Abstract: Disclosed in some examples are systems, methods, memory devices, and machine readable mediums for a fast secure data destruction for NAND memory devices that renders data in a memory cell unreadable. Instead of going through all the erase phases, the memory device may remove sensitive data by performing only the pre-programming phase of the erase process. Thus, the NAND doesn't perform the second and third phases of the erase process. This is much faster and results in data that cannot be reconstructed. In some examples, because the erase pulse is not actually applied and because this is simply a programming operation, data may be rendered unreadable at a per-page level rather than a per-block level as in traditional erases.

Abstract: Described are techniques for determining a qualification status of a device in a system. An occurrence of a trigger event for the device is determined. The trigger event is caused by an occurrence of any of a time-based event, a performance-based event, a usage-based event, and an unscheduled event. A user notification is provided to perform a first action responsive to the occurrence. The first action is an action to perform any of a maintenance activity, a repair activity, and a test for the device. The qualification status of the device is updated in accordance with said first action. Also described are techniques for more generally determining a compliance status of a device where the compliance status may be related to any one or more of qualification, verification, validation and/or calibration of the device.

Abstract: Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices, including: reading, from at least a majority of the storage devices, a portion of an apartment key; reconstructing the apartment key using the portions of the apartment key read by the majority of the storage devices; unlocking the main portion of each of the storage devices utilizing the apartment key; reading, from the main portion of one of the storage devices, a portion of a third-party resource access key; requesting, from the third-party resource utilizing the third-party resource access key, an encryption key; receiving, from the third-party resource, the encryption key; and decrypting the data stored on the storage devices utilizing the encryption key.

Abstract: A tracking device can securely communicate with a secondary device. The secondary device can provide locations associated with the tracking device to a tracking system. When the secondary device determines that the tracking device is lost (for instance, in response to no longer receiving communications from the tracking device), the secondary device can provide additional locations associated with the secondary device to the tracking system. The tracking system can store locations received before and after the tracking device was lost, and can provide these locations to the user for display within a map interface, enabling a user to digitally retrace the user's steps in order to aid the user in locating the lost tracking device.

Abstract: A tracking device can securely communicate with a secondary device. The secondary device can provide locations associated with the tracking device to a tracking system. When the secondary device determines that the tracking device is lost (for instance, in response to no longer receiving communications from the tracking device), the secondary device can provide additional locations associated with the secondary device to the tracking system. The tracking system can store locations received before and after the tracking device was lost, and can provide these locations to the user for display within a map interface, enabling a user to digitally retrace the user's steps in order to aid the user in locating the lost tracking device.

Abstract: A system and device for adding electronics to materials of a wallet to form a smart wallet. A smart wallet stows and retrieves information stored or displayed on various transaction cards and other information typically carried within the wallet. Electronic and physical features of a smart wallet include devices and techniques for attaching electronics to accessories, and also for attaching accessories, to primary devices to form a smart wallet. The user can then interact with the smart wallet and its cards, information and accessories using an interface that governs that interaction while retaining the security of the information. Mechanical features include techniques for integrating electronics within materials to add electronic functionality to make any device a smart wallet. Several accessory styles and devices for attaching same to electronics are also disclosed.

Abstract: Systems and methods for providing and verifying customer-owned trust of device firmware are described. In some embodiments, an Information Handling System (IHS), may include a processor and a Basic Input/Output System (BIOS) coupled to the processor, the BIOS having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a user, selection of a pre-boot code module; export a digest of the pre-boot code module to the user; and import the digest signed by the user.

Abstract: A method for voltage regulation includes reducing a power consumption of a voltage regulator during an IDLE phase, by disabling a feedback loop configured to regulate an internal voltage to a multiple of a reference voltage in response to the voltage regulator receiving a digital signal from a digital circuit. The internal voltage is proportional to an external voltage supplied to the digital circuit. A regulated accuracy of the external voltage is increased during a MEASUREMENT phase by enabling the feedback loop in response to the voltage regulator receiving the digital signal from the digital circuit.

Abstract: A system and an apparatus for controlling electric power supply and methods therefor are described. In particular, a system and an apparatus for powering down an electronic device and methods therefor include a device for communicating with a user, a processor for determining electric power supply to the device, and a sensor for monitoring presence of the user.

