Abstract: A method and a non-volatile memory apparatus for cloning prevention is provided. The non-volatile memory apparatus includes an Enhanced Media Identification (EMID) area, which is located in a specific area of the non-volatile memory, and stores an EMID for identifying the non-volatile memory; and an EMID encoder for modifying the EMID by a preset operation in conjunction with an arbitrary value.

Abstract: Authentication and association of hardware and software is accomplished by loading a secure code from an external memory at startup time and authenticating the program code using an authentication key. Access to full hardware and software functionality may be obtained upon authentication of the secure code. However, if the authentication of the secure code fails, an unsecure code that provides limited functionality to hardware and software resources is executed.

Abstract: A security system includes an appliance to be secured, including a processor and a first wireless transceiver for accessing a data network with a first power requirement; and a second wireless transceiver receiving power to operate even if the appliance is off, hibernates or sleeps, the second wireless transceiver operating at a second power requirement lower than the first power requirement, the second wireless transceiver communicating a signal indicating a security status of the appliance.

Abstract: Methods, systems, apparatuses and program products for providing for communications within a computing environment that provides for execution isolation, especially a DXE (Driver Execution Environment) phase of a PC (personal computer) startup process. Provision is made for blocking of server threads awaiting service requests and blocking client thread awaiting server responses, together with marshalling formal parameter descriptions and service request/response arguments across disparate execution contexts that disallow simple data redirection between them.

Abstract: A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

Abstract: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.

Abstract: A two-stage storage security system comprising an address translator and a cryptographic engine for a mobile computing platform is provided. In response to a write operation, the address translator receives unencrypted data blocks, from an initiator, and associates the blocks with corresponding scrambled data storage addresses. The cryptographic engine encrypts the unencrypted data blocks to be stored on the platform storage component at the corresponding scrambled data storage addresses. The address translator applies a predetermined reversible translation function to reversibly remap addresses, and the cryptographic engine applies a predetermined cryptographic technique to encrypt and decrypt the data blocks. In a read operation, encrypted data blocks retrieved from the storage component are decrypted and restored to an original logical order. Decryption of storage component data is allowed when storage component is coupled to the corresponding platform.

Abstract: When unauthorized use of a device is suspected, a recharging mechanism (e.g., recharge-circuit) of the device is disabled in order to guard against extended unauthorized use of the device. The recharging mechanism normally recharges the rechargeable-power-supply that powers the device. Consequently, normal use and enjoyment of the device can be significantly reduced by disabling the rechager. Moreover, for devices that are mainly powered by a rechargeable-power-supply (e.g., music-players, phones, Personal Digital Assistants), disabling the recharger effectively renders the device inoperable when the power of the main power-supply has run out. As such, disabling the recharger should serve as a deterrent to theft.

Abstract: A method and system for binding a device to a planar is disclosed. According to the preferred embodiment of the method and system of the present invention, a programmable memory chip is provided on the planar and the device is detachably attached to the planar. The method and system further includes using the programmable memory chip to bind the device to the planar. Through the aspects of the present invention, the programmable memory chip transmits a message associated with the planar to the device, which is programmed to receive the message associated with the planar. If the message received by the device is not the message associated with the planar, the device is disabled.

Abstract: Execution context isolation during the DXE phase of computer start-up. Provision is made for referencing and dereferencing execution contexts and thereby providing execution isolation across contexts. In response to invoking a BIOS kernel function during a Driver Execution Environment (DXE) phase of a boot-up of the computer, the BIOS kernel associates a first processor context with the sequence of instructions, determines that scheduling the sequence of instructions requires a switch from a second processor context to the first processor context, performs a context switch action, during the DXE phase of the boot-up of the computer, to switch from the second processor context to the first processor context.

Abstract: A method and system for authenticating a partner service provider and a primary service provider includes a network and, a partner service provider generating a request for a first encrypted token from a partner service provider and communicating the request to the network. An authentication web service receives the request for the first encrypted token from the network and generates the first encrypted token. The partner service provider generates a request for data with the first encrypted token and communicates the request for data to the network. A data web service receives the request for data and communicates the request for data from the data web service to the authentication web service. The authentication web service validates the request for data and communicates a validation result to the data web service. The data web service communicates data to the partner service provider from the data web service after validating.

