Abstract: An authentication processing apparatus includes an authentication unit, having a circuit that performs authentication phases included in processing for authenticating an external device. A command holding unit holds a first command that indicates whether or not each of the authentication phases is performed by the authentication unit. An authentication controller causes the authentication unit to perform an authentication phase that is indicated, by the first command, to be performed by the authentication unit. A CPU performs software processing of an authentication phase that is indicated, by the first command, not to be performed by the authentication unit.

Abstract: Methods, systems, and articles of manufacture consistent with the present invention provide for administering a protected item. An anti-theft key encoded with a radio frequency identification of the user and biometric data of the user is provided. The anti-theft key is associated with the protected item such that the protected item is accessible with the anti-theft key.

Abstract: A method for content access control operative to enable authorized devices to access protected content and to prevent unauthorized devices from accessing protected content, the method comprising: providing a plurality of authorized devices; dividing the plurality of authorized devices into a plurality of groups, each of the plurality of authorized devices being comprised in at least one of the plurality of groups, no two devices of the plurality of authorized devices being comprised in exactly the same groups; determining whether at least one device of the plurality of authorized devices is to be prevented from having access to the protected content and, if at least one device is to be prevented, removing all groups comprising the at least one device from the plurality of groups, thus producing a set of remaining groups; and determining an authorized set comprising groups from the set of remaining groups, such that each device of the plurality of authorized devices which was not determined, in the determining

Abstract: A system and method is disclosed for placing an electronic apparatus into a protected state in response to environmental data. The method discloses: receiving a set of environmental data applicable to an electronic apparatus; generating an environmental status applicable to the electronic apparatus based-on the environmental data; and placing the electronic apparatus into a protected state based-on the environmental status. The system discloses an environment characterization module which receives a set of environmental data applicable to an electronic apparatus, and generates an environmental status applicable to the electronic apparatus based-on the environmental data; and an apparatus protection module which places the electronic apparatus into a protected state based-on the environmental status.

Abstract: Some embodiments provide a systems, methods, and devices for providing power to recharge portable electronic devices through a distributed network of portable power stations that provide power on an advertising and/or fee basis. In some embodiments, the power distribution system includes a server and multiple distributed portable power stations. The server communicates with electronic devices in order to receive a request to unlock power from a particular power station. The server sends an advertisement and a code to unlock the particular power station. In some embodiments, the server process payment information and sends the unlock code. Each of the portable power stations includes multiple charging interfaces and a lockable power supply that is unlocked using the server provided code. When unlocked, the power station recharges batteries of any electronic devices that are connected to any of the charging interfaces of the power station.

Abstract: An approach is presented for activating a device. The activation platform receives a request to make a device operable, wherein the device is in an inoperable state because one or more components for operating the device are absent from the device. Further, the activation platform, in response to the request, validates an authenticity of the device based, at least in part, on one or more identifiers associated with the device. Then, the activation platform retrieves the components. Then, the activation platform causes, at least in part, transfer of the components to the device to make the device operable.

Abstract: A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value.

Abstract: An identification tag for authenticating a product is associated with the product and has authentication data transmissible to a reader device. The authentication data include source data including a tag identifier that uniquely identifies the identification tag and a signature value that is a result of a private key encryption of a representation of the source data, where the private key encryption uses a private key of a public key encryption method.

Abstract: Security provisions are described which determine whether or not executable content is likely to perform undesirable actions. The security provisions assess that an executable content item poses an acceptable risk when it conforms to an allow list of predetermined patterns of permissible behavior. The security provisions find exemplary use in the context of an instant messaging environment, where participants can consume and propagate executable content in the course of conducting a communication session. Supplemental rules are described which prevent malicious code from subverting the allow list design paradigm.

Abstract: A system and a method are provided for activating one or more security functions of a mobile electronic device. The system and method provide for the activation of one or more security functions when the mobile electronic device is stored in a mobile electronic device holder. Security functions include, for example, closing a data item currently being displayed on the mobile electronic device, erasing decrypted information stored on the mobile electronic device, locking the mobile electronic device, and performing a secure garbage collection operation.