Abstract: Technologies for securely binding a manifest to a platform include a computing device having a security engine and a field-programmable fuse. The computing device receives a platform manifest indicative of a hardware configuration of the computing device and a manifest hash. The security engine of the computing device blows a bit of a field programmable fuse and then stores the manifest hash and a counter value of the field-programmable fuse in integrity-protected non-volatile storage. In response to a platform reset, the security engine verifies the stored manifest hash and counter value and then determines whether the stored counter value matches the field-programmable fuse. If verified and current, trusted software may calculate a hash of the platform manifest and compare the calculated hash to the stored manifest hash. If matching, the platform manifest may be used to discover platform hardware. Other embodiments are described and claimed.

Abstract: In a general aspect, a method of generating a protected implementation of an algorithm includes: expanding an original source code implementing the algorithm into a single set of real operations; combining each real operation using real data with the real data it uses, to obtain a combination represented in a way which uses an actual real data fragment in a form different from an original form; producing a set of duplicated and mutated decoy operations representing an alternative implementation of the algorithm, applied to decoy data; combining the set of decoy operations with the set of real operations including the combinations, to obtain an implementation where the decoy operations interact with the real operations and the real data processed by the real operations, such that a real data flow of in the implementation is difficult to analyze; and transforming the implementation into a resulting code that can be executed.

Abstract: The disclosure relates to a motor vehicle having a communications device. The communications device comprises at least one wireless communications module, which facilitates a wireless communications link between at least one vehicle component, which is connected via a communications line to the wireless communications module, and a communications partner. The motor vehicle also comprises an isolator that can be manually actuated and disconnects in hardware the wireless communications link between the vehicle component and the communications partner.

Abstract: Provided are an application processor and a semiconductor system including the same. The semiconductor system includes the application processor, which may include a first register value and of which an operation is controlled by the first register value. The semiconductor system also includes a semiconductor device, which may include a second register value and of which an operation is controlled by the second register value, and a memory storing a third register value that is a copy of the first register value and a fourth register value that is a copy of the second register value. If the stored third register value is changed, the changed third register value is mapped onto the first register value of the processor, and if the fourth register value is changed, the changed fourth register value is mapped onto the second register value.

Abstract: A system for reseeding a pseudo random number generator to generate pseudo random numbers includes a true random number generator generating a true random number, a storage device storing the generated true random number, a pseudo random number generator generating pseudo random numbers using the stored true random number as a seed, and a controller coupled to the true random number generator and the pseudo random number generator to (1) generate a new true random number concurrently with the operation of the pseudo random number generator, and storing the new true random number, and (2) reseed the pseudo random number generator with the new true random number.

Abstract: An electronic hardware assembly including at least a first and second laminar component, wherein the first laminar components includes a die, the die including a substrate, a functional region and a first protective layer, and the second laminar component includes a second protective layer, wherein the first and second laminar components are arranged in a stack such that the functional region of the first laminar component is arranged within the assembly substantially between first and second protective layers.

Abstract: A point-of-sale (POS) system is provided. The POS system may include an adjustable housing configured to receive a computing device. The POS system housing may be adjustable so that a screen of the computing device can be viewed by a merchant and a customer. The computing device may be removable from the housing for use as a mobile POS system. The POS system may also include electronics for accepting various forms of payment and for connecting the computing device to a network.

Abstract: Methods and apparatus to allocating and/or configuring persistent memory are described. In an embodiment, memory controller logic configures non-volatile memory into a plurality of partitions at least in part based on one or more attributes. One or more volumes (visible to an application or operating system) are formed from one or more of the plurality of partitions. Each of the one or more volumes includes one or more of the plurality of partitions having at least one similar attribute from the one or more attributes. In another embodiment, memory controller logic configures a Non-Volatile Memory (NVM) Dual Inline Memory Module (DIMM) into a persistent region and a volatile region. Other embodiments are also disclosed and claimed.

Abstract: A trusted time service is provided that can detect resets of a real-time clock and re-initialize the real-time clock with the correct time. The trusted time service provides a secure communication channel from an application requesting a timestamp to the real-time clock, so that malicious code (such as a compromised operating system) cannot intercept a timestamp as it is communicated from the real-time clock to the application. The trusted time service synchronizes wall-clock time with a trusted time server, as well as protects against replay attacks, where a valid data transmission (such as transmission of a valid timestamp) is maliciously or fraudulently repeated or delayed.

