Abstract: Systems, methods, and non-transitory computer-readable storage media are provided for remotely initiating lost mode on a computing device. A request that lost mode be initiated can include a message and contact information provided by the requesting user. Once authenticated, a command to initiate lost mode is sent to the lost device. Initiating lost mode includes locking the lost device and suppressing select functionality. The message and contact information are displayed and the lost device is enabled to contact the requesting user using the contact information. The lost device can also collect and transmit location data to the requesting user. The location data can be presented on a map indicating the lost devices location and the time the lost device was at the location. The location data can be scheduled to be resent to the user based on numerous factors such as a set schedule, rules or heuristic.

Abstract: The present invention discloses a bus monitor for enhancing SOC system security and a realization method thereof. The bus monitor disposed between a system bus and a system control unit includes a configuration unit, a condition judgment unit, an effective data selection unit, a hardware algorithm unit and a comparative output unit. Without affecting the bus access efficiency, the present invention provides the method capable of immediately monitoring the bus behavior, and the detection system notices whether a particular bus access serial behavior is changed due to an accidental fault or intentional attacking fault. If the particular bus access serial behavior is changed, the present invention warns the system to adopt a suitable security measure to prevent the security hidden trouble and leakage of classified information due to the incorrect system security process.

Abstract: A computer return apparatus includes a processor. The apparatus includes a memory connected to the processor. The apparatus includes a display. The apparatus includes a return screen that the processor automatically causes to appear during or after boot-up of the processor on the display, that displays information concerning an owner who owns the computer, concerning user information about who the user is who the computer is assigned to for use, and return information for returning the computer to the owner from data stored in the memory. A method for displaying information to assist with returning a computer to its owner.

Abstract: A device and software utilizing Global Positioning Satellite (GPS) technologies for monitoring and recovering portable computing devices and, a method and system for acquiring such devices, protecting data on such devices, and for compensating owners of devices. A GPS mechanism of the invention provides real time tracking of missing devices that may be coordinated with security agencies to intercept and recover missing computing devices. When a stolen device is unrecoverable, the invention may receive a signal to initiate data recovery where a wireless network is available to recover data for the owner. Alternatively, the GPS mechanism instructs the device to encrypt or destroy stored data files to prevent commercial espionage or privacy violations. The invention discloses a software system and method for computing a purchase price of the GPS mechanism, computing compensation for loss of the device and lost data.

Abstract: A device and software utilizing Global Positioning Satellite (GPS) technologies for monitoring and recovering portable computing devices and, a method and system for acquiring such devices, protecting data on such devices, and for compensating owners of devices. A GPS mechanism of the invention provides real time tracking of missing devices that may be coordinated with security agencies to intercept and recover missing computing devices. When a stolen device is unrecoverable, the invention may receive a signal to initiate data recovery where a wireless network is available to recover data for the owner. Alternatively, the GPS mechanism instructs the device to encrypt or destroy stored data files to prevent commercial espionage or privacy violations. The invention discloses a software system and method for computing a purchase price of the GPS mechanism, computing compensation for loss of the device and lost data.

Abstract: A computer chassis includes a chassis body, a control unit, a motor unit, a gate unit and a detection unit. The chassis body defines an opening. The motor unit is electronically connected to the control unit. The gate unit is connected to the motor unit. The detection unit is electronically connected to the control unit. The gate unit and the detection unit are positioned in the opening, the detection unit detects and sends a detection signal to the control unit, the control unit receives the detection signal and control the motor unit to closes the gate unit.

Abstract: The invention provides a method for programming a chip for a mobile end device, wherein, in a preparatory step, a serial number is programmed into the chip and thereafter, in a programming step, the serial number is verified and a programming of at least one further datum into the chip is only carried out if the serial number has been successfully verified. The serial number is verified here by means of a security module (HSM), while employing a secret information item stored in the security module (HSM) and different from the serial number.

Abstract: A portable electronic device includes a storage unit in which information indicating correct process contents is stored. A reception unit of the portable electronic device receives a command for requesting a process from an external device, and the portable electronic device determines whether or not process contents to be executed according to the received command are matched with process contents stored in the storage unit. When it is determined that process contents according to the received command are matched with process contents stored in the storage unit, the portable electronic device executes a process according to the command received by the reception unit.

