УСТРОЙСТВО ЗАЩИТЫ ОТ ВОРОВСТВА

Изобретение относится к компьютерной технике. Использование: для защиты от воровства компьютеров и (или) компьютерных компонент, и другой электронной аппаратуры, применяющей процессоры, такой как компоненты запоминающих устройств, жесткие диски, сменные платы и процессоры, позволяет получить технический результат в виде значительного затруднения несанкционированного использования украденных компьютеров или их частей. Этот результат достигается благодаря тому, что устройство содержит блокирующую схему, которая интегрируется с защищаемым компонентом, содержащую запоминающее устройство для запоминания идентифицирующего кода (ИК) для каждой блокирующей схемы, и тем, что каждая блокирующая схема содержит оконечную аппаратуру связи для ввода ключевого кода в блокирующую схему и компаратор для сравнения этого вводимого ключевого кода с ИК блокирующей схемы, при этом блокирующая схема выполнена с возможностью блокирования компонента для дальнейшего использования в случае неправильного ключевого ...

Systeme und Vorrichtungen zur Authentifizierung in einer Analytüberwachungsumgebung

In-vivo-Analyt-Überwachungssystem (100), das eine Lesevorrichtung (120) und eine Sensorkontrollvorrichtung (102) umfasst; wobei die Sensorkontrollvorrichtung (102) einen Sensor (104) und eine Analytüberwachungsschaltung (110) umfasst, und der Sensor (104) dazu eingerichtet ist, in den Körper eines Benutzers eingeführt zu werden; wobei die Lesevorrichtung (120) ausgebildet ist: - eine Identifikationsanforderung (302) über einen lokalen drahtlosen Kommunikationspfad (140) an die Sensorkontrollvorrichtung (102) zu senden; - als Reaktion auf die Identifikationsanforderung (302) von der Sensorkontrollvorrischtung (302) über den lokalen drahtlosen Kommunikationsweg (140) eine Kennung (304) und einen Token (402) zu empfangen; - die Sensorkontrollvorrichtung (102) zu authentifizieren basierend auf der Kennung (304) und dem Token (402), die von der Sensorkontrollvorrichtung (102) erhalten wurden; und - wenn die Sensorkontrollvorrichtung (102) authentifiziert ist, erfasste Analytdaten von der Sensorkontrollvorrichtung ...

Device attestation techniques

A method for providing an attestation for enabling a device to attest to an assertion concerning the device where an assertion may be that certain event has occurred in the manufacturing of the device such as certain quality assurance steps or certain software being provisioned on the device. Generating an attestation identifier and a base-secret code corresponding to the attestation identifier and providing the attestation identifier and a validation-secret code to a validation apparatus for storage in conjunction with the assertion. Where the validation-secret code is based on the base-secret code, where the base-secret code may be hashed to produce the validation-secret code. Providing the attestation identifier and a device-secret code to a manufacturer or adapter for provision to a device, wherein the device-secret code is based on the base-secret code. The device-secret code may be the same as the base-secret code.

Generation of a unique identifier for a hardware computer apparatus

ANTI-THEFT PROTECTION

PROCEDURE, SERVER AND MOBILE COMMUNICATION DEVICE FOR THE ADMINISTRATION OF CLEAR MEMORY DEVICE IDENTIFICATIONS

SAFETY MODULE AND PROCEDURE FOR THE INDIVIDUAL ADJUSTMENT OF A SUCH MODULE

METHOD AND SYSTEM FOR PERFORMING A TRANSACTION AND FOR PERFORMING A VERIFICATION OF LEGITIMATE ACCESS TO, OR USE OF DIGITAL DATA

A method for performing an electronic transaction is disclosed. The method provides authentication data and authentication software to an electronic device and preferably stored in a secure storage location or other location inaccessible to the user or the operating system of the device. When digital data is requested from a transaction party that requests a digital signature, the authentication software is activated to generate said digital signature from the authentication data. Next, the digital signature is provided to the other transaction party, which then provides the requested digital data. The digital signature may be embedded in the requested and provided digital data. Further, a method for performing a verification of legitimate use of digital data is disclosed. Digital data digitally signed according to the present invention may only be accessed if the embedded digital signature is identical to a regenerated digital signature that is regenerated by the authentication software ...