Abstract: Provided is an authentication apparatus that performs user authentication, using a wearable terminal worn by a user, whereby allowing a high security to be achieved. It includes a storage part that stores a piece of authentication information in which a piece of terminal information that identifies the wearable terminal worn by the user is registered, a communication part that makes communication with the wearable terminal worn by the user to acquire a piece of terminal information, and an authenticating part that performs user authentication in the case where the same piece of terminal information as that registered in the authentication information has been acquired by the communication part.

Abstract: A random byte generator comprising a noise source configured to generate a noise signal, a digitizer with a resolution of no less than two bits and configured to digitize the noise signal from the noise source, and a processor configured to apply pre-defined rules for selecting bits captured by said digitizer and to generate random bit strings by combining the selected bits.

Abstract: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.

Abstract: In one embodiment, a stylus includes electrodes operable to transmit signals wirelessly to a device through a touch sensor of the device. The stylus also includes one or more computer-readable non-transitory storage media within the stylus and embodying logic that is operable when executed to access first data representing a gesture made with the stylus by a user, such as a sequence of manipulations of the stylus. The logic is further operable to access second data representing a pre-defined authentication sequence and compare the first data with the second data. This comparison may authenticate the user to the stylus or the device, authenticate the stylus to the device or the user, or authenticate the device to the stylus or the user.

Abstract: A system includes a first computing device and a second computing device. The first computing device includes a port. The second computing device is configured to communicate with the first computing device. The system also includes a port security device configured to restrict access to the port. The port security device includes a transceiver configured to communicate with a third computing device. The third computing device is configured to determine a status of the port security device. At least one of the port security device and the third computing device includes a user interface configured to provide an indication of the status of the port security device.

Abstract: In one embodiment, a stylus operable to communicate wirelessly with a device through a touch sensor of the device contains one or more computer-readable non-transitory storage media embodying logic that is operable when executed to access first data representing a recently occurred authentication event involving the stylus or the device. The logic is further operable to access second data representing a pre-defined authentication event. The logic is further operable to compare the first data with the second data to authenticate a user to the stylus or the device, a stylus to the user or the device, or a device to the user or the stylus.

Abstract: A rotating magnetic physical unclonable function (PUF) is disclosed. Rotating the PUF enables robust low cost PUF readers. PUF may be incorporated into a user-replaceable supply item for an imaging device. A PUF reader may be incorporated into an imaging device to read the PUF. Other systems and methods are disclosed.

Abstract: Search and recovery is performed for a lost or stolen mobile device. When the mobile device is lost or stolen, the mobile device may transmit a recovery signal for receipt by another device. If an acknowledgment is received, the mobile device confirms discovery by sending its current location. Moreover, seeker devices may be conscripted to search for the lost or stolen mobile device.

Abstract: Provided is a security box including: an input means for input of external data; an execution means for executing, in a predetermined area, external data input by the input means; and an isolation control means for isolating the execution area from other areas during execution. The security box can be further equipped with: a display means for displaying the behavior of external data executed by the execution means; a determination means for determining, on the basis of the behavior displayed by the display means, whether the external data is normal data; and a deletion means for deleting data that the determination mean has determined is not normal data and/or all of the data of the execution means.

Abstract: Various systems and methods for locking computing devices are described herein. In an example, a portable device comprises an electro-mechanical lock; and a firmware module coupled to the electro-mechanical lock, the firmware module configured to: receive an unlock code; validate the unlock code; and unlock the electro-mechanical lock when the unlock code is validated. In another example, device for managing BIOS authentication, the device comprising an NFC module, the NFC module comprising an NFC antenna; and a firmware module, wherein the firmware module is configured to: receive an unlock code from an NFC device via the NFC antenna; validate the unlock code; and unlock a BIOS of the device when the unlock code is validated.

Abstract: Systems or methods can be used to detect evidence of tampering. The tampering can be physical tampering, such as the turning of a screw, or removal or modification of an electronic component. In some examples, a tamper detection value can be determined from a tamper detection device and compared to a predetermined tamper detection value to determine if tampering is indicated. The system can, upon detection of the tampering, halt an operation, disable device or circuit functionality, disable future operations, physically disable a device, or any combination thereof.

Abstract: An information processing apparatus, method and computer program product cooperate to provide a device that changes the way content is displayed depending on an inclination angle of the device. The device includes an inclination acquisition device that acquires inclination information of a display housing that houses a display with a displayed image thereon. A first controller causes a first change to the displayed image according to the inclination information. A second controller causes a second change to the displayed image when a predetermined condition is met with respect to the inclination information. By including subcomponents that cooperate in this manner, the device allows a user to perceive a displayed image at various viewing angles and easily recognize whether certain displayed features are able to be actuated when the device is positioned in a certain inclination angle.

