Abstract: A system and method for protecting information on a mobile device. The method and apparatus obtain a predetermined portion of asymmetric information upon an input of the asymmetric information in the mobile device; generate an identifier by using a first generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate an encryption key by using a second generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate ciphered information by using an encryption algorithm that uses the encryption key and the information as algorithm inputs; associate the identifier with the ciphered information; and store the ciphered information as associated with the identifier.

Abstract: In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification.

Abstract: Various embodiments described and illustrated here include one or more of systems, methods, software, and data structures that may be used to implement policies for hardware access and monitoring control in concert with a premises security system that controls ingress and egress of a facility. One embodiment includes identifying when certain devices are removed or decoupled from a computer and preventing one or more users of that computer from leaving a facility within which the computer is located.

Abstract: A method and circuit for implementing conductive microcapsule rupture to generate a tamper event for data theft prevention, and a design structure on which the subject circuit resides are provided. A polymeric resin containing microcapsules surrounds a security card and a tamper sensor device provided with the securing card. Each microcapsule contains a conductive material. The conductive material of the microcapsule disperses onto the tamper sensor device on the security card responsive to the microcapsule being ruptured to create a change in resistance, reducing the resistance of a security mesh of the tamper sensor device. The microcapsules are more sensitive to pressure than a tamper mesh of the tamper sensor device and therefore rupture first, creating the change in resistance when dispersed onto the tamper sensor device. The resistance change is detected by the tamper sensor device and the security card is disabled to prevent data theft.

Abstract: Self-contained security for memory devices or, alternatively, for other devices and/or other types of machinery to be protected with user authentication. User authentication occurs within the device itself, enabling access to be physically unlocked when the proper security code is provided. A dialing approach is used, whereby a user rotates a disk-shaped device through a sequence of numbers or other symbols, in a similar manner to rotating the dial of a padlock. The device is inserted into a host device or receptacle (such as a Universal Serial Bus, or “USB”, port), and receives power therefrom.

Abstract: In response to a tamper-attempt indication, a memory device selectively disables one or more memory operations. Disabling can be accomplished by different techniques, including altering bias voltages associated with performing the memory operation, gating off a current needed for performing the memory operation, and limiting the needed current to a magnitude below the threshold magnitude required for the operation. After disabling the memory operation, a mock current can be generated. The mock current is intended to mimic the current normally expended during the memory operation when not disabled, thereby leading a user to believe that the device is continuing to operate normally even though the memory operation that is being attempted is not actually being performed.

Abstract: A verification method including a set flow and the identification flow is provided. The set flow includes: displaying an original outline pattern; executing a coloring operation on the original outline pattern in response to a user encryption coloring event to generate and display a colored outline pattern; storing the colored outline pattern. The identification flow includes: displaying an original outline pattern; executing a coloring operation on the original outline pattern in response to a user verification coloring event to generate and display a to-be identified colored outline pattern; determining whether the to-be identified colored outline pattern is equal to the colored outline pattern; if yes, triggering the verification pass event; if not, triggering the verification fail event.

Abstract: A method and apparatus is described herein for emulating a physical trusted platform module (TPM) in a virtual monitor, such as a system management mode (SMM) or a system management interrupt (SMI) transfer monitor (STM). By allowing SMIs during a secure launch, SMM is allowed into the secure launch trust perimeter and a virtual monitor may emulate the structures, behaviors, and protected storage of a physical TMP, such as the storage of cryptographic keys, secure verification, attestation, and other TPM functions.

Abstract: A smart wallet that can only be exclusively opened by an authorized individual through biometric authentication is disclosed. The smart wallet also has a security system associated therewith to prevent the smart wallet from being lost or stolen. The system comprises a fob key configured to send periodic wireless transmissions to the smart wallet device having the ability for approximate range detection. Various embodiments include audible, visual and vibrational indications for authentication, battery power and range detection.