INTEGRATED SILICON CIRCUIT COMPRISING A PHYSICALLY NON-REPRODUCIBLE FUNCTION, AND METHOD AND SYSTEM FOR TESTING SUCH A CIRCUIT

The invention relates to an integrated silicon circuit that comprises a physically non-reproducible LPUF function enabling the generation of a signature specific to said circuit. Said function comprises a ring oscillator consisting of a loop (502) through which a signal e flows, said loop consisting of N topologically identical delay channels (500, 501), connected to each other in series and an inversion gate (503), wherein a delay channel (500, 501) consists of M lag elements (506, 507) connected to each other in series. The function also comprises a control module (505) that generates N control words (C1, C2), said words being used for configuring the value of the lag inserted by the delay channels on the signal e flowing therethrough. A measuring module (504) measures the signal frequency at the output of the last delay channel (501) after updating the control words, and means for deriving the measurements of the frequencies of the bits forming the circuit signature. The invention also ...

A DEVICE FINGERPRINT EXTRACTION METHOD BASED ON SMART PHONE SENSOR

METHOD FOR DETERMINING IDENTIFICATION OF AN ELECTRONIC DEVICE

A utility to determine identity of an electronic device electronically, by running a device attribute collection application that collects key data points of the electronic devices and a device identification application that uses these key data points to link the electronic device to a specific owner or entity. Data points of the device may change over time for reasons such as reconfiguration, repair or normal daily use. The device identification application intelligently and consistently tracks changes in key data points associated with the device, even if the data points change over its lifecycle. The device may be identified remotely with the device identification application (e.g., in the event of theft or loss of the device) based on the collected data points. The device identification application may be deployed in conjunction with services that may include asset tracking, asset recovery, data delete, software deployment, etc.

DEVICE FOR INVERTING WITH THE NOTES AND/OR COINS AND METHODS FOR INITIALIZATION AND OPERATION OF SUCH A DEVICE

Physical unclonable function (PUF) circuit based on threshold voltage reference

Environment-aware security tokens

Identity verification method, consumable box and storage medium

Encryption method and apparatus as well as kernel encryption data operation method and apparatus

Secure remote modification of device credentials using device-generated credentials

EXTRACTION Of a DATA DEPRIVED FOR AUTHENTIFICATION Of an INTEGRATED CIRCUIT

L'invention concerne un procédé et un circuit d'extraction d'une donnée secrète (s) dans un circuit intégré participant à une procédure d'authentification au moyen d'un dispositif externe tenant compte de cette donnée secrète, la donnée secrète étant générée sur demande et rendue éphémère.

PROCEEDED OF FLEXIBLE MANAGEMENT Of ACTIVITIES MULTIPLE EXECUTEES ON DESPLATEFORMES PARTITIONNABLES Of a SYSTEM HAS MULTIPLE PROCESSORS

La présente invention concerne un procédé et un système de gestion flexible d'activités multiples exécutées sur au moins un périmètre (P1, P2, P3) de ressources informatiques matérielles configuré sur au moins une plate-forme informatique multicellulaire (4A, 4B) d'un système (2) à processeurs multiples, caractérisé en ce qu'un outil (9) d'administration du système (2) réalise les étapes suivantes : - identification d'une activité en cours d'initialisation sur un périmètre du système (2), grâce à un numéro de série étendu attribué à l'activité, - authentification d'un numéro de série d'un sous-système (4A) sur lequel l'exécution de l'activité est autorisée, - vérification des numéros de séries étendus des activités en cours d'exécution sur les différents sous-systèmes (4A, 4B) constitutifs du système (2), - enregistrement du numéro de série étendu, en tant que licence d'activité, dans des mémoires de travail des ressources informatiques matérielles du sous-système (4A, 4B) dans lequel est ...

집적 회로를 위한 보안 키 도출 및 암호화 로직

... 일 양상의 프로세서는 루트 키를 생성하기 위한 루트 키 생성 로직을 포함한다. 루트 키 생성 로직은 정적 및 엔트로피 비트들의 소스를 포함한다. 프로세서는 또한 루트 키 생성 로직과 결합된 키 도출 로직을 포함한다. 키 도출 로직은 루트 키로부터 하나 이상의 키를 도출하기 위한 것이다. 프로세서는 또한 상기 루트 키 생성 로직과 결합된 암호화 프리미티브 로직을 포함한다. 암호화 프리미티브 로직은 암호화 연산을 수행하기 위한 것이다. 프로세서는 또한 루트 키 생성 로직, 키 도출 로직 및 암호화 프리미티브 로직을 포함하는 보안 경계를 포함한다. 다른 프로세서, 방법 및 시스템이 또한 개시된다.