Abstract: A system and method for securing and tracking an electronic device. The system includes hardware, software and firmware components that cooperate to allow tracking, disabling, and other interaction with the stolen electronic device. The system includes an application component, non-viewable component and Basic Input/Output Subsystem (BIOS) component that are present on the electronic device. The BIOS component maintains the secured environment of the application and non-viewable components. If only the application component was provided, a simple low level format of the hard disk drive would remove the application and bypass the security features. The system implements an “application and BIOS” based solution to electronic device security.

Abstract: A method and circuit for implementing security protection with carbon nanotube based sensors for cryptographic applications, and a design structure on which the subject circuit resides are provided. A carbon nanotube layer is incorporated with a polymeric encapsulation layer of a security card. Electrical connections to the carbon nanotube layer are provided for electrical monitoring of electrical resistance of the carbon nanotube layer.

Abstract: Methods, systems, and computer program products for protecting information on a user interface based on a viewability of the information are disclosed. According to one method, a viewing position of a person other than a user with respect to information on a user interface is identified. An information viewability threshold is determined based on the information on the user interface. Further, an action associated with the user interface is performed based on the identified viewing position and the determined information viewability threshold.

Abstract: A security device of this invention includes a nonvolatile storage unit 22 for storing a validity check unit including a counter updated every time signature function means 30 is called up, a volatile storage unit 24 for reading and storing a counter array out of an external nonvolatile storage unit storing the counter array, in which the counter array is obtained by coupling a hash value generated for each signature key with a signature number counter for counting the number of signatures performed by use of the signature key, and a hash function unit 28 for reading the counter array out of the volatile storage unit 24, generating the hash value, and transferring the hash value to the validity check unit for a validity check.

Abstract: A protection method is used in a portable communication device. The protection method comprises the steps of generating a specific command, and storing the specific command into the portable communication device; the portable communication device waiting and receiving a message; determining whether the message received by the portable communication device comprises the specific command; and performing a protection mechanism for protecting the important information contained in the portable communication device when the message comprises the specific command.

Abstract: If the temperature of a secure device falls below a second temperature, then sensitive information is automatically erased from a secure memory. To allow the secure device to operate in very cold ambient temperatures that are below the second temperature, a novel heater circuit is provided. If the temperature of the secure device drops below a first temperature, then the heater heats the secure processor. If AC power is lost, such as in a power outage, energy for the heater is provided by a secure battery, otherwise the heater is powered from an external source. The heater barely provides enough heat to keep the temperature of the secure processor at the first temperature under normal heat transfer conditions. If an attacker withdraws heat from the circuit unusually rapidly, then the temperature of the secure processor will fall to the second temperature causing a tamper detect and secure memory erasure.

Abstract: Code of a software product is delivered by embodying, on a computer-readable storage medium, installation code for installing the software product code on a computer and DRM code for permitting the installation only if a predetermined condition is satisfied. If the condition is violated, the installation code is erased and that part of the storage medium then is available for general use.

Abstract: A system, method and program product for defending against man in the middle (MITM) attacks directed at a target server. A system is provided that includes an activity recording system that records an incoming IP address, userid, and time of each session occurring with the target server; an activity analysis system that identifies suspect IP addresses by determining if an unacceptable number of sessions are occurring from a single incoming IP address during a predefined time period; and a countermeasure system for taking action against suspect IP addresses.

Abstract: System and method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation. The system comprises an isolated switch, included fully or partially within an envelope of the personal device. The isolated switch cannot be affected in its operation by either the device core or the peripheral device. The switch may be operated by an authorized user of the personal device either preemptively or in response to a detected threat. In some embodiments, the isolated switch includes an isolated controller which can send one or more signals to the peripheral device and/or part of peripheral device. In some embodiments, the isolated switch includes an isolated internal component and an isolated external component, both required to work together to trigger the isolated switch operation. In some embodiments, the isolated switch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device.

Abstract: Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported.

Abstract: A secure audio peripheral device, coupled to a computer, capable of enabling a user to use audio devices such as a microphone, speakers or headset when the device is in operational state, while giving to the user a clear visual indication that the audio devices are enabled. The device simultaneously disables the microphone; and turns off the visual indication when the device is in secure state. The operational state is activated by the user by pressing a momentary push-button switch. A timer resets the device to a secure state after a short preset time. The device has anti-tempering functionality and becomes permanently disabled if tempered with. Optionally the device is coupled to the computer via a USB port that powers a USB CODEC chip and a LED used as the visual indicator.

