Abstract: Accessory device authentication techniques are described. In one or more embodiments, connection of an accessory device to a host computing device is detected. Responsive to the detection, an authentication sequence may occur to verify an identity and/or capabilities of the accessory device. Upon successful authentication of the accessory device, the host device may authorize the accessory device for power exchange interactions with the host device. The host device may then draw supplemental power from a power source associated with the authorized accessory device, such as a battery or power adapter. The host device may also enable the accessory device to obtain and use power supplied by the host device in some scenarios. Power exchange between a host device and an authorized accessory may be managed in accordance with capabilities of the accessory device that are identified during authentication.

Abstract: A method and apparatus for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, by managing data associated with a flash memory in a flash translation layer, the method comprising searching at least one page of the flash memory when writing data to the flash memory, determining whether authority information corresponding to respective searched pages includes an encryption storage function, generating, corresponding to respective searched pages, a page key according to an encrypting function when the authority information includes the encryption storage function encrypting the data using the generated page key and storing the encrypted data in the respective searched pages, and storing the data in the respective searched pages without encryption when the authority information does not include the encryption storage function.

Abstract: A device and system for management of and access to externally connected peripheral devices by mobile devices. User and/or application data on a mobile device is sent to externally connected peripheral devices. External peripheral devices includes, but are not limited to, printers, scanners, displays, audio interfaces, speakers, network adapters, storage drives, hard drives, and the like. An end user mobile device application interface is installed as an application on a mobile device. Data may be sent directly to a peripheral device, or to a peripherals aggregation device, which may be active or passive.

Abstract: A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

Abstract: The invention provides a semiconductor device comprising with a capacitive security shield structure which uses a set of randomly distributed dielectric or conducting particles formed within a dielectric layer. A set of electrodes can be configured as at least two sets, wherein a first set is used to measure a capacitance characteristic, and a second set is configured as non-measurement set. The electrode configuration can be altered so that multiple measurements can be obtained.

Abstract: A document encryption and decryption system for selectively encrypting and decrypting files and any other items and method for same to protect or secure its contents by helping to prevent unauthorized individuals from viewing data in human-perceivable or readable form. The encryption system includes remote authentication to verify a user's credentials stored on a remote database hosted by a web server. The encryption system further includes remote delete to automatically delete encrypted items stored on the user's computer, handheld or portable device, smartphone, and any other computing device of any kind when it logs onto a network if the user's computer or computing device is reported lost, stolen, or otherwise compromised. Decryption keys allow selective decryption of encrypted items that are on the computer or computing device of any kind. A Windows Communication Foundation service helps with authenticating the users with the encryption key and login process stored and processed by the web server.

Abstract: A data protection system selectively deletes data from an electronic device when the device is reported as lost or stolen, or when another data protection triggering event occurs. Different data files may, for example, be treated differently depending on when such files were created. For example, data files that were created while the computing device was known to be in the owner's possession may be deleted, while data files created after the electronic device left the owner's possession may be left intact (since they may have been created by an innocent user). Data files created between these two points in time may be quarantined so that they later be restored, if appropriate.

Abstract: A method and apparatus are provided for a secure interconnect between data modules, including a security apparatus within a secured data interconnect apparatus installed with a security chip. The interconnect apparatus may be authenticated prior to enabling a stacking feature. Authentication of a interconnect apparatus may be used to ensure the quality and performance of the interconnect apparatus and the data modules.

Abstract: A microcontroller is awakened from a lower power state in response to a trigger indication indicative of a fault condition. After the awakening, the microcontroller performs a security action with respect to secret information in the security module in response to the fault condition.

Abstract: A computer and a control method thereof are provided. The computer includes a power button, a flash read-only memory (ROM), a processor, a near field communication (NFC) module, a chipset, and a coprocessor. The flash ROM stores a power button protection state for the power button. The chipset is coupled to the processor and the flash ROM. The coprocessor is coupled to the power button, the NFC module, and the chipset. The coprocessor verifies whether a current user identification (UID) of a NFC card equals a default user identification (UID) after the NFC module generates an interrupt request (IRQ). The coprocessor changes the power button protection state when the current UID equals the default UID.

Abstract: A computer-implemented method for mitigating mobile device loss may include (1) identifying historical data specifying a plurality of past locations of a mobile computing device, (2) identifying a current location of the mobile computing device, (3) determining that the current location deviates from an expected location based on the historical data, and (4) performing a security measure on the mobile computing device in response to determining that the current location deviates from the expected location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An Advanced Encryption Standard (AES) key generation assist instruction is provided. The AES key generation assist instruction assists in generating round keys used to perform AES encryption and decryption operations. The AES key generation instruction operates independent of the size of the cipher key and performs key generation operations in parallel on four 32-bit words thereby increasing the speed at which the round keys are generated. This instruction is easy to use in software. Hardware implementation of this instruction removes potential threats of software (cache access based) side channel attacks on this part of the AES algorithm.