Abstract: Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.

Abstract: The method for protecting a cryptography circuit from attacks aiming to discover a secret datum (Di, K) used during execution by the circuit of a cryptography algorithm comprising the application (22) of at least one cryptographic operation (Oi) to the data (Di), said data belonging to a first mathematical structure (E) having at least one group structure and provided with at least one binary operation, is characterized in that it comprises a step (OPi) for protecting said cryptographic operation, comprising applying (20) to said data (Di) at least one first reversible homomorphism (Mi), compatible with said binary operation, before applying (22) said cryptographic operation (Oi), and applying (24) at least one second hornornorphisrn (Mi?1), opposite the first homomorphism (Mi), after applying said cryptographic operation (Oi).

Abstract: Disclosed is a device including: a control section; a tamper detection section to detect changes of predetermined states of a plurality of pre-defined parts of the device, and to output detection information; a storage section to store the detection information, and request information for requesting the tamper detection section to detect a change of a predetermined state of a specific part of the plurality of parts, wherein when a main power supply section of the device is in an off-state, the electric power is supplied to the control section, the tamper detection section and the storage section from a standby power supply section, and the control section controls the tamper detection section and the storage section so that the tamper detection section detects the change of the predetermined state of the specific part in accordance with the request information, and the storage section stores the detection information.

Abstract: A tamper detector has input and output pins for connection to ends of a tamper detection circuit, and a corresponding set of linear feedback shift registers (LFSRs) timed by clock signals for generating pseudo-random coded detection signals as a function of seed values and of a generator polynomial defined by feedback taps. A comparator compares signals received from the detection circuit with the coded detection signals. A multiplexer provides the coded detection signal selectively from the LFSRs to the output pin and the comparator. A controller varies the seed values for different cycles of values of the pseudo-random coded detection signals. The controller also controls the generator polynomial and a frequency of the clock signals for different cycles of values of the pseudo-random coded detection signals.

Abstract: An embedded MultiMediaCard (eMMC), an electronic device equipped with an eMMC and an eMMC engineering board are disclosed. The eMMC includes an eMMC substrate plate, a plurality of solder balls and an eMMC chip. The solder balls are soldered to the eMMC substrate plate, and, one of the solder balls is designed as a security protection enable/disable solder ball. The eMMC chip is bound to the eMMC substrate plate, and, the eMMC chip has a security protection enable/disable pin electrically connected to the security protection enable/disable solder ball. The security protection enable/disable pin is internally pulled high by the eMMC chip when the security protection enable/disable solder ball is floating. When the security protection enable/disable solder ball is coupled to ground, the eMMC is protected from software-based attacks.

Abstract: The invention provides a Control and Monitoring Module internal or external to a Safe Equipment such as: Point of Sale (POS) Terminals, PINPAD Terminals and Encrypted Keyboards, designed and implemented in order to detect current consumption variations of the equipment, thus indicating the presence of undesired circuit inserted in parallel in the original circuit of the Safe Equipment. The Control Module uses electrical current consumption sensors in microprocessor circuits capable of identifying variations in consumption.

Abstract: A method and apparatus for interfacing a host computer with a hard drive cartridge is disclosed in one embodiment. The virtual device interface is divided between a kernel component in a driver stack of the kernel space and a user component configured to run in user space. The kernel component passes data commands from the operating system to a cartridge dock while separating other commands that are passed to the user component. The user component authenticates the kernel component and/or the hard drive cartridge. Use of the removable hard drive cartridge is also authorized by the user component.

Abstract: In one or more embodiments, an intelligent communications device is disclosed. In one embodiment, a plurality of circuit boards are operative to perform communication functions in a network, where the device includes a first circuit board and a second circuit board. The device includes a first actuatable member that is operative to selectively activate circuitry on the second circuit board, where the first actuatable member has a toggle switch that is operative to disable power supplied to the second circuit board while the first circuit board retains power and is fully operative to perform communications functions. The device includes a second actuatable member that is operatively coupled to an enclosure and a detachable cover. The detachable cover is configured to raise an alert when an unauthorized entity attempts to access the circuitry.

