Abstract: A method for tracking, locating and disabling an electronic device. A method includes checking if an application component operated correctly during last power-up of the device; and placing the device under control of power on self test to proceed with powering-up the device if the application component operated correctly during last device power-up.

Abstract: A mobile communications device, server, and method for providing security on a mobile communications device are described.

Abstract: The present invention disclosed a method and system of replacing smart cards. It uses a new identification device (a new SIM) to replace an old one (an old SIM) associated with a user account. The new identification device has an identification number (ICCID). The new identification device is activated in the following manner. The old identification device communicates with an identification-management center through a communication interface (mobile telephone). And the identification-management center recognizes the old identification device. The identification number of the new identification device is sent to the identification-management center through the communication interface. The identification-management center checks the identification number. If the identification number is correct, the user account will be assigned to the new identification device by the identification-management center.

Abstract: A method and a non-volatile memory apparatus for cloning prevention is provided. The non-volatile memory apparatus includes an Enhanced Media Identification (EMID) area, which is located in a specific area of the non-volatile memory, and stores an EMID for identifying the non-volatile memory; and an EMID encoder for modifying the EMID by a preset operation in conjunction with an arbitrary value.

Abstract: A method and a circuit for protecting a numerical quantity contained in an integrated circuit on a first number of bits, in a modular exponentiation computing of a data by the numerical quantity, including: selecting at least one second number included between the unit and said first number minus two; dividing the numerical quantity into at least two parts, a first part including, from the bit of rank null, a number of bits equal to the second number, a second part including the remaining bits; for each part of the quantity, computing a first modular exponentiation of said data by the part concerned and a second modular exponentiation of the result of the first by the FIG. 2 exponentiated to the power of the rank of the first bit of the part concerned; and computing the product of the results of the first and second modular exponentiations.

Abstract: A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the v

Abstract: There is provided a mobile communication device having a function capable of releasing lock on an IC card function by an authentication key other then a PIN if the IC card function is locked by a PIN authentication error in a mobile phone having a contactless IC card built in. When a PIN is locked in a mobile phone 1 having a contactless IC card built in, an IC application 11 is started up to transmit a second password other than a PIN to an authentication server 3. The authentication server 3 compares the second password received from the mobile phone 1 with another second password stored in a database 31. If both second passwords agree with each other, a PIN lock release command is transmitted to the mobile phone 1. Further, the mobile phone 1 switches the lock flag of the contactless IC card 13 to OFF from ON by the command received. The PIN lock of the IC card function is thereby released.

Abstract: A system and method for securing and tracking an electronic device. A method includes but is not limited to accepting a selection of a service to erase a hard disk drive in the electronic device; recording that the electronic device has been reported stolen; and erasing the hard disk drive.

Abstract: In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification.

Abstract: An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one.

Abstract: An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one.

Abstract: One or more computer networks having computers like personal computers or network servers with microprocessors linked by broadband transmission means and having hardware, software, firmware, and other means such that at least one parallel processing operation occurs that involve at least two computers in the network. One or more large networks composed of smaller networks and large numbers of computers connected, like the Internet, wherein more than one separate parallel processing operation involving more than one different set of computers occurs simultaneously and wherein ongoing processing linkages can be established between virtually any microprocessors of separate computers connected to the network.

Abstract: In one or more embodiments, an intelligent communications device is disclosed. In one embodiment, a plurality of circuit boards are operative to perform communication functions in a network, where the device includes a first circuit board and a second circuit board. The device includes a first actuatable member that is operative to selectively activate circuitry on the second circuit board, where the first actuatable member has a toggle switch that is operative to disable power supplied to the second circuit board while the first circuit board retains power and is fully operative to perform communications functions. The device includes a second actuatable member that is operatively coupled to an enclosure and a detachable cover. The detachable cover is configured to raise an alert when an unauthorized entity attempts to access the circuitry.