Abstract: A method manages keys in a manipulation-proof manner for a virtual private network. The method includes authenticating a communication terminal on an authentication server by use of a first key over a public network and providing a communication key, which is suitable for the communication over a virtual private network in the public network, for the authenticated communication terminal over the public network. The communication key in the communication terminal is encrypted by a second key, which is provided by a manipulation-protected monitoring device.

Abstract: A method and apparatus for forwarding detected environmental conditions are provided herein. During operation, sensors will continuously sample an environment surrounding a public-safety officer. The sensors are preferably body-worn sensors, but could be vehicle or incident area sensors as well. The sensors continuously monitor and report any detected condition to a hub (which could be body-worn) as a local status alert message. Once the hub receives a detected condition within a local status alert, the hub will make a determination if a dispatch center needs to be notified of the detected condition. The notification of the condition is transmitted to the dispatch center as a global status alert, which may simply comprise a forwarded local status alert.

Abstract: Techniques are provided for securely destroying storage devices stored in a data storage center. A server room may be situated in the data storage center that is configured to store a plurality of server racks for storing storage devices that are associated with a radio frequency identifier tag. The data storage center may include a secure area that includes destruction devices for destroying a storage. The data storage center may include a computer system for transmitting instructions to a user device for identifying the storage device for removal and transfer to the secure area, tracking a location of the storage device based at least in part on an associated RFID tag, and transmitting an alarm to the data storage center based at least in part on the location of the storage device and the expiration of a time interval.

Abstract: Systems and methods are disclosed for providing secure information processing. In one exemplary implementation, there is provided a method of secure domain isolation. Moreover, the method may include configuring a computing component with data/programming associated with address swapping and/or establishing isolation between domains or virtual machines, processing information such as instructions from an input device while keeping the domains or virtual machines separate, and/or performing navigating and/or other processing among the domains or virtual machines as a function of the data/programming and/or information, wherein secure isolation between the domains or virtual machines is maintained.

Abstract: An information processing apparatus includes a first processor that is connected to an input/output device and is configured to execute a program for controlling an apparatus including the input/output device, and a second processor that is connected to an external network and is configured to execute a program for establishing communication via the external network, wherein when starting the information processing apparatus, the second processor verifies an integrity of the program to be executed by the first processor and starts the first processor when the integrity of the program to be executed by the first processor is verified, and when the integrity of the program to be executed by the first processor is not verified, the second processor issues a problem notification without using a user interface of the first processor.

Abstract: In accordance with embodiments of the present disclosure, a circuit board may include a connector configured to electrically couple a device to the circuit board. The connector may include a conductive element configured to be electrically coupled to a first voltage and a detection pad configured to be electrically coupled to a second voltage via a resistor, such that when a device pin of a device is electrically coupled to the conductive element, the detection pad is electrically coupled to the conductive element via the device pin.

Abstract: A BLUETOOTH communication connection method of a host device communicating with an external device is provided. The method includes determining whether a device to be connected among scanned external devices comprises a predetermined profile based device, and transmitting, by the host device, predetermined identification information to a corresponding connected device when the device to be connected comprises the predetermined profile-based device.

Abstract: The present invention is related to a wireless transmit/receive unit (WTRU) for providing advanced security functions. The WTRU includes trusted platform module (TPM) for performing trusted computing operations; and a secure time component (STC) for providing a secure measurement of a current time. The STC and the TPM are integrated to provide accurate trusted time information to internal and external to the WTRU. The STC may be located on an expanded a subscriber identity module (SIM), on the WTRU platform, or two STCs may be used, one in each location. Similarly, the TPM may be located on an expanded SIM, on the WTRU platform, or two TPMs may be used, one in each location. Preferably, the STC will include a real time clock (RTC); a tamper detection and power failure unit; and a time report and sync controller.

Abstract: The security and convenience of a mobile communication device is enhanced based on a separate key device. If the key device is near the mobile communication device, the mobile communication device may be automatically unlocked without the user having to input an unlock code. The mobile communication device may be automatically unlocked into a first mode having a first level of functionality. If the user inputs a correct unlock code, the mobile communication device may be unlocked into a second mode having a second level of functionality, greater than the first level of functionality.