Abstract: Systems and methods for implementing security mechanisms in integrated devices and related structures. This method can include validating a device ID, generating a random value based on selected seed parameters, performing logic operations from hardware using the random value, and validating the integrated device based on logic operations from software using the random value. The system can include executable instructions for performing the method in a computing system. Various embodiments of the present invention represent several implementations of a security mechanism for integrated devices. These implementations provide several levels of encryption or protection of integrated devices, which can be tailored depending on the hardware and/or software requirements of specific applications.

Abstract: A system and method provide for integrating a Basic Input/Output System (BIOS) Read-Only-Memory (ROM) image. A method includes but is not limited to opening a BIOS modification application; opening a target BIOS binary image within the BIOS modification application; and adding an electronic security and tracking system and method (ESTSM) ROM image to the target BIOS binary image.

Abstract: The present invention relates to an information management system, and in particular to a portable information management device. The device includes a housing having a first surface and a second surface, said first and second surfaces securely enclosing electronic componentry of the device, wherein the electronic componentry includes: a data storage device for storing information about a person or asset; and a processor for transferring the information from the data storage device to an external device via a communication means, wherein the communication means includes: an antenna to allow contactless transfer of the information; and an input/output interface to allow transfer of the information via physical means.

Abstract: An approach is provided for providing backend support for device control in risk conditions. A device control support platform determines one or more computational chains consisting of one or more computation closures for managing one or more risk conditions associated with at least one device. The device control support platform further causes a projection, a distribution, or a combination thereof of the one or more computational chains, the one or more computation closures, or a combination thereof to one or more other devices. The device control support platform also causes an execution of at least a portion of the one or more computational chains, the one or more computational closures, or a combination thereof to cause an initiation of at least one computational broker at the at least one device for managing the one or more risk condition.

Abstract: A mobile terminal includes: a tamper-detection circuit (17), an information processor (13) that is capable of executing a suspend function, a first battery (23) supplying power to the information processor (13) and the tamper-detection circuit (17), and a switch (27) that is provided on a power-source supply line (431) that connects the first battery (23) and the information processor (13) and the switch that is capable of switching between a state in which information processor (13) is connected to first battery (23) and a state in which information processor (13) is not connected to first battery (23).

Abstract: A system and method for securing and tracking an electronic device. The system includes hardware, software and firmware components that cooperate to allow tracking, disabling, and other interaction with the stolen electronic device. The system includes an application component, non-viewable component and Basic Input/Output Subsystem (BIOS) component that are present on the electronic device. The BIOS component maintains the secured environment of the application and non-viewable components. If only the application component was provided, a simple low level format of the hard disk drive would remove the application and bypass the security features. The system implements an “application and BIOS” based solution to electronic device security.

Abstract: A method and apparatus for identifying an object include encoding physical attributes of an object where the encoded information is utilized as at least one element for composing a digital watermark for the object. In another embodiment the physical attributes of the object are utilized as a key for accessing information included in a digital watermark for the object.

Abstract: Methods and systems for generating a circuit identification number include determining a propagation time delay across a scan chain of known length; comparing the propagation time delay to a threshold associated with the scan chain length; storing an identifier bit based on the result of the comparison; repeating the steps of determining, comparing, and storing until a number of stored identifier bits reaches a threshold number; and outputting the stored identifier bits.

Abstract: A method and system for protecting a printed circuit board (PCB) from tampering positions a physical sensor proximal to the PCB. An initialization period is established and an output signal from the sensor is continuously monitored to establish threshold parameter data. Periodically, the sensor is polled and an output signal received which is compared to the threshold parameter data. A detected intrusion signal is generated if the received signal exceeds the threshold by a predetermined level. A detected intrusion is validated using a sent of validation rules which analyze the detected intrusion based on historical sensor output values and factors such as duration or frequency of intrusion detections. If the detected intrusion is validated, a validated signal is generated which triggers a reset processor to output a reset signal that causes erasure of at least a portion of onboard memory.

Abstract: A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.