Abstract: The electronic apparatus includes: a timer for measuring an elapse time duration under a component-disengaged state after detection of the disengaged state by the sensor; a copy controlling unit for making data stored in the recording unit to be copied in a storage unit of the information processing apparatus; and a deleting unit for deleting data stored in the recording unit. The copy controlling unit makes data stored in the recording unit to be stored in the storage unit of the information processing apparatus when the timer detects elapse of a first predetermined time duration, and the deleting unit deletes data stored in the recording unit when data stored in the recording unit is copied in the storage unit. This makes it possible to prevent loss of data stored in the recording unit of the electronic apparatus, and to improve data confidentiality, and to prevent confidential information leakage.

Abstract: A system and method for detecting and storing information regarding a mobile communications device within a mobile communications network. Initially, a first data record is received at a subscriber/device database comprising subscriber/device data. Next, a second data record is received at the subscriber/device database comprising additional subscriber/device data. A first data record of a subscriber may then be compared to a second data record of the same subscriber, and if the first data record is different from the second data record a service provider may be notified.

Abstract: A method and system for installing software and hardware licenses on electronic devices supporting licensable features. Specifically, a method is disclosed for installing licenses in a node based licensing scheme. The electronic device defining the node receives an input containing an authorization key. The authorization comprises a license for a service feature, a node identifier, a software version, and a sequence number. Information in the authorization key is used to install the license on the electronic device. The node identifier is compared to an official node identifier stored at the electronic device. The sequence number is compared to an official sequence number stored at the electronic device. The license is installed into a pool of licenses available to the electronic device when the node identifier matches the official node identifier and the sequence number matches the official sequence number. The sequence number ensures that the authorization key at most can only be used once.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: An efficient pseudo-random function and an efficient limited number of times authentication system using such a function are realized. A pseudo-random function calculating device comprises a key creating means and a pseudo-random function calculating means. The key creating means creates a public key made of a set of at least a first component and a second component as components constituting an element of a finite group and a secret key made of an integer and secretly saves the created secret key in a secret key memory section but makes the public key public. The pseudo-random function calculating means outputs the element of a finite group as function value of the pseudo-random function upon receiving an integer as input.

Abstract: There is provided a method for operating a basic input/output system (BIOS) of a pay-as-you go computer system. In one example embodiment, the method includes periodically resetting a watchdog timer, wherein failure to reset the watchdog timer indicates a security violation. In another example embodiment, the method also includes comparing a first time count representing motherboard use time with a second time count representing hard drive use time to determine if a security violation has occurred. There is also provided a pay-as-you-go computer system having a BIOS configured to determine if a hard drive is password protected. In an example embodiment, the BIOS is configured to calculate a password to unlock the hard drive if the hard drive is password protected.

Abstract: A system and method provides for secure initialization and booting of a security appliance. The security appliance cooperates with a “smart” system card to provide cryptographic information needed to boot the security appliance in accordance with a secure boot procedure. The initialization procedure commences once the security appliance detects the presence of the smart card. The smart card and an encryption processor perform an authentication and key exchange procedure to establish a secure communication channel between them. The system card then loads a twice wrapped master key from a configuration database and decrypts the master key using a key associated with the system card. The wrapped master key is then forwarded via the secure communication channel to the encryption processor, which decrypts the wrapped key using a key associated therewith and enters an operating state using the decrypted master key.

Abstract: If this invention is granted and allowed to be brought to market there will finally be a method by which a lost or stolen computer will have a very high degree of probability that it will be returned to its rightful owner in good working order. In the near future I think it will destroy the market for all stolen computers.

Abstract: An agent on a network is preconfigured to automatically respond to neighborhood discovery by sending an advertisement having a spoof IPv6 address. A spoof IPv6 address includes a spoof NIC value that is a value that identifies a network interface card not being used on the network. Thus, upon receipt of the advertisement by the infected host computer system, malicious code on the infected host computer system probes the spoof IPv6 address space defined by a network section value of the spoof IPv6 address, the spoof NIC value, and the range of possible values of the assigned host ID value of the spoof IPv6 address. As there are no interfaces within the spoof IPv6 address space except that associated with the agent, propagation of the malicious code is slowed or defeated and connections are directed to the agent.