Abstract: An F-RAM authenticating memory device and method providing secure mutual authentication between a Host system and a memory in order to gain read/write access to the F-RAM user memory contents. The device and technique of the present invention uses an Advanced Encryption Standard AES128 encryption module in conjunction with a true hardware random number generator and basic exclusive OR (XOR) functions in order to achieve a secure algorithm with a relatively small amount of processing. Due to inherently faster write times than that of conventional floating gate non-volatile memory technologies, the use of F-RAM significantly reduces the time available to interfere with a critical security parameter (CSP) update. Moreover, unlike floating gate technologies, F-RAM's read vs. write current signature is balanced making it less prone to side channel attacks while also providing relatively faster erase times.

Abstract: A method for manipulating security of an integrated circuit layout, comprising: rendering a PCell that is created by an original user for a successive user; providing an open access to the PCell; providing a PCell evaluator to execute evaluating steps of: getting license information from the PCell, and checking the PCell license information; and generating a layout of a sub-master by instantiating a super-master of the PCell if the PCell license information is valid, or leave the sub-master empty in a PCell view if the PCell license information is invalid.

Abstract: A system includes a transmit unit to transmit a signal including a data key, and a receiving unit to receive the signal. The receiving unit to determine an encryption key based at least in part on the data key and to decrypt encrypted data using the encryption key.

Abstract: An automatic lock and automatic unlock method for a computer system and the associated computer system are provided. The method includes steps of detecting whether a user is in a predetermined range when a computer system is in an unlock status and recording a duration during which the user is not in the predetermined range, controlling the computer system to enter a lock status when the duration is greater than a predetermined time, determining whether the user has an effective authority when the computer system is in the lock status and the user is detected in the predetermined range, and controlling the computer system to enter the unlock status when the user has the effective authority.

Abstract: Techniques for securing a client. Two or more varieties of location information for a client may be received. The present location of the client is determined using the two or more varieties of location information. A determination is made as to whether any of the varieties of location information were received during an immediately preceding bounded interval of time having a predefined length. A weight associated with each variety of location information that was received during the immediately preceding bounded interval of time is determined. The present location of the client is calculated using a weighted arithmetic mean for the varieties of location information that were received during the immediately preceding bounded interval of time.

Abstract: A system and method may allow for flexible transaction processing based on for example the risk assessment of a transaction and/or a user or party to a transaction. Based on a risk level, for example, a level of authentication for the transaction may be set or altered.

Abstract: Techniques for performing an action, based on the present location of a client, to protect resources of the client from theft or unauthorized access. A server may intermittently receive, from a client, location information such as GPS information, triangulation information based on one or more Wi-Fi access points, and IP trace information. The server may determine the client's location by (a) determining, for an interval of time, whether GPS information, triangulation information, and IP trace information are available for the client, and (b) based on the available GPS information, triangulation information, and IP trace information, determining the present location of the client, e.g., by determining a weighted arithmetic mean or by using a sequence of types of location information ordered based on accuracy. In response to following a security policy, the server may perform an action, specified by the security policy, based on the present location of the client.

Abstract: Embodiments of methods for restoration an anti-theft platform are generally described herein. Other embodiments may be described and claimed.

Abstract: Use of an electronic design in a configurable device is controlled by a secure device. The configurable device includes an authorization code generator having a sequence generator and an encryption core implementing an encryption algorithm. The secure device uses the same sequence generator and encryption core in its own authorization code generator. The sequence generators in the configurable device and secure device generate identical streams of values that are encrypted using the encryption algorithm. The encrypted values are compared in the configurable device by a comparator. When the streams of encrypted values are not identical, the electronic design is prevented from operating. Where the period of the sequence generated by the sequence generators is long, such as 264, the output of the encryption cores will contain that many different encrypted values, a substantial amount of highly randomized output used as authorization code for the protection of the electronic design.