Abstract: An electronic card is disclosed including circuits of the protected zone include at least one control circuit. The electronic card further includes another zone defining a non-protected environment; the circuits of this zone do not need to comply with the distance constraint. The communication between the circuits of the protected zone and the non-protected environment is carried out by a communication circuit allowing or not allowing the electrical signals to pass. The passage of the electrical signals in the communication circuit is conditioned by an electrical control signal sent by the control circuit. Also disclosed is a method allowing the control circuit to be blocked if the electrical status of the signal controlling the passage of the signals does not correspond to the status imposed by the control circuit.

Abstract: A system and method for enhancing spam avoidance efficiency by automatically identifying a phishing website without human intervention. The system receives a stream of suspect Internet urls for potential phishing websites and uses a comparison strategy to determine whether the potential phishing website has already be labeled as a bonefid phishing website. A comparison system is utilized in which similarity data is calculated on various elements of the potential phishing website and then compared to similarity data of known phishing websites. Various types of similarity measure methodologies are potentially incorporated and a similarity threshold value can be varied in order to respond to phishing threats.

Abstract: A system and method is disclosed for placing an electronic apparatus into a protected state in response to environmental data. The method discloses: receiving a set of environmental data applicable to an electronic apparatus; generating an environmental status applicable to the electronic apparatus based-on the environmental data; and placing the electronic apparatus into a protected state based-on the environmental status. The system discloses an environment characterization module which receives a set of environmental data applicable to an electronic apparatus, and generates an environmental status applicable to the electronic apparatus based-on the environmental data; and an apparatus protection module which places the electronic apparatus into a protected state based-on the environmental status.

Abstract: A scan chain security capability is provided herein. The scan chain security capability enables secure control over normal use of a scan chain of a system, e.g., for purposes such as testing prior to deployment or sale of the system, in-field testing after deployment or sale of the system, in-field modification of the system, and the like. The scan chain security capability enables secure control over normal use of a scan chain by enabling control over interruption of a scan chain and re-establishment of an interrupted scan chain. A scan chain security component is configured for removing an open-circuit condition from the scan chain in response to a control signal. The control signal may be generated in response to validation of a security key, in response to successful completion of a challenge-based authentication process, or in response to any other suitable validation or authentication.

Abstract: The present invention provides an information processing apparatus capable of dynamically changing a security level according to significance of overall data saved in a terminal. A portable telephone terminal 100 includes a lock function to inhibit (allow) use of predetermined functions (part of or all of the functions) of the terminal when a lock-in condition (an unlock condition) is satisfied. The terminal 100 includes a secret level evaluating section 16 for calculating a secret level of the overall apparatus on the basis of scores set respectively to saved data items and a lock-in condition setting section 15 for making, in response to the secret level, the lock-in condition (unlock condition) more mitigated or more severe. Due to the configuration, for example, when significant data is received, the secret level of the overall terminal increases and the lock-in condition (unlock condition) is made more mitigated (more severe).

Abstract: An apparatus and method are disclosed for variable authentication requirements. The apparatus includes an operating status module identifying a change in an operating status of a device and maintaining a history of operating statuses, and an access control module comparing a current operating status with a previous operating status. The apparatus also includes a profile module maintaining a trust indicator for each operating status. The access control module determines a level of authentication required to unlock the device in response to the trust indicator associated with the current operating status. The method includes identifying a change in an operating status of a device and maintaining a history of operating statuses, and comparing a current operating status with a previous operating status.

Abstract: A wireless communications validation system comprises a validation module configured to determine an identity of an antenna disposed in a computer system and an identity of a wireless module disposed in the computer system, the validation module configured to validate permissible combination of the antenna with the wireless module.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: A method and circuit for implementing data theft prevention, and a design structure on which the subject circuit resides are provided. A polymeric resin containing microcapsules surrounds a security card. Each microcapsule contains a conductive material. The conductive material of the microcapsule provides shorting on the security card responsive to the polymer resin and the microcapsule being breached, and a data theft prevention function using the shorting by the conductive material to prevent data theft.

Abstract: A system for implementing a chip lockout protection scheme for an IC device includes an on-chip password register that stores a password externally input by a user; an on-chip security block that generates a chip unlock signal, depending on whether the externally input password matches a correct password; an on-chip false data generator; an input protection scheme configured to gate the external data inputs to functional chip circuitry upon entry of the correct password; and an output protection scheme in communication configured to steer true chip data to external outputs of the IC device upon entry of the correct password, and to steer false data generated by the false data generator to the external outputs upon entry of an incorrect password. The false generated by the false data generator is deterministic and based upon external data inputs, thereby obfuscating whether or not the correct password has been entered.