Abstract: One embodiment of the present invention provides a system that non-intrusively detects counterfeit components in a target computer system. During operation, the system collects target electromagnetic interference (EMI) signals generated by the target computer system using one or more antennas positioned in close proximity to the target computer system. The system then generates a target EMI fingerprint for the target computer system from the target EMI signals. Next, the system compares the target EMI fingerprint against a reference EMI fingerprint to determine whether the target computer system contains a counterfeit component.

Abstract: A medical information system includes a portable device and remote authentication computing device. The portable device stores a person's personal medical information, which it does not allow to be accessed without authentication, and has an activation mechanism and a computing device communication mechanism. The remote authenticating computing device is connected to a computing device network and stores authentication information and has an authentication software module and a diagnostic software module. The activation mechanism communicates the device with the remote authenticating computing device. The authentication software module requests authentication information from a user, receives input authentication information, verifies received authentication data against the stored authentication information, and after successful verification allows the medical information to be accessed by a computing device.

Abstract: A method and system for flexible management of a plurality of activities executed within at least one computer hardware resource perimeter configured at least one multicellular computer platform. The activities are executed by identifying an activity using extended serial numbers attributed to the activity, authenticating the serial number of a subsystem on which execution of the activity is authorized, verifying the extended serial numbers, and recording the extended serial numbers as activity licenses.

Abstract: A system and a method are provided for activating one or more security functions of a mobile electronic device. The system and method provide for the activation of one or more security functions when the mobile electronic device is stored in a mobile electronic device holder. Security functions include, for example, closing a data item currently being displayed on the mobile electronic device, erasing decrypted information stored on the mobile electronic device, locking the mobile electronic device, and performing a secure garbage collection operation.

Abstract: A method of generating an authentication code for a consumable in an imaging device, includes the steps of: an identification number assigned to the consumable; processing an indemnification number assigned to the consumable using a first algorithm to generate a preliminary number different from the identification number; and compressing the preliminary number using a compression algorithm that utilizes the identification number to generate the authentication code.

Abstract: An integrated circuit (IC) security apparatus with complementary security traces and a method for producing such an apparatus is disclosed. The security apparatus comprises a pattern generator, and a plurality of security traces. The arrangement of security trace pairs are such that the second trace is arranged substantially parallel to the first trace. The pattern generator produces two signals, a second signal, which is applied to the second trace, is substantially complimentary to the first security trace. The timing and amplitude of the second (complimentary) signal is developed such that any net induced currents are substantially nulled. One or more of the signals is received from the signal generator and compared to the same signal after it is conducted through a security trace. The results are analyzed to determine if the security of the IC has been breached.

Abstract: A method and system for authenticating a digital optical medium, such as a CD-ROM, determine whether the medium is an unauthorized copy, or the original. The original media is created, or altered, so as to contain anomalous locations from which the transfer of data is accomplished at different rates than a standard digital copy would exhibit. One implementation of the process involves timing analysis of the differences in data transfer rates, and does not necessarily require the retrying of data reads, nor does the process require the media to exhibit fatal errors, as in conventional approaches. The process can be employed in systems that control access to unauthorized copies, or may be used for other informative purposes.

Abstract: An apparatus and method for preventing information leakage attacks that utilize timeline alignment. The apparatus and method inserts a random number of instructions into an encryption algorithm such that the leaked information can not be aligned in time to allow an attacker to break the encryption.

Abstract: A data processing apparatus includes: a determination section that is connected to a storage and determines whether or not the storage is unauthorized; and a fraud handling section that erases information in all area of the storage as a fraud handling processing if the determination section determines that the connected storage is unauthorized.

Abstract: A method and apparatus for an independent operating system that prevents certain classes of computer attacks. Instruction decryption is performed on an existing instruction set for a processor. The processor architecture limits the impact on processor execution timing. The instruction execution timing is not altered in the processor core and any additional processing is overlapped into existing operations.