Abstract: An information handling system includes a lock, a switch, and a south bridge. The lock is configured to receive a key and to alternate between a locked position and an unlocked position. The switch is in communication with the lock. The switch is configured to receive a signal from the lock, to close if the lock is in the locked position, and to open if the lock is in the unlocked position. The south bridge is in communication with the switch. The south bridge is configured to disable a plurality of communication ports of the information handling system when the switch is closed, and configured to enable the communication ports when the switch is opened.

Abstract: A thermostatic control system having a configurable lock mechanism. The mechanism may be for preventing unauthorized or unintended operation of the thermostatic control system. The system may have a manual or an automatic lock out. If the manual or automatic lock out is not effected, the system may be configured to automatically effect a lock out after a certain period of time. To remove the lock out may require a coded entry. The lock out may be full or partial with respect to the functionality of the system. The lock out mechanism may be applicable to a wireless remote control of a thermostatic system; however, it may also be applicable, for instance, to a wall module thermostat.

Abstract: A security program has an ActiveX format for web browsers and application programs, and comprises a software security input window for preventing leakage of keyboard data without an additional hardware device but rather by using a conventional keyboard. Therefore, the present invention protects keyboard data on the web browsers or application programs.

Abstract: This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified.

Abstract: Organizations often defend against security threats by physically isolate their internal classified networks from external networks attached to the internet. To enable easy user's access to several networks many organizations are using KVM (Keyboard Video Mouse) devices attached to multiple PCs or thin-clients, each attached to a different network. As KVMs may be abused by attackers to bridge or leak between isolated networks, Secure KVM typically used having isolated circuitry for each computer channel to reduce its vulnerability to leakages between channels. To enable remote installation of a KVM with isolated computers a remote Controller-Indicator is needed in order to present to the user the KVM front panel indications and to enable certain control functions. The current invention provides a KVM switch capable of providing secure remote extension of KVM control and indication functions.

Abstract: A computer in a network runs a verification procedure in which it sends data packets to another computer in the network. Some or all of the data packets contain, either individually or collectively, a secret piece of information, such as a secret code. The computer then makes a determination regarding the network links between it and the other computer. If, for example, the other computer is able to respond by providing the secret piece of information back, then the computer sending the data packets concludes that the devices along the network links en route to the other computer are properly forwarding data packets.

Abstract: A system and methods for coordinating the operation of a client security module and a host security module on a mobile electronic device. The modules communicate with each other through a platform abstraction layer using application programming interfaces to coordinate their activities. In particular, the client security module instructs the host security module when to lock and unlock the device, and the host security module alerts the client security module to attempts by the user to lock or unlock the device.

Abstract: A portable computing system docking security system comprises a security module disposed in the portable computing system and configured to detect an undocking of the portable computing system from a docking station, the security module configured to automatically determine whether the undocking is an unauthorized undocking event.

Abstract: A method of verifying programming of an integrated circuit card includes transferring program data to a page buffer of a non-volatile memory, copying the program data to a buffer memory, calculating a first checksum value with respect to program data in the buffer memory, updating the program data in the buffer memory by copying the program data of the page buffer to the buffer memory, calculating a second checksum value with respect to updated program data in the buffer memory, comparing the first checksum value and the second checksum value, and determining, based on the comparison result, whether the program data of the page buffer is tampered.

Abstract: According to one aspect of embodiments of the present invention there is provided apparatus comprising a main assembly having a processing element configured to: obtain a first and second sub-assembly identifier stored on a second-assembly in communication with the main assembly; and enable operation of the main assembly and second assembly based on a determination that the first and second sub-assembly identifiers are cryptographically related.

Abstract: Techniques to provide a secure execution environment are described. In an implementation, a method includes initiating a hardware interrupt by an embedded controller of a computing device. In response to the interrupt, a module is executed that is stored in a basic input/output system (BIOS). The module, when executed, determines whether constrain functionality of the computing device based on a balance.

Abstract: There is provided a method for operating a basic input/output system (BIOS) of a pay-as-you go computer system. In one example embodiment, the method includes determining if a user password feature is activated on a hard drive and computing a password to unlock the hard drive if the password feature is activated. In another example embodiment, the method includes performing a checksum verification of boot information. In yet another example embodiment, the method includes storing portions of boot information in non-standard locations on the hard drive and combining the portions using operators.