Abstract: A remotely articulated display system for displaying an electronic device has a locking mechanism that is controlled by software installed on the electronic device. The software installed on the electronic device requires a user to supply an authorization input to lock and unlock the electronic device from the display system. Related methods are also disclosed herein, e.g., methods of remotely locking a display via software stored on the device being displayed, methods of locking a display via a multi-stage lock, etc.

Abstract: A network interface terminal (“NIT”) able to provide network service includes an intrusion shrapnel, elastic element, intrusion plate, and bolt is disclosed. The intrusion shrapnel, in one embodiment, has a cylindrical body with an opening through center of the cylindrical body. First and second discs are attached to each end of the cylindrical body. The elastic element, such as a spring, is situated between the first disc and a frame applying a force pulling the intrusion shrapnel in a disengaging direction. The intrusion plate which is electrically coupled to a PCB is situated adjacent to the second disc. The bolt having a helical ridge thread passes through the open of the cylindrical body and makes the second disc to electrically contact with the intrusion plate.

Abstract: An embedded MultiMediaCard (eMMC), an electronic device equipped with an eMMC and an eMMC engineering board are disclosed. The eMMC includes an eMMC substrate plate, a plurality of solder balls and an eMMC chip. The solder balls are soldered to the eMMC substrate plate, and, one of the solder balls is designed as a security protection enable/disable solder ball. The eMMC chip is bound to the eMMC substrate plate, and, the eMMC chip has a security protection enable/disable pin electrically connected to the security protection enable/disable solder ball. The security protection enable/disable pin is internally pulled high by the eMMC chip when the security protection enable/disable solder ball is floating. When the security protection enable/disable solder ball is coupled to ground, the eMMC is protected from software-based attacks.

Abstract: The present invention provides a method and apparatus for protecting an Encrypting PIN Pad (EPP) against tampering. The apparatus provides an EPP comprising a first layer comprising at least two spaced apart electrode elements, and a second layer comprising at least one bridge element for electrically bridging a space between the at least two electrode elements when the first layer and the second layer are urged together.

Abstract: A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection.

Abstract: An apparatus includes a first circuit portion, a second circuit portion, and a control circuit. The first circuit portion may include a first debug circuit. Access to the first debug circuit may be controlled by a first control signal. The second circuit portion may include a second debug circuit. Access to the second debug circuit may be controlled by a second control signal. The second circuit portion is generally controlled according to a secure firmware image. The control circuit may be configured to selectively disable access to the first debug circuit and access to the second debug circuit by generating the first and second control signals. When access to the second debug circuit is disabled, access to the second debug circuit can only be re-enabled by overwriting at least a portion of the secure firmware image.

Abstract: In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification.

Abstract: A method and a system for detecting anomalies within a voluminous private data are provided. The voluminous private data, including sensitive information corresponding to one or more objects within the voluminous private data is received. The sensitive information within the voluminous private data is identified, and identified sensitive information is modified to generate a modified voluminous private data. The sensitive information is marked in the modified voluminous private data to generate a marked voluminous private data. The anomaly within the marked voluminous private data is detected.

Abstract: The write-access control line for an RTC is combined with a clear line for an RTC signature register, so that changes to the RTC will cause subsequent reads to return an invalidity flag.

Abstract: A medical device customization system and method comprising medical device that receives signals from a biological probe having an operational parameter and that stores data based on the signals in a memory. The medical device receives a custom application and establishes a virtual machine to run the custom application.

Abstract: A method for producing a hardware device, in particular a trusted platform module for the execution of at least one cryptographic algorithm, the hardware device corresponding to a real-time class, i.e., it fulfils specifiable run-time requirements for real-time applications, wherein the method comprises preparing at least one cryptographic algorithm in the manner of a program code; determining a maximum/longest execution time (WCET) for the algorithm, producing a tamper-proof hardware module, which is configured to execute the algorithm, and assigning the hardware module to a real-time class depending on the maximum/longest execution time (WCET).

Abstract: Mechanisms are provided for chip (e.g., semiconductor chip) identification (e.g., low cost secure identification). In one example, a method of manufacturing for implementing integrated chip identification is provided. In another example, a method of using a chip with an integrated identification is provided.

Abstract: Systems, methods, and non-transitory computer-readable storage media are provided for remotely initiating lost mode on a computing device. A request that lost mode be initiated can include a message and contact information provided by the requesting user. Once authenticated, a command to initiate lost mode is sent to the lost device. Initiating lost mode includes locking the lost device and suppressing select functionality. The message and contact information are displayed and the lost device is enabled to contact the requesting user using the contact information. The lost device can also collect and transmit location data to the requesting user. The location data can be presented on a map indicating the lost devices location and the time the lost device was at the location. The location data can be scheduled to be resent to the user based on numerous factors such as a set schedule, rules or heuristic.