Abstract: A method and circuit for implementing security protection with carbon nanotube based sensors for cryptographic applications, and a design structure on which the subject circuit resides are provided. A carbon nanotube layer is incorporated with a polymeric encapsulation layer of a security card. Electrical connections to the carbon nanotube layer are provided for electrical monitoring of electrical resistance of the carbon nanotube layer.

Abstract: An automated method and apparatus is provided for deterring unauthorized use or theft of electronic devices, or other sorts of items into which a tracking device has been installed, particularly those in a distribution channel.

Abstract: One feature pertains to a method that includes implementing a Physical Unclonable Function (PUF) circuit, and obtaining a first set of output bits from the PUF circuit by operating the PUF circuit at a first supply voltage level and/or first frequency. Then, at least one of the first supply voltage level is changed to a second supply voltage level and/or the first frequency is changed to a second frequency, where the second supply voltage level and the second frequency are different than the first supply voltage level and the first frequency, respectively. A second set of output bits is then obtained by operating the PUF circuit at the second supply voltage level and/or the second frequency, where the second set of output bits is in part different than the first set. Secure data is generated using the first set of output bits and the second sets of output bits.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user.

Abstract: A mesh grid protection system is provided. The system includes grid lines forming a mesh grid proximate to operational logic and assertion logic configured to transmit a first set of signals on a first set of grid lines. The system also includes transformation logic coupled to the grid lines and configured to receive the first set of signals and transform the first set of signals to generate a second set of signals and transmit the second set of signals on a second set of grid lines. The system further includes verification logic coupled to the transformation logic and configured to compare the second set of signals to an expected set of signals.

Abstract: At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails.

Abstract: A process is disclosed for capturing screenshots on an electronic device of a user, and for transmitting representations of the captured screenshots to a monitoring system for storage. The captured screenshot data may, for example, be used to recover a device that is lost or stolen.

Abstract: A data entry device including a housing formed of at least two portions, data entry circuitry located within the housing, at least one case-open switch assembly operative to sense when the housing is opened and tamper indication circuitry operative to receive an input from the at least one case-open switch assembly and to provide an output indication of possible tampering with the data entry circuitry located within the housing. The at least one case-open switch assembly includes an arrangement of electrical contacts arranged on a base surface and a resiliently deformable conductive element, which defines a short circuit between at least some of the arrangement of electrical contacts only when the housing is closed.

Abstract: Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another. One aspect pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect pertains to provisioning software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices can, for example, be provisioned differently depending on different degrees or levels of authentication, or depending on manufacturer or product basis. Still another aspect pertains to using an accessory (or adapter) to convert a peripheral device (e.g., USB device) into a host device (e.g., USB host). The improved techniques are particularly well suited for electronic devices, such as media devices, that can receive accessory devices.

Abstract: An optical transceiver module is authenticated in a host system. A host generates a data string and writes the data string to a first predetermined memory location known to the transceiver. The data string is cryptographically altered (either encrypted or decrypted) by the transceiver and written to a second predetermined memory location known to the host. The host retrieves the cryptographically altered data string and performs a complementary cryptographic operation (either a decryption or encryption, respectively) thereon, creating a resulting data string. If the resulting data string is equal to the data string written to the first predetermined memory location, the transceiver is authenticated. The host and the transceiver may switch roles, with the transceiver generating the data string, the host cryptographically altering it, and so on. The host encrypts data strings when the transceiver decrypts data strings, and vice versa.

Abstract: Systems, methods and computer software utilized in the implementation of tamper protection, where unique information associated with data storage tapes and with particular revisions of these tapes is stored on the storage medium itself and on a memory of the tape cartridge, so that the data can be compared to determine whether unauthorized modifications have been made to the tapes. One embodiment is a system which includes an archive node appliance coupled between a set of hosts and a tape media library. The archive node appliance presents files stored on a tape of a media library as a directory. The archive node appliance maintains tamper prevention data on the tape and on an auxiliary memory on the cartridge of the tape, and determines from this data whether the tape has been altered by an authorized system.