Abstract: There is provided a program for making a computer perform a first procedure for verifying whether an platform guaranteeing that device identification data for identifying a communication device cannot be rewritten by the user is provided in the communication device, a second procedure for verifying whether the device identification data included in a registration request received from the communication device is not yet registered, and a third procedure for registering the device identification data included in the registration request and issuing user identification data to the user when the program determines in the first procedure that the platform is provided and determines in the second procedure that the device identification data is not yet registered.

Abstract: Various embodiments disclosed herein are directed to gaming devices having a secured basic input/output system (BIOS) and methods for determining the validity of the gaming device's BIOS. According to one embodiment, the gaming device includes a secured module for authenticating the BIOS of the gaming device. During the boot-up process, the secured module selects a challenge from a plurality of challenges, and the selected challenge is issued to the BIOS. The BIOS generates a response to the challenge, and the secured module determines whether the BIOS response matches the calculated response of the secured module. If the BIOS response matches the secured module response, the gaming device continues the boot process. Otherwise, the boot process is halted by the gaming device.

Abstract: A digital right management method, including: encrypting, by a first user equipment which has access right to shared digital contents, a key of the digital contents with at least an equipment key of a second user equipment intended to share the digital contents to generate a ciphertext of the key of the digital contents; generating, by the first user equipment, from the ciphertext a new authorization certificate corresponding to the digital contents; and transmitting, by the first user equipment, the new authorization certificate and the digital contents to the second user equipment to instruct the second user equipment to share the digital contents in accordance with the new authorization certificate.

Abstract: A method in a portable data carrier for safeguarding the data carrier against external attacks on the data carrier, wherein at least one counter is employed in the data carrier. A specified command is safeguarded such that it is executed by the data carrier only when the at least one counter lies in a specified values range. The at least one counter is decremented before an execution of the command and incremented only when the command has been executed without interruption. The at least one counter here is settable multiple times, in particular even after the issuance of the data carrier to a user.

Abstract: A method and apparatus are disclosed herein for paper-based document logging. In one embodiment, the method comprises scanning bits of a document, generating a cryptographic hash, converting the cryptographic hash into a machine readable code, and rewriting the document with the code contained thereon.

Abstract: A method of controlling access to computing resources, comprising providing a first computing device with access to a database containing data indicative of computing resources access to which is controlled by the first computing device and a minimum security capability that a second computing device must possess to access the respective resources, assigning the second computing device a security capability, providing the second computing device with data indicative of the security capability, configuring the first computing device to respond to data indicative of the security capability and data indicative of a desired access from the second computing device by ascertaining the minimum required security capability corresponding to the desired access and by comparing the minimum required security capability with the security capability of the second computing device, and providing the desired access if the security capability of the second computing device meets the minimum security capability for the desired

Abstract: An enhanced encryption keypad (100) capable of preventing illegal disassembly for an automated teller machine comprises a key panel (101) and a main control board (102). A removal detection protection circuit is disposed inside a main chip of the main control board (102), and at least one pin of the removal detection protection circuit is guided out from a surface (1021) of a side of the main control board (102) near the key panel to form a removal detection point (1022). The removal detection point (1022) has two opened signal contact points. The two opened signal contact points are conducted by a conductive adhesive (103) to activate the removal detection protection circuit. A conductive protection ring (1023) isolated from the removal detection point is disposed at the periphery of the removal detection point. The conductive protection ring (1023) is connected to the removal detection protection circuit inside the main control chip.

Abstract: In one or more implementations, a computing device may receive information from a matrix code reader that scans multiple matrix codes, each displayed by one of multiple devices. The computing device may determine whether or not the devices are being fraudulently utilized, such as whether the devices are in the same location. Additionally, in some implementations, a computing device may receive a service request from a matrix code reader that includes an associated telephone number. The computing device may extract the number and may handle the service request based on the number. Moreover, in various implementations, a computing device may receive information from a matrix code reader that scans a displayed matrix code. The information may include an electronic signature that is included in the matrix code by the device. After receiving the information, the computing device may analyze the information to determine that the electronic signature is valid.