Abstract: In one embodiment, a method includes accessing, by a stylus, data associated with a particular user of the stylus, the data associated with the particular user being stored in a memory of the stylus; and by the stylus, wirelessly transmitting the data to a device in response to the stylus contacting a touch sensor of the device.

Abstract: A point-of-sale (POS) system is provided. The POS system may include an adjustable housing configured to receive a computing device. The POS system housing may be adjustable so that a screen of the computing device can be viewed by a merchant and a customer. The computing device may be removable from the housing for use as a mobile POS system. The POS system may also include electronics for accepting various forms of payment and for connecting the computing device to a network.

Abstract: Described systems and methods allow protecting a client system, such as a computer system or smartphone, from malware. In some embodiments, a network regulator device is used to distribute a bootable image of a hypervisor, on demand, to each of a set of client systems connected to a network. After booting on a client system, the hypervisor loads the local OS and applications into a virtual machine. Integrity measurements of the hypervisor and/or OS are sent to the network regulator for verification. When the network regulator determines that software executing on a client system, such as the hypervisor and/or the OS, are not in a trusted state, the network regulator may block access of the respective client system to the network.

Abstract: A computer-implemented method for classifying package files as Trojans may include (1) detecting a resemblance between an unclassified package file and a known legitimate package file, (2) determining that the unclassified package file is signed by a different signatory than a signatory that signed the known legitimate package file, (3) determining that a feature of the unclassified package file is suspicious, the feature being absent from the known legitimate package file, and (4) classifying the unclassified package file as a Trojan version of the known legitimate package file based on the unclassified package file being signed by the different signatory and having the suspicious feature. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.

Abstract: A vital product data (VPD) system is connected to a network, allowing the VPD system to be accessed for inquiries about VPD. The VPD system includes a baseboard management controller (BMC), a VPD cache, a platform initialization system and a tamper detection switch. The BMC communicates with the tamper detection switch and sets a VPD flag to false when tampering is detected. Queries to the BMC through the network for VPD are then held pending and the VPD cache refreshed with a no-boot power on, using the platform initialization system to collect the new VPD capturing the nature of any modifications after tampering.

Abstract: An erasure system and method for sorting, tracking, and erasing a plurality of data storage devices using enterprise hardware and software designed for data storage. The erasure system may include a server, drive arrays having receptacles for communicably coupling with the data storage devices, and a drive array controller configured for communicably coupling the server with the drive arrays. The server may receive specification information regarding each of the drive arrays and each of the data storage devices in the receptacles of the drive arrays for erasure and logging purposes. Then the server may overwrite each of the data storage devices according to the DoD 5220.22-M standard, thereby erasing the data storage devices. The server may also create log files corresponding to each of the data storage devices, including information like time, date, and if the erasure of the data storage device is complete or has failed.

Abstract: An aspect provides a method, including: gathering, with an information handling device, client system identification data of a client system; providing, with the information handling device, the client system with at least one cryptographic key; transmitting, with the information handling device, the client system identification data and a request for security policy override to a third party; receiving, with the information handling device, encrypted approval data from the third party; and transmitting, with the information handling device, encrypted approval data to the client system. Other aspects are described and claimed.

Abstract: Systems and methods are provided for using a hidden audio signal. In one exemplary embodiment, the method includes registering, at a central database, one or more of an identifier and a destination resource associated with the identifier, and encoding the one or more of the identifier and the destination resource in a hidden audio signal. The method further includes transmitting the hidden audio signal, including the one or more of the identifier and the destination resource, in connection with an acoustic signal, and receiving the acoustic signal at a user device. In addition, the method includes decoding the encoded one or more of the identifier and the destination resource at the user device; and requesting, from the central database, information associated with the one or more of the identifier and the destination resource. Further, the method includes receiving, at the user device, the requested information.

Abstract: A first mobile device detects a second mobile device in the vicinity of the first mobile device and determines that the second mobile device is lost. The first mobile device electronically binds to the second mobile device and obtains information relating to the second mobile device. The first mobile device sends the information relating to the second mobile device to a designated party. The first mobile device receives an indication that the second device is no longer lost. The first mobile device, in response to receiving the indication that the second device is no longer lost, unbinds from the second mobile device.

Abstract: A system includes a security processing unit to monitor inputs from process, voltage and temperature sensors to maintain a security of the system. The security processing unit can operate at a determined clock frequency. A timing path detector can connect with the security processing unit. The timing path detector can monitor a condition near the security processing unit. The timing path detector can switch the clock frequency to a lower frequency before the security processing unit fails from the condition.