Abstract: A method and circuit for implementing data theft prevention, and a design structure on which the subject circuit resides are provided. A polymeric resin containing microcapsules surrounds a security card. Each microcapsule contains a conductive material. The conductive material of the microcapsule provides shorting on the security card responsive to the polymer resin and the microcapsule being breached, and a data theft prevention function using the shorting by the conductive material to prevent data theft.

Abstract: Whether a combination method defined in an output rule satisfies a combination condition of each content specified in a play list is judged in order of priority defined in a priority list. Based on the judgment result, the output rule is edited in such a manner that the combination condition of each content specified in the play list is satisfied. The resources of the combination target contents specified in the play list are combined in accordance with the combination method of the edited output rule.

Abstract: System for conducting remote biometric operations that includes a biometric data reading device connected to a personal computer and configured to send said encrypted data to a remote data authentication center for establishing a secure communications channel once the user identity has been verified by means of said biometric data. This invention refers to a remote biometric operations system that can be connected to a computer to carry out electronic banking and other similar operations with a certain degree of safety.

Abstract: A detection method for detecting fraud with respect to a card reader. The card reader includes a removal detection switch for detecting a removal from a housing of a user operation terminal, a first RAM that can erase removal detection recognition data being stored therein, according to an output signal from the detection switch, a second RAM being independent of the first RAM and storing authentication key data. The method includes erasing the removal detection recognition data is erased when the card reader is removed from the housing of the user operation terminal. Afterwards, the authentication key data is changed after completion of predetermined authentication procedures when the card reader is mounted into the housing of the user operation terminal. Then, the changed authentication key data is stored in the second RAM, while the removal detection recognition data is stored in the first RAM.

Abstract: System and method for monitoring the security of computing resources. A server agent and client agents can be deployed to provide a method and a means for monitoring security-related settings for a plurality of computing systems deployed throughout an enterprise. The status of each setting can be recorded, and these results can be used to produce a compliance report for the computing system, as well as reports for groups of computing system or the entire enterprise. The reports or portions of a report or reports can be provide to users of the system via a Web site, Email alerts, or any other suitable mechanism. A compliance score for a system or collection of systems can be calculated and used and/or displayed as part of the reports that are generated.

Abstract: A system, method, and computer program product are provided for redirecting internet relay chat (IRC) traffic identified utilizing a port-independent algorithm and controlling IRC based malware. In use, IRC traffic communicated via a network is identified utilizing a port-independent algorithm. Furthermore, the IRC traffic is redirected to a honeypot.

Abstract: A card holding device featuring a housing with a plurality of slots in the top panel that allow passage of credit cards. Card holding mechanisms are disposed in the housing, which engage the credit cards. The card holding mechanisms can store the cards or eject the cards when activated. The card holding mechanisms can be locked and unlocked via a biometric scanner. Disposed on the housing is a display adapted to display the names or icons of each credit card stored in the device. When a user presses the icon, the card holding mechanism is activated and ejects that specific credit card from the housing.

Abstract: A system and method for securing data to be protected of a piece of equipment are provided. The equipment comprises: a space; at least one device for processing the data; a safety module comprising at least one controller connected to at least one memory for sensitive data, the sensitive data giving access to the data; and at least one supervision sensor. The method comprises: transmitting at least one signature through the sensor(s), to the safety module, the signature being based on a signal received by the respective sensor and giving information on the physical condition of the space; comparing in the safety module at least one of the signatures and/or a value inferred from at least one of the signatures with at least one reference value and/or at least one reference signature; limiting access to the data being based on the comparison of at least one of the signatures.

Abstract: Techniques are able to lock and unlock and integrated circuit (IC) based device by encrypting/decrypting a bus on the device. The bus may be a system bus for the IC, a bus within the IC, or an external input/output bus. A shared secret protocol is used between an IC designer and a fabrication facility building the IC. The IC at the fabrication facility scrambles the bus on the IC using an encryption key generated from unique identification data received from the IC designer. With the IC bus locked by the encryption key, only the IC designer may be able to determine and communicate the appropriate activation key required to unlock (e.g., unscramble) the bus and thus make the integrated circuit usable.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a server having a controller to receive a monitoring signal from a network plug-in device where the monitoring signal includes location and identification information associated with the network plug-in device and where the server is remote from the network plug-in device, and determine whether the network plug-in device is in an unauthorized location based at least in part on the monitoring signal. Other embodiments are disclosed.