Abstract: A port securing module includes a power gate that is operable to be coupled in series to a power source and to a load. A resistor is coupled in parallel to the power gate. An operational amplifier includes an inverting input and a non-inverting input that couple the operational amplifier in parallel to each of the power gate and the resistor. The operational amplifier also includes an output that is operable to indicate whether a load is coupled to the power gate and, if a load is coupled to the power gate, supply a voltage to activate the power gate such that power is supplied to the load.

Abstract: An authentication system determines if a counterfeit ineligible unit is installed in a main device. When connected with a battery pack, a notebook PC generates and combines a random number and a function determination signal using a signal combining unit and transmits same to the battery pack. A first function calculation unit calculates the function of the random number. The battery pack has a signal separation unit to separate the combined signal into the random number and function determination signal, and a second function calculation unit to calculate the function of the random number for transmitting back to the notebook PC. A comparison unit compares the calculation results by the first and second function calculation units to determine whether the connected battery pack is an authorized one and denies connection if the pack is an unauthorized one.

Abstract: System (10) for remotely controlling and monitoring a food refrigerator (1), and its content, of the type intended to be given in rental or in free loan from a manufacturer to a vendor of cold products, comprising a control unit (2) for checking and storing a plurality of functioning parameters of the food refrigerator (1), an RFID reader (3) intended to read data stored in a plurality of RFID tags attached to the cold products, a communication unit (4) for interconnecting an external device, the RFID reader (3) comprising means for retrieving data from said RFID tags when the cold products are still stocked inside the food refrigerator (1) and the communication unit (4) localization means for transmitting information to the external device about a geographical localization of the food refrigerator (1). System (10) according to claim 1 wherein said means produce a radio frequency signal at predetermined time intervals for activating said RFID tags.

Abstract: A method of manufacturing a device containing a key is disclosed. The method generally includes the steps of (A) fabricating a chip comprising a random number generator, a nonvolatile memory and a circuit, (B) applying electrical power to the chip to cause the random number generator to generate a signal conveying a sequence of random numbers, (C) commanding the chip to program a first arbitrary value among the random numbers into the nonvolatile memory, wherein the device is configured such that the first arbitrary value as stored in the nonvolatile memory is unreadable from external to the device and (D) packaging the chip.

Abstract: A device control apparatus, comprising a processor for storing first key information, a memory section for storing encrypted second key information which is obtained by encrypting second key information such that the second key information is able to be restored through decryption using the first key information, and an interface section for carrying out authentication using the second key information when an access instruction requiring access to a device is given by the processor, and for controlling the access to the device based on the access instruction when the authentication is established.

Abstract: A system is disclosed for centralized management of access permissions to specific devices on client terminals using a group policy framework. The system identifies a unique device identifier for a specific device, and allows policy to be set for the specific device based on identifying the specific device by its unique device identifier.

Abstract: A device for providing a security breach indicative audio alert. The device includes: a security monitor adapted to detect a security breach in device and a loudspeaker, the device wherein including a secure audio alert generating hardware, adapted to participate, in response to the detection of the security breach, in a generation of a security breach indicative audio alert. The secure audio alert generating hardware is connected to an audio mixer that is adapted to mix the security breach indicative audio alert signal with audio signals generated by a software controlled audio source to provide a mixed signal. The audio mixer is further adapted to provide the mixed signal to the loudspeaker that reproduces the mixed signal as sound.

Abstract: A system for protecting a chip with an integrated circuit disposed on a first surface, the system including, disposed on the first surface, a first antenna, signal analyzer, chip controller and a signal generator which is operative to supply an outbound signal for transmission by the first antenna, a circuit arrangement, disposed on a second surface of the chip, including a shielding arrangement and a second antenna to receive the outbound signal, the circuit arrangement being operative to transmit a return signal from the second antenna to the first antenna, such that a breach in the shielding arrangement results in a change in, or cessation of, the return signal for detection by the signal analyzer, and a chip controller disposed on the first surface being operative to perform an action on the integrated circuit in response to the detection of the breach. Related apparatus and methods also included.

Abstract: The methods and systems described herein provide for allocating a universal serial bus (USB) device to one of a trusted virtual machine and a non-trusted virtual machine. A control program receives data indicating a USB port on the computing machine received a USB device and identifies at least one attribute of the USB device. The control program selects, based on application of a policy to the identified at least one device attribute, one of a trusted virtual machine and a non-trusted virtual machine executing. The control program grants, to the virtual machine selected by the control program, access to the USB device.