Abstract: Processes for identifying and recovering a lost transient storage device are provided. In some processes, information regarding the owner of the device is obtained. The device ownership information may be stored on a remote service with which the device is registered and/or may be stored on the device itself. In one process, the remote service provides the device with customized device-executable code when the device is registered. The device may also contain information regarding trusted systems. The process includes obtaining status information indicating whether a device is lost when the device is connected to a host system. In some processes, the status is determined by a remote service. In other processes, the status is determined by the device. If the device is lost then a device recovery plan is executed. Portions of a device recovery plan may be executed on the remote service, the host system, and/or the device.

Abstract: A tamperproof housing assembly for a PCB is disclosed where unauthorized access to the circuitry or contents of the housing assembly is prohibited. In a preferred embodiment, the housing assembly comprises a top cover, a bottom cover and a PCB sandwiched between the top and bottom covers using at least one interlocking system and a tamper sensor that is armed when the assembly is fully and properly assembled. In a preferred embodiment, there are at least 2 two-part interlocking systems are configured such that the movement of each part of the interlocking system relative to the other is limited to one axis. Even when the cover of the housing assembly is moved in a contrary or oblique direction after assembly, the physical and electronic security and integrity are maintained, as any movement will set off the tamper notification.

Abstract: In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.

Abstract: Disclosed is an operating method of a non-volatile memory device which comprises randomizing data to store the randomized data; erasing the randomized data; and outputting erase data according to information of a flag cell of the non-volatile memory device at a read operation.

Abstract: Mechanisms are disclosed that allow for execution of unsigned content and the securing of resources in a closed system when such unsigned content is executing on the system. For example, an access layer is used between an operating system layer of the closed system and the actual unsigned content. This access layer may contain various sub-layers, such as a graphics layer, an audio layer, an input layer, and a storage layer. These layers can control access that the unsigned content can have to the native operating system layers and the associated resources of the closed system. By providing such an access layer, unsigned content, e.g., video games, can run on the closed system that is typically designed to run only signed content.

Abstract: Systems and methods for securing devices and encoding information in hardware and hardware arrangements are provided. Variations include switched networks included in conformal coatings applied to or connected to components to be protected or encoded. The decoding or security key data is included as part of the network layout and/or switching logic such that physical changes to the network prevent the recovery of the key data. Nodes in the network may include sensors meant to change node or network behavior based on sensor detection results.

Abstract: A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.

Abstract: A method for protecting a control device against manipulation in which a number of set of keys for decoding cryptographic functions is provided, a key switch being additionally provided, via which the cryptographic functions access sets of keys.

Abstract: A mesh grid protection system is provided. The system includes assertion logic configured to transmit a first set of signals on a first set of grid lines and a second set of grid. lines. The system also includes transformation logic to transform the first set of signals to generate a second set of signals, to transmit the second set of signals on a third set of grid lines that are coupled to the first set of grid lines, and to transmit the second set of signals on a fourth set of grid lines that are coupled to the second set of grid lines. In addition, the system includes verification logic; to compare the second set of signals on the third and fourth set of grid lines to an expected set of signals.

Abstract: A roll compensation system for an electronic device, a method of mitigating impact of an electronic device and an impact-resistant mobile device incorporating the system or the method. In one embodiment, the system includes: (1) a plurality of sensors operable to detect orientation and motion of the electronic device, (2) a controller configured to detect a fall based on the motion and determine a mitigating roll based on the orientation and the motion and (3) a compensator operable to carry out the mitigating roll thereby reducing the probability of a catastrophic impact.

Abstract: In a method for controlling physical access to a computing device a first access request to a room containing the computing device is received. In response, a processor determines that the first access request is valid based on the room and the date and time of the first access request and unlocks a door to the room to permit entry to the room. Subsequently, a second access request to a cabinet that is located in the room and contains the computing device is received. In response, a processor determines that the second access request is valid based on the cabinet and the date and time of the second access request and unlocks the cabinet to permit access to the computing device.

Abstract: Aspects of the disclosure relate to combining on-chip structure with external current measurements for threat detection in an integrated circuit. This method considers Trojans' impact on neighboring cells and on the entire IC's power consumption, and effectively localizes the measurement of dynamic power. An on-chip structure can permit threat detections. In one aspect, the on-chip structure can comprise a plurality of sensors distributed across the entirety of the IC, with each sensor of the plurality of sensors being placed in different rows of a standard-cell design. In another aspect, data analysis can permit separating effect of process variations on transient power usage of the IC from effects of a hardware threat such power usage. The on-chip structure also can be employed for implementation of a PE-PUF.