Abstract: A method for authenticating a computing device or hardware component includes computer-implemented process steps for assigning a unique identifier to the hardware component, generating a baseline fingerprint for the hardware component using algorithm-processing characteristic configuration data determined from the hardware component as input, wherein the baseline fingerprint is capable of being regenerated from the hardware component so long as configuration of the hardware component is not changed, transmitting the identifier in association with the baseline fingerprint for storage in a computer-readable data structure, and generating a data signal, in response to a query comprising the assigned identifier, indicating whether the stored baseline fingerprint for the assigned identifier matches a second fingerprint regenerated from the hardware component at a time after the baseline fingerprint is generated.

Abstract: Various embodiments disclosed herein are directed to gaming devices having a secured basic input/output system (BIOS) and methods for determining the validity of the gaming device's BIOS. According to one embodiment, the gaming device includes a secured module for authenticating the BIOS of the gaming device. During the boot-up process, the secured module issues a challenge to the BIOS. The BIOS generates a response to the challenge, and the secured module determines whether the BIOS response matches the calculated response of the secured module. If the BIOS response matches the secured module response, the gaming device continues the boot process. Otherwise, the boot process is halted by the gaming device.

Abstract: An anti-keylogger computer network system includes a servo-side host computer, with a servo software which requires the user to enter confidential data. An application-side host computer is provided and a keyboard is connected to the application-side host computer. The keys on the keyboard are divided into a data key and control key. An application software is installed in the application-side host computer to receive the instructions from the servo software, and to determine when the anti-keylogger function of the keyboard module shall be started and closed. A connection network is provided for connecting the servo-side host computer to the application-side host computer. A Translate Table program is installed in the application-side host computer and a Translate Table translation program is installed in the servo software of servo-side host computer.

Abstract: An electronic device includes a housing, a function module, and a mechanical lock. The mechanical lock includes a lock shell, a plurality of lock wheels, a lock axle, a first conductive component, and a second conductive component. Rotation of the lock wheels to an unlocking state permits movement of the lock axle between two positions, where the first conductive component and the second conductive component are electrically connected or disconnected. When the first conductive component and the second conductive component are electrically connected, the function module is able to electrically connect to a power source so as to obtain electrical power therefrom.

Abstract: A device may include a trusted component. The trusted component may be verified by a trusted third party and may have a certificate of verification stored therein based on the verification by the trusted third party. The trusted component may include a root of trust that may provide secure code and data storage and secure application execution. The root of trust may also be configured to verify an integrity of the trusted component via a secure boot and to prevent access to the certain information in the device if the integrity of the trusted component may not be verified.

Abstract: In one implementation, a processor is provided that includes logic to enable a transition from a zeroize state to a clear state. In another implementation, a processor is provided that includes logic to enable a testing secure state, the testing state to enable a testing function; logic to enable a clear state, the clear state to enable a non-secure processing function and to disable a security function; logic to enable a transition from a testing secure state to a clear state; and logic to enable a full secure state, the full secure state to enable the processing function. In another implementation, a processor is provided that includes logic to disable a transition from a clear state to a secure state.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: The present disclosure relates generally to audio and video processing. One claim recites a portable apparatus comprising: electronic memory comprising one or more identifiers, each of the identifiers being associated with previously accessed audio or video items, with each previously accessed audio or video item including an identifier associated therewith; and a logic processor programmed for: a. restricting access to an encountered audio or video item if an identifier associated with the encountered audio or video item is one of the one or more identifiers associated with the previously accessed audio or video items, and b. limiting a number of content items with different user identifiers that can be accessed in a predetermined amount of time. Other claims and combinations are provided as well.

Abstract: Provided are an anti-malware scanning system and a method thereof. The system includes: a host; and a chip which is removably connected to the host, receives a file to be scanned from the host, and scans whether malware exists in the file, wherein the host adjusts a size of the file to be scanned to correspond to a storage capacity of a storage unit of the chip and transmits the adjusted file to the chip. Accordingly, scanning is performed effectively even in an environment in which resources of the anti-malware scanning system are limited.