Abstract: In one embodiment, incremental backups containing information on modified addressable portions of a data storage device are evaluated for presence of malicious codes (“malwares”). Each modified addressable portion may be individually accessed and scanned for malicious codes. Each modified addressable portion may also be mapped to its associated file, allowing the associated file to be scanned for malicious codes. These allow an incremental backup to be evaluated even when it only contains portions, rather than the entirety, of several different files. A clean incremental backup may be selected for restoring the data storage device in the event of malicious code infection.

Abstract: There is a provided a semiconductor device having a high security whose power consumption is difficult to analyze even without setting up random characteristic to the processing time. The semiconductor device includes a target circuit (14), a sub-target circuit (15) having the same circuit configuration as the target circuit (14), and a dummy bit string generation circuit (11) for generating a bit string of a dummy serial input signal to be inputted to the sub-target circuit (15) according to the bit string of the serial input signal of the target circuit (14).

Abstract: Providing trusted time in a computing platform, while still supporting privacy, may be accomplished by having a trusted time device provide the trusted time to an application executing on the computing platform. The trusted time device may be reset by determining if a value in a trusted time random number register has been set, and if not, waiting a period of time, generating a new random number, and storing the new random number in the trusted time random number register. The trusted time random number register is set to zero whenever electrical power is first applied to the trusted time device upon power up of the computing platform, and whenever a battery powering the trusted time device is removed and reconnected. By keeping the size of the trusted time random number register relatively small, and waiting the specified period of time, attacks on the computing platform to determine the trusted time may be minimized, while deterring the computing platform from being uniquely identified.

Abstract: A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value.

Abstract: The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

Abstract: A coprocessor includes a calculation unit for executing at least one command, and a securization device. The securization device includes an error detection circuit for monitoring the execution of the command so as to detect any execution error, putting the coprocessor into an error mode by default as soon as the execution of the command begins, and lifting the error mode at the end of the execution of the command if no error has been detected, an event detection circuit for monitoring the appearance of at least one event to be detected, and a masking circuit for masking the error mode while the event to be detected does not happen, and declaring the error mode to the outside of the coprocessor if the event to be detected happens while the coprocessor is in the error mode. Application in particular but not exclusively to coprocessors embedded in integrated circuits for smart cards.

Abstract: An irrigation system includes an irrigation controller, at least one environmental sensor and a vandal resistant data relay. The irrigation controller includes a two conductor hard wired communications link for accepting an actual value of at least one parameter of interest from an environmental sensor in the form of data encoded on the conductors via current modulation. The environmental sensor is mounted in a location remote from the irrigation controller. A circuit is connected to the environmental sensor for transmitting an RF signal representing an actual value of a parameter of interest detected by the environmental sensor. The vandal resistant data relay is connected to the two conductor hard wired communication link of the irrigation controller.

Abstract: An electronic circuit 120 includes a more-secure processor (600) having hardware based security (138) for storing data. A less-secure processor (200) eventually utilizes the data. By a data transfer request-response arrangement (2010, 2050, 2070, 2090) between the more-secure processor (600) and the less-secure processor (200), the more-secure processor (600) confers greater security of the data on the less-secure processor (200). A manufacturing process makes a handheld device (110) having a storage space (222), a less-secure processor (200) for executing modem software and a more-secure processor (600) having a protected application (2090) and a secure storage (2210).

Abstract: A method and system for authenticating a smart battery having a smart battery and an electronic device. Both the device and the smart battery generate encrypted random strings using key material based by A/D noise bits as a seed value. A pseudo random number is generated from the A/D noise that is transmitted to both the electronic device and the smart battery. The pseudo random number is used by both devices as a key index to select one of a plurality of keys stored in separate key libraries. The keys, or key material, is used to execute an encryption algorithm. The two encryption data streams are then compared to authenticate the smart battery.

Abstract: A method, apparatus, and system for securing data on a removable memory device, which is removably coupled to and accessible by a computing apparatus, are disclosed. Upon an attempt by a user to access the removable memory device, a manual key is recovered by a manual key interface device. This manual key is used to authenticate the identity of the user. Upon the authentication where the user identity corresponds to authorized access to the memory device, the access is enabled. Upon the authentication, where the user identity does not correspond to authorized access to the memory device, the access is prohibited.