Abstract: A recursive web crawling and analysis tool that includes conducting an initial crawl of a target to identify testable or analyzable objects. The objects are then parsed to identify vulnerabilities, as well as additional objects that can be analyzed. An attack is then launched against the analyzable objects in an effort to break or verify the vulnerabilities. During this attack, additional analyzable objects may be discovered. If such additional objects are discovered, the web crawler is invoked on the additional objects as well, and the results of the crawl are fed back into the parser and attacker functions.

Abstract: A method is provided of enhancing security of at least one of a host computing device and a peripheral device. In the method, the host computing device is coupled to the peripheral device through a communication interface. The method includes transparently receiving data from one of the peripheral device and the host computing device, and storing the received data. The method further includes analyzing the stored data to identify a circumstance posing a security risk. If analyzing does not identify such a circumstance, then the method includes transparently echoing the data to the other of the peripheral device and the host. If analyzing does identify such a circumstance, then the method includes performing a security process defined by a rule. Related apparatus is provided, as well as other methods and apparatus.

Abstract: An electronic asymmetric unclonable function applied to an electronic system being evaluated includes an electronic system and an AUF array electronically associated with the electronic system. The AUF array includes a plurality of non-identical cells. Each of the non-identical cells includes a test element representing a characteristic of the electronic system being evaluated and a measurement device evaluating the test element. A comparison unit processes an output of the measurement device to provide a multi-bit output value representing a magnitude of differences.

Abstract: A system, method, and computer program product are provided for conditionally preventing use of hardware virtualization. In use, an attempt to use hardware virtualization is identified. Further, the use of the hardware virtualization is conditionally prevented.

Abstract: In embodiments of a location control service, location data that identifies the location of a device is stored in a memory module, such as secured non-volatile memory or a storage module, of the device along with a timestamp that correlates to local time at the location of the device. A determination is then made as to whether the location of the device has changed. Functionality of the device can be disabled, and access to data stored on the device restricted, when determining that a change in location of the device was not authorized. Alternatively, the location data can be updated to identify a new location of the device when determining that a change in location of the device was authorized.

Abstract: Devices, systems, and methods are disclosed which relate to devices utilizing time-sensitive memory storage. The time-sensitive memory storage acts as normal device memory, allowing the user of the device to store files or other data to it; however the information stored on the time-sensitive memory storage is automatically erased, based on some storage time period. A limited amount of persistent storage is used for names and message headers.

Abstract: In some embodiments, the invention involves protecting a platform using locality-based data and, more specifically, to using the locality-based data to ensure that the platform has not been stolen or subject to unauthorized access. In some embodiments, a second level of security, such as a key fob, badge or other source device having an identifying RFID is used for added security. Other embodiments are described and claimed.

Abstract: Various embodiments for providing datapath security in a system-on-a-chip (SOC) device are described. In one embodiment, an apparatus may comprise a security controller to configure one or more functional units connected to a shared on-chip bus embedded in an SOC device to communicate with other functional units through one or more secure datapaths. The one or more functional units may be arranged to encrypt clear data, send encrypted data out through a secure datapath, receive encrypted data in from a secure datapath, and decrypt the encrypted data to recover clear data. Other embodiments are described and claimed.

Abstract: A processing system comprising: a first processor adapted to perform one or more tasks according to a predetermined schedule and generate one or more first outputs; and a second processor synchronised with the first processor; wherein the second processor is adapted to receive the one or more first outputs and generate one or more corresponding second outputs when the timing of the one or more first outputs corresponds with the predetermined schedule.

Abstract: A system and method for analyzing a device are disclosed. In an aspect, a method can comprise determining a parameter of a device at a kernel level of a software stack associated with the device, analyzing the parameter to determine an event state, comparing the event state to a white list to determine a state of an alert trigger, and generating an alert in response to the determined state of the alert trigger.

Abstract: A system, method, and computer program product are provided for a pre-deactivation grace period. In operation, a deactivation request is detected for a deactivation event. Further, the commencement of the deactivation event is delayed for a predetermined time period, in response to the deactivation request. Additionally, the deactivation event is commenced, after the predetermined time period.