Abstract: It is an object of this invention to provide an FPC capable of improving tamper resistance. An FPC (1) of this invention includes: a signal line pattern (2) for inputting a communication signal; and signal protective line patterns (3, 4) provided to be opposed to an upper surface and a lower surface of the signal line pattern and having the same width as a width of the signal line pattern (2) or a larger width than the width of the signal line pattern (2). The signal protective line patterns are provided along the signal line pattern within a region that requires tamper resistance.

Abstract: A secured computing system comprising a secure computing device capable of securing a host-computing device positioned nearby. The system further comprises a processing device, a battery charging circuit and a power measurement device, secured peripherals, radios such as 3G, 4G, Wi-Fi, Wi-Max, and LTE, a processing device to perform the required instructions and algorithms for configuring and performing security functions, processing device support components such as memory and co-processors to support the processing device. Finally, the system includes embedded software such as the source or executable files necessary to perform the instructions or algorithms to perform security functions.

Abstract: A smart wallet that can only be exclusively opened by an authorized individual through biometric authentication is disclosed. The smart wallet also has a security system associated therewith to prevent the smart wallet from being lost or stolen. The system comprises a fob key configured to send periodic wireless transmissions to the smart wallet device having the ability for approximate range detection. Various embodiments include audible, visual and vibrational indications for authentication, battery power and range detection.

Abstract: Methods and arrangements for ensuring that, when a computer system is stolen or otherwise misplaced, the system is rendered unusable (i.e., locked down). Conventional solutions have required software running on the system to perform the lockdown action, but in accordance with at least one preferred embodiment of the present invention is the linkage of TPM (Trusted Platform Module) and AMT (Active Management Technology) solutions whereby an AMT arrangement can remove secure data or identifiers so that any encrypted data present on the system will become unusable.

Abstract: This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified.

Abstract: A device, method, system and computer readable medium are disclosed for the remote, intelligent capture of screenshots and keystrokes which can subsequently be transmitted with reduced bandwidth requirements.

Abstract: Systems and methods for handling user interface field data. A system and method can be configured to receive input which indicates that the mobile device is to enter into a protected mode. Data associated with fields displayed on a user interface are stored in a secure form on the mobile device. After the mobile device leaves the protected mode, the stored user interface filed data is accessed and used to populate one or more user interface fields with the accessed user interface field data for display to a user.

Abstract: The present invention provides apparatuses and methods for restricting access to a control unit in an environmental system based on a lock level. The control unit (e.g., a thermostat) is configured with a selected lock level, where each lock level is mapped to an associated set of features. A user is able to access any of the features from the associated set of features without entering a security sequence. Also, a feature parameter may be restricted in accordance with the activated lock level. The control unit may be reconfigured with a different lock level by an administrator only when a security sequence is entered. Also, features may be mapped by an administrator to a set of features when the control unit is operating in the locked state. When the control unit is operating in the unlocked state, all supported features can be accessed by a user.

Abstract: The present technique relates to an information processing device, an information processing method, a record medium and a program which can prevent hot insertion and extraction of an SIM card. A removing unit removes a tray storing a storage member. A removal detector detects an operation of starting removal of the tray before the removing unit removes the tray. A power controller stopping power supplying to the storage member when the removal detector detects the operation of starting the removal of the tray may be employed. The present technique may be applied, e.g., to a personal computer.

Abstract: A method and device for securing a removable Attached Computer Module (“ACM”) 10. ACM 10 inserts into a Computer Module Bay (“CMB”) 40 within a peripheral console to form a functional computer such as a desktop computer or portable computer. The present ACM 10 includes a locking system, which includes hardware and software 600, 700, to prevent accidental removal or theft of the ACM from the peripheral console. While ACM is in transit, further security is necessary against illegal or unauthorized use. If ACM contains confidential data, a high security method is needed to safeguard against theft.