Abstract: A theft protection for an electronic device, in particular an optionally portable computer, a mobile telephone or a PDA, includes an electrical cable (2) with a coupling connector (3) for coupling to a corresponding coupling connector of the device. Alarm elements are connected to the cable (2) which are able and adapted to generate an alarm signal in the case the device is stolen. The alarm elements (4) are accommodated in a housing (1) separate from the device. The housing is provided with fastening elements (5) for a mechanical connection of the housing to a fixed object (9). The alarm elements include detection elements which are adapted and able to detect an interruption of the electrical cable connection (2), in addition to signalling elements (4) which generate the alarm signal when the interruption is detected.

Abstract: A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.

Abstract: The present invention relates to a coprocessor comprising a calculation unit for executing a command, and a securization device for monitoring the execution of the command and supplying an error signal having an active value as soon as the execution of the command begins and an inactive value at the end of the execution of the command, if no abnormal progress in the execution of the command has been detected. The coprocessor further comprises means for preventing access to at least one unit of the coprocessor, while the error signal is on the active value. Application is provided particularly but not exclusively to the protection of integrated circuits for smart cards against attacks by fault injection.

Abstract: One embodiment is a computer system having firmware that shares a secret with a cryptographic co-processor to determine if the cryptographic co-processor has been tampered with or removed from the computer system.

Abstract: An identification method and system. The method includes receiving by a computing system from a first entity, first data indicating that an electronic device is missing. The computing system receives from a transaction device reader, second data comprising first identification information associated with the electronic device and third data comprising second identification information associated with a second entity and a transaction device belonging to the second entity. The computing system transmits notification data indicating that the electronic device, the second entity, and the transaction device are located within a specified vicinity of the transaction device reader. The computing system receives log data associated with the second entity and fourth data associated with missing electronic devices. The computing system compares the fourth data to the log data and generates results data to determine if the second entity is associated the missing electronic devices or the electronic device.

Abstract: A system is described for encryption and decryption of digital data prior to the digital data entering the memory of a digital device by generating a key, sub-key and combining the sub-key with mixed digital data, where the encryption and decryption occurs between the memory controller and the input output register.

Abstract: A method, apparatus, and system are directed toward managing a Transmission Control Protocol/Internet Protocol (TCP/IP) handshake. A SYN-ACK cookie is determined based on a cryptographic operation using a secret key and at least one network characteristic. The SYN-ACK cookie is provided in a SYN message's field. The SYN message is sent from a client to a server. Another sequence number based on the received SYN-ACK cookie is included in a SYN-ACK message. The SYN-ACK message is sent to and received by the client. The other sequence number is validated based on the secret key to generate at least another network characteristic. A TCP/IP connection is established if the network characteristic matches the other network characteristic. In one embodiment, the component sending the SYN message may be a different component than the component receiving the SYN-ACK message. In this embodiment, the secret key may be shared between the two components.

Abstract: System and method for performing pre-boot security verification in a system that includes a host processor and memory, an embedded microcontroller with an auxiliary memory, e.g., an on-chip ROM, or memory controlled to prohibit user-tampering with the contents of the memory, and one or more pre-boot security components coupled to the embedded microcontroller. Upon power-up, but before host processor boot-up, the embedded microcontroller accesses the auxiliary memory and executes the program instructions to verify system security using the one or more pre-boot security components. The one or more pre-boot security components includes at least one identity verification component, e.g., a smart card, or a biometric sensor, e.g., a fingerprint sensor, a retinal scanner, and/or a voiceprint sensor, etc., and/or at least one system verification component, e.g., TPM, to query the system for system state information, and verify that the system has not been compromised.

Abstract: A method and device for securing a removable Attached Computer Module (“ACM”) 10. ACM 10 inserts into a Computer Module Bay (“CMB”) 40 within a peripheral console to form a functional computer such as a desktop computer or portable computer. The present ACM 10 includes a locking system, which includes hardware and software 600, 700, to prevent accidental removal or theft of the ACM from the peripheral console. While ACM is in transit, further security is necessary against illegal or unauthorized use. If ACM contains confidential data, a high security method is needed to safeguard against theft.