Abstract: A method may include detecting initiation of a power-management mode that suspends the functionality of at least one component of a computing device while maintaining the functionality of the device's memory. The method may also include, before the device enters the power-management mode, (1) identifying, within the device's memory, an encryption key that is required to access encrypted data stored in the device's storage device, and (2) removing the encryption key from the device's memory in order to protect against unauthorized access of the encrypted data during implementation of the power-management mode. The method may also include, upon detecting discontinuation of the power-management mode, (1) obtaining user credentials from a user of the device in order to authenticate the user and, upon successfully authenticating the user, (2) using the user credentials to regenerate the encryption key in order to enable access to the encrypted data stored in the storage device.

Abstract: A data acquiring unit acquires electronic data. A tamper-resistant chip includes a storing unit that stores a confidential key specific to a device, and a collecting unit that collects device information that is internal information of the device. An attaching unit attaches collected device information to acquired electronic data. An encrypting unit encrypts the electronic data with the device information attached, using the confidential key stored in the storing unit.

Abstract: A mobile device out of range of other devices in a wireless network may be locked to provide security.

Abstract: An exemplary hardware component protecting method obtains an identifier inputted by a user. The method outputs an unlocking signal to trigger an electric lock corresponding to one locked hardware component to unlock a case corresponding to the one locked hardware component from the housing when the inputted identifier matches an identifier stored in the locked hardware component. The method also outputs a locking signal to trigger the electric lock corresponding to one newly installed hardware component to lock the case corresponding to the newly installed hardware component to the housing when the identifier stored in the hardware component matches an authorized identifier from a manufacturer's hardware support website.

Abstract: A system and method are used to connect an installed device to a local premise network, such as a home network provided by a router in the home. A user may use a host device, such as a mobile telephone that is already connected to the home network to provide the home network credentials to the installed device without having to enter the home network credentials manually into the installed device such as a thermostat.

Abstract: A method and a non-volatile memory apparatus for cloning prevention is provided. The non-volatile memory apparatus includes an Enhanced Media Identification (EMID) area, which is located in a specific area of the non-volatile memory, and stores an EMID for identifying the non-volatile memory; and an EMID encoder for modifying the EMID by a preset operation in conjunction with an arbitrary value.

Abstract: A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection.

Abstract: A mobile terminal and a method for protecting system data of the mobile terminal, wherein the critical system data of the mobile terminal is stored into the singlechip with 128-bits ID code, and the method of the public password encryption of the mobile terminal is applied such that the user has to pass the password authentication when the user accesses the data stored in the singlechip, thus protecting important system data of the mobile terminal, thereby protecting the legal right of the mobile terminal manufacturer, avoiding the counterfeit mobile terminal stealing the related technique of the mobile terminal, and prompting the normal development of the mobile terminal market at the same time.

Abstract: A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, a plurality of stored signatures are maintained in a signature database, each signature being associated with one of a plurality of registered documents. In one embodiment, the signature database is maintained by de-registering documents by removing the signatures associated with de-registered documents. In one embodiment, the database is maintained by removing redundant and high detection rate signatures. In one embodiment, the signature database is maintained by removing signatures based on the source text used to generate the signature.

Abstract: Authentication and association of hardware and software is accomplished by loading a secure code from an external memory at startup time and authenticating the program code using an authentication key. Access to full hardware and software functionality may be obtained upon authentication of the secure code. However, if the authentication of the secure code fails, an unsecure code that provides limited functionality to hardware and software resources is executed.

Abstract: A security system includes an appliance to be secured, including a processor and a first wireless transceiver for accessing a data network with a first power requirement; and a second wireless transceiver receiving power to operate even if the appliance is off, hibernates or sleeps, the second wireless transceiver operating at a second power requirement lower than the first power requirement, the second wireless transceiver communicating a signal indicating a security status of the appliance.

Abstract: Methods, systems, apparatuses and program products for providing for communications within a computing environment that provides for execution isolation, especially a DXE (Driver Execution Environment) phase of a PC (personal computer) startup process. Provision is made for blocking of server threads awaiting service requests and blocking client thread awaiting server responses, together with marshalling formal parameter descriptions and service request/response arguments across disparate execution contexts that disallow simple data redirection between them.

Abstract: A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

Abstract: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.