Abstract: A container security device includes a housing, electronic circuitry, and cabling. The electronic circuitry is disposed within the housing, and includes first and second microprocessor functions and an interface for accepting and providing data. The cabling is removably coupled to the housing, provides the only communicative coupling between the first microprocessor function and the second microprocessor function, and is adapted to be attached to a container latch so as to break the communicative coupling if the latch is opened. The housing includes a port for the electronic circuitry interface. A method of providing container security includes closing a container using a latch device and removably coupling the cabling to the housing so that the communicative coupling is broken if the latch is opened, providing the only communicative coupling between the first microprocessor function and the second microprocessor function.

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.

Abstract: Vehicle internetworks provide for communications among diverse electronic devices within a vehicle, and for communications among these devices and networks external to the vehicle. The vehicle internetwork comprises specific devices, software, and protocols, and provides for security for essential vehicle functions and data communications, ease of integration of new devices and services to the vehicle internetwork, and ease of addition of services linking the vehicle to external networks such as the Internet.

Abstract: A security system includes an appliance to be secured, including a processor and a first wireless transceiver for accessing a data network with a first power requirement; and a second wireless transceiver receiving power to operate even if the appliance is off, hibernates or sleeps, the second wireless transceiver operating at a second power requirement lower than the first power requirement, the second wireless transceiver communicating a signal indicating a security status of the appliance.

Abstract: Prior to customer use of a device, communication with the device is allowed via multiple pins of an external interface of the device. One or more pins of the multiple pins via which communication with the device is to be prevented during customer use of the device are identified. The one or more pins are monitored, and a remedial action is taken if particular activity is detected on the one or more pins. Various different remedial actions can be taken, such as resetting or disabling the device.

Abstract: A wireless handset configured to be remotely accessed is described. The wireless handset comprises a user interface, a handset memory, a processor, and a software module. The user interface resident on the wireless handset is configured to enable the wireless handset to be remotely controlled with a remote lock password. The handset memory stores the remote lock password. The processor is adapted to receive a remote lock message from another electronic device. The remote lock message comprises a received password and a target phone number. The software module matches the received password with the remote lock password and then proceeds to send at least one call to the target phone number. Additionally, a method for controlling usage of the wireless handset is also described.

Abstract: A system and method for encoding and decoding data. A method includes selecting a subgroup of bits from one or more bytes of binary encrypted information, wherein the binary encrypted information is for tracking, locating, and disabling an electronic device; passing the subgroup of bits to an encoding function that performs binary mapping operations on the subgroup of bits to generate an encoded byte; and encoding the next one or more bytes of binary encrypted information if the end of the binary encrypted information has not been reached.

Abstract: The invention relates to an electronic system comprising a printed circuit (30) contained in a package. The system comprises a protection device (32) comprising conducting tracks (74, P1, P2) carried by the printed circuit and each having a free end; a first integrated circuit (70) connected to the conducting tracks and adapted for detecting a variation in the capacitance seen by each conducting track; and a second integrated circuit (71), 74 optionally merged with the first integrated circuit, comprising a configurable memory (80) for selecting certain of the conducting tracks. The second integrated circuit is adapted for determining that an authorized or unauthorized access has occurred on the basis of the detection of the variation of the capacitance seen by at least one of the selected conducting tracks.

Abstract: An anti-tamper module is provided for protecting the contents and functionality of an integrated circuit incorporated in the module. The anti-tamper module is arranged in a stacked configuration having multiple layers. A connection layer is provided for connecting the module to an external system. A configurable logic device is provided for routing connections between the integrated circuit and the connection layer. Specifically, the configurable logic device is programmable to create logical circuits connecting at least one of the input/output connectors of the integrated circuit to at least one of the input/output connectors of the connection layer. Configuration information for programming the reconfigurable logic device is stored in a memory within the module.

