panels and the switch, and a plurality of patch cords configured to selectively interconnect patch panel connector ports. The system manager is configured to receive a request to connect an individual communication channel to a specific network, to identify which patch panel connector ports are required to be patched together via one or more patch cords in order to establish a circuit to the requested network, and to enable a switch port to activate the circuit. The system manager is configured to monitor connectivity of a circuit and to park a switch port associated with the circuit in response to detecting a change in circuit connectivity.

Abstract: A system provides secure communications between a user operated device and a computerized device. The user operated device transfers an enable security message to the computerized device, and in response, the computerized device sends a first communications enablement message to the user operated device and displays a second communications enablement message on a display of the computerized device for viewing by a user operating the user operated device. The user operated device receives the first communications enablement message from the computerized device and receives the second communications enablement message from the user and establishes a secure communications session between the user operated device and the computerized device using the first communications enablement message and the second communications enablement message. The communications enablement messages can contain key material that enable encryption between the user operated device and the computerized device.

Abstract: An arrangement for the protection of cryptographic keys and codes from being compromised by external tampering, wherein the arrangement is utilized within a multilayered securing structure. More particularly, there is provided a multilayered securing structure for the protection of cryptographic keys and codes, which may be subject to potential tampering when employed in computers and/or telecommunication systems. A method is provided for producing such multilayered securing structures within a modular substrate with the intent to protect cryptographic keys and codes which are employed in computers and/or telecommunication systems from the dangers of potential tampering or unauthorized access.

Abstract: In embodiments of a location control service, location data that identifies the location of a device is stored in a memory module, such as secured non-volatile memory or a storage module, of the device along with a timestamp that correlates to local time at the location of the device. A determination is then made as to whether the location of the device has changed. Functionality of the device can be disabled, and access to data stored on the device restricted, when determining that a change in location of the device was not authorized. Alternatively, the location data can be updated to identify a new location of the device when determining that a change in location of the device was authorized.

Abstract: Method for embedding a session secret, within an application instance, comprising the steps of generating an ephemeral session secret by a master application. Embedding, by master application, secret bytes, within application bytes of a slave application. Calculating said ephemeral session secret, by slave application, from said embedded secret bytes, when slave application is executed.

Abstract: A chip mountable on a customer replaceable unit monitory (CRUM) unit used in an image forming job includes a central processing unit (CPU) to perform cryptographic data communication with a main body of an image forming apparatus, using an operating system (OS) of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.

Abstract: Provided is information processing apparatus, information processing method and a record medium, which can prevent occurrence of manipulation, in a case of accessing a memory, without consuming the access band of the memory. A main-processing unit, a sub-processing unit and a memory for loading a program are provided and process limit information stored in the memory is stored in storing means. The sub-processing unit judges whether a program to be executed is manipulated or not, and loads a program to be executed in the memory in case that the program is not manipulated. The sub-processing unit refers to the process limit information before execution of a program, and not permits execution of the program of the main-processing unit in case that a process by the main-processing unit for information stored in the memory accords with a process included in the process limit information.

Abstract: A method of limiting read/write access of information stored on an electronic trip unit is disclosed. The method includes requesting a valid password on one of a communication port of the electronic trip unit and a display device of the electronic trip unit, receiving a password at a processor of the electronic trip unit in response to the request, determining if the received password is valid based on password information stored on a memory of the electronic trip unit, and limiting read/write access of information stored on the electronic trip unit based on the determination.

Abstract: An apparatus and method for printing data based on an electronic file and generating management information about the print data including receiving print data and identification information associated with the electronic file, comparing the received print data with registered print data registered in a management apparatus based on the identification information, and registering the management information.

Abstract: A vital product data (VPD) system is connected to a network, allowing the VPD system to be accessed for inquiries about VPD. The VPD system includes a baseboard management controller (BMC), a VPD cache, a platform initialization system and a tamper detection switch. The BMC communicates with the tamper detection switch and sets a VPD flag to false when tampering is detected. Queries to the BMC through the network for VPD are then held pending and the VPD cache refreshed with a no-boot power on, using the platform initialization system to collect the new VPD capturing the nature of any modifications after tampering.

Abstract: This disclosure relates to interference management for a security and tracking system of an electronic device. In one embodiment, during a startup process, an electronic device executes a security program and automatically attempts to access a first web server to ascertain whether the electronic devices has been reported as stolen. In response to an unsuccessful attempt to access the first web server, the electronic device may automatically attempt to access a second web server for data regarding operational status of the first web server. In response to unsuccessful attempts to access the first and second web servers, the electronic device may automatically present an interference alert to provide notification that the electronic device will be disabled if the electronic device continues to experience interference. The electronic device may be automatically disabled in response to a predetermined number of startup sequences with interference. Other embodiments are described and claimed.

Abstract: Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another. One aspect pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect pertains to provisioning software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices can, for example, be provisioned differently depending on different degrees or levels of authentication, or depending on manufacturer or product basis. Still another aspect pertains to using an accessory (or adapter) to convert a peripheral device (e.g., USB device) into a host device (e.g., USB host). The improved techniques are particularly well suited for electronic devices, such as media devices, that can receive accessory devices.

Abstract: A method for extending a secure area in a portable storage device and the portable storage device therefore are provided. The method includes allocating a secure area for storing data to be received within an insecure area, sending position information regarding the secure area allocated within the insecure area to a host device, receiving the position information and data to be stored in the secure area from a secure application of the host device, and encrypting and storing the data in the insecure area based on the position information.

Abstract: A computer-implemented method may include identifying a security event condition associated with a device. One or more security rules may be identified for execution based on the device and the identified security event condition, wherein the one or more security rules define security related actions to be performed upon occurrence of the security event condition. The security related actions may be initiated by at least one processor on the device to secure the device from unauthorized use.

Abstract: An information processing system includes a management apparatus having a transmission preventing part preventing transmission of a predetermined usage allowing signal allowing usage of a predetermined device, in response to receiving a predetermined usage preventing instruction for the predetermined device.