Abstract: A processing device comprising a processor coupled to a memory is configured to determine a risk of simultaneous theft of a primary device and at least one satellite device associated with the primary device, and to identify said at least one satellite device as an appropriate authentication factor for use in an authentication process involving the primary device, based at least in part on the determined risk. The identified satellite device may serve as an additional or alternative authentication factor relative to one or more other authentication factors. The processing device may comprise the primary device itself, or another separate device, such as an authentication server that also participates in the authentication process. Information associated with the identified satellite device is utilized in the authentication process to authenticate a user of the primary device.

Abstract: A device and system for management of and access to externally connected peripheral devices by mobile devices. User and/or application data on a mobile device is sent to externally connected peripheral devices. External peripheral devices includes, but are not limited to, printers, scanners, displays, audio interfaces, speakers, network adapters, storage drives, hard drives, and the like. An end user mobile device application interface is installed as an application on a mobile device. Data may be sent directly to a peripheral device, or to a peripherals aggregation device, which may be active or passive.

Abstract: A device and a method for protecting a cryptographic module of which the method includes: estimating a functionality of a circuit that is adapted to malfunction when a physical parameter has a first value different from a nominal parameter value at which the cryptographic module functions correctly. The cryptographic module malfunctions when the physical parameter has a second value different from the nominal parameter value and a difference between the first value and the nominal parameter value being smaller than a difference between the second value and the nominal parameter value. A cryptographic module protective measure is applied if estimating that the circuit malfunctions.

Abstract: Methods and systems provide a USB memory stick protected by an attached CIK. This system includes a USB memory stick composed of a main body and a cap. The main body houses the memory for data storage as well as the encrypt/decrypt device and ancillary circuitry. The cap houses the CIK, simultaneously providing a storage mechanism for the CIK as well as keeping the CIK obscured from plain view and visual detection.

Abstract: A system and method for disposing one or a plurality of flying sense electrode segments so as to physically cover integrated circuits, circuit pathways and other components on at least one circuit board to physically secure the circuits, pathways and components from probes or data interception.

Abstract: Provided are methods and systems for preventing hardware Trojan insertion. An example method can comprise determining unused space in an integrated circuit (IC), selecting a plurality of built-in self-authentication (BISA) filler cells based on the determined unused space, and placing the selected plurality of BISA filler cells onto the unused space. The plurality of BISA filler cells can be connected to form a plurality of BISA blocks. The plurality of BISA blocks can correspond to a plurality of signatures. A modification of one or more BISA filler cell can lead to an alteration of one or more signatures.

Abstract: A deformable tamper sensor and tamper resistant electronic system is operable to detect opening of an enclosure and perform actions responsive to the detection. Movable elements within the tamper sensor are held in position when the sensor is compressed and define a multi-bit sensor value. Transitioning the sensor from a compressed to a non-compressed state non-destructively provides a new sensor value through movement of one or more elements.

Abstract: A system and method are provided for the cut-through encryption of packets transmitted via a plurality of input/output (IO) ports. A system-on-chip is provided with a first plurality of input first-in first out (FIFO) memories, an encryption processor, and a first plurality of output FIFOs, each associated with a corresponding input FIFO. Also provided is a first plurality of IO ports, each associated with a corresponding output FIFO. At a tail of each input FIFO, packets from the SoC are accepted at a corresponding input data rate. Packet blocks are supplied to the encryption processor, from a head of each input FIFO, in a cut-through manner. The encryption processor supplies encrypted packet blocks to a tail of corresponding output FIFOs. The encrypted packet blocks are transmitted from each output FIFO, via a corresponding IO port at a port speed rate effectively equal to the corresponding input data rate.

Abstract: A method for securely reporting location information after an attack on a computing device is presented. Such information may be reported to a requesting entity in a manner almost transparent to an attacker. Several exemplary embodiments of systems wherein the method may be used are presented.

Abstract: A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption and re-encryption (transcription) is performed substantially independently of the host computer. In addition, a data storage device, readable by a computer system, for implementing the above method for protecting information is provided.

Abstract: An apparatus includes a mesh block, a first number generator configured to generate a first number, a second number generator configured to generate a second number, and a comparator block configured to compare the first number with the second number and generate an output signal from the mesh block. The output signal indicates an occurrence of an unauthorized activity on the mesh block.

Abstract: A method for identifying EMI sources in a system having a plurality of electrical components connected together by cables wherein each set of two electrical components connected by a cable forms a potential EMI source. A plurality of antennas are positioned around the vehicle and the EMI from each antenna is measured over a plurality of frequencies and the frequencies having an EMI greater than a predetermined threshold and a measurement profile of the received EMI versus the antennas for each of the identified frequencies is created. EMI reception is then simulated for each potential EMI source and a simulation profile of the received EMI versus the antennas is plotted for each potential EMI source. The actual source of the EMI is then identified by comparing the measurement profile with the simulation profile for the potential EMI sources at each frequency to determine a match of the profiles.