Abstract: Detecting an unauthorized wireless access point in a network uses a detector. A rogue access point detector receives an incoming data packet which is scanned for a time expiration value. The time expiration value may be a Time To Live (TTL) value as used in Internet Protocol data packet headers. It is determined whether the time expiration value is the same as a threshold time expiration value. If the time expiration value is not the same as the threshold value, it is determined whether the incoming data packet was routed through an authorized access point in the network. If it is determined that the packet is not being routed from an authorized access point, a security component in the network, such as a network administrator's workstation, is notified. During this process the time expiration value remains unchanged.

Abstract: A pay-per-use or pay-as-you-go computer uses a secure memory to store individual unique program identifiers. Each unique program identifier is associated with a particular hardware or software component, or service, or the entire computer available to a user. By combining the unique program identifier with a computer hardware identifier uniquely identified transactions may be tracked for both billing and reconciliation. Certificates associated with each unique program identifier, and coupled to the hardware identifier, provide a cryptographic basis for mutual verification of messages, requests, configuration instructions, and provisioning.

Abstract: One embodiment of the present invention provides a system that non-intrusively detects counterfeit components in a target computer system. During operation, the system collects target electromagnetic interference (EMI) signals generated by the target computer system using one or more antennas positioned in close proximity to the target computer system. The system then generates a target EMI fingerprint for the target computer system from the target EMI signals. Next, the system compares the target EMI fingerprint against a reference EMI fingerprint to determine whether the target computer system contains a counterfeit component.

Abstract: A chip mountable on a replaceable unit used in an image forming job is disclosed. The chip includes a central processing unit (CPU) to perform at least one of authentication and cryptographic data communication with a main body of the image forming apparatus using an operating system (OS) of the CPU which operates separately from an OS of the image forming apparatus. With the use of such a configuration, security for a unit in which the chip is mounted can thereby be reinforced.

Abstract: A chip mountable on a customer replaceable unit monitoring memory (CRUM) unit used in an image forming job includes a central processing unit (CPU) with its own operating system (OS), which operates separately from an OS of the image forming apparatus, to perform authentication communication with a main body of the image forming apparatus using the OS of the CPU. The security of a unit on which the chip is mounted can thereby be reinforced and random changes of data of the unit can be prevented.

Abstract: Various embodiments for protecting keyboard data inputted by a user in a computer having a keyboard hardware are disclosed. According to one exemplary embodiment, a method for protecting keyboard data, where the keyboard hardware comprises an I/O port having an input buffer and an output buffer, includes: receiving scan code data based on keyboard data inputted by the user, wherein the scan code data are latched in the output buffer of the I/O port; executing an interrupt routine to fetch the scan code data from the output buffer to a CPU of the computer, wherein the latched scan code data remains in the output buffer after the latched scan code data are read from the output buffer; transmitting a control command to the keyboard hardware through the input buffer of the I/O port; and receiving from the keyboard hardware a response signal generated in response to the control command, wherein the keyboard hardware is configured to transmit the response signal to the output buffer of the I/O port.

Abstract: One embodiment of the present application includes a microcontroller (30) that has an embedded memory (46), a programmable processor (32), and a test interface (34). The memory (46) is accessible through the test interface (34). In response to resetting this microcontroller (30), a counter is started and the test interface (34) is initially set to a disabled state while an initiation program is executed. The test interface (34) is changed to an enabled state—such that access to the embedded memory (46) is permitted through it—when the counter reaches a predefined value unless the microcontroller (30) executes programming code before the predefined value is reached to provide the disabled state during subsequent microcontroller (30) operation.

Abstract: A system and method for electronic device communication. A system includes a client device application including an encryption/decryption module, wherein the module directly transmits and receives data to and from the client device application; and a server device application including an encryption/decryption module coupled to the client device application through a communication medium, wherein the module directly transmits and receives data to and from the server device application.

Abstract: A state store having state information therein is stored on a computing device. Information at least nearly unique to the computing device is obtained, and a number of locations at which at least a portion of the state store is to be stored at is determined. Pseudo-random file names and corresponding paths are generated based at least in part on the obtained information, whereby the generated file names and corresponding paths are likewise at least nearly unique to the computing device, and the generated file names and path are paired to form the locations. Thereafter, the state store is stored according to the generated locations.