APPARATUS AND METHOD FOR GENERATING DIGITAL VALUE USING PROCESS VARIATION

método para detectar um risco de substituição de um terminal, dispositivo, programa e meio de gravação correspondentes

Physical unclonable function generator

Disclosed is a physical unclonable function generator. In one embodiment, a physical unclonable function (PUF) generator, includes: a PUF cell array comprising a plurality of bit cells configured in at least one column and at least one row, wherein the plurality of bit cells each provides two voltage transient behaviors on two corresponding bit lines of the at least one column; and at least two load control circuits coupled to the two bit lines of the at least one corresponding column, wherein the at least two load control circuits are each configured to provide at least one discharge pathway to at least one of the two corresponding bit lines, wherein the at least one discharge pathway is configured to change at least one of the two voltage transient behaviors so as to determine stability of each of the plurality of bit cells of the PUF cell array.

ID-krets för elektronisk apparatur

METHOD AND APPARATUS FOR DETECTION AND IDENTIFICATION OF COUNTERFEIT AND SUBSTANDARD ELECTRONICS

An apparatus for detecting a condition or authenticity of one or more electronic devices includes an enclosure having an antenna integrated therewithin; a fixture mounted within a hollow interior of the enclosure, the fixture being configured to receive the one or more electronic devices and connect one or more signals to each of the one or more electronic devices; and a sensor and controller assembly connected to the antenna and configured to process a signature of an emission of a radiofrequency (RF) energy from of one or more electronic devices having the one or more signals connected thereto.

ADMINISTRATOR'S PASSWORD RESETTING

An example image forming device includes an input device to receive authentication information input from predefined users, a memory, and a processor to execute an administrator password resetting mode in a case where the authentication information is input from t (where t = a natural number) or more of the predefined users through the input device, change an existing administrator password to a reset administrator password, and store the reset administrator password in the memory.

SYSTEM FOR PROVIDING SOLUTION FOR PERMANENT DELETION AND DESTRUCTION OF STORAGE DEVICE DATA

The present invention relates to a storage device removal system, which monitors all processes from collection to removal of a storage device through a management server, thereby preventing data leakage. The storage device removal system comprises: a storage device recognition unit; a storage device reception unit; a storage device carriage unit; a data deletion unit; a storage device destruction unit; and a management server for receiving a serial number obtained by the storage device recognition unit and receiving location information of a first GPS chip from the storage device reception unit, wherein the management server receives a permanent data deletion completion signal from the data deletion unit, and generates a storage device data removal completion report upon receiving a storage device destruction completion signal from the storage device destruction unit, and the storage device data removal completion report includes the serial number and the location information of the first ...

ENCRYPTION METHOD FOR STORAGE DEVICE, AND STORAGE DEVICE

Provided by the present invention are an encryption method for a storage device, and a storage device, the method comprising: before leaving the factory, writing a unique serial number in a storage module, and writing the same unique serial number in an OTP of a main control unit that matches the storage module; after power on, the main control unit detecting whether a data reading request is received; if so, the main control unit loading a system code in the storage module according to the data reading request so as to acquire the unique serial number, and comparing the unique serial number in the acquired system code to the unique serial number stored in the OTP; and, if the unique serial number in the acquired system code is not consistent with the unique serial number stored in the OTP, the main control unit misplacing a random seed of corresponding storage data; the described method may effectively improve the confidentiality of a storage device.

SECURITY MANAGEMENT FOR UNAUTHORIZED REQUESTS IN COMMUNICATION SYSTEM WITH SERVICE-BASED ARCHITECTURE

In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first network element operatively coupled to a second network element of the second network, the first network element sends a first message to the second network element in accordance with a transport layer security procedure, wherein the first message comprises hardware-specific location information identifying the first network element. The first network element receives a second message from the second network element, wherein the second message comprises hardware-specific location information identifying the second network element. The first network element combines the hardware-specific location information of the first message with the hardware- specific location information of the second message to form an identifier.

INTEGRATED CIRCUIT WITH PARTS ACTIVATED BASED ON INTRINSIC FEATURES

A fixed logic integrated circuit is disclosed. The integrated circuit comprises a unique code generator (3) configured to generate a code (4) having a value which is intrinsically unique to the integrated circuit, an enrolment pattern generator (5) configured to generate an enrolment pattern (6) based on the unique code (4). The integrated circuit is configured to transmit the enrolment pattern (6) to an external enrolment device (2) and to receive enabling data (7) from the external enrolment device. Optionally, the integrated circuit may include memory (8) for storing remotely- generated enabling data (7). The integrated circuit comprises a configuration file generator (9) configured to generate configuration data (10) using the remotely- generated enabling data (7) and the unique code (4), and a feature activation module (11) configured to activate and/or disable features (13) of the integrated circuit and/or customise the integrated circuit in dependence upon the configuration data ...

Printer encryption

Examples associated with printer encryption are described. One example printer includes a data store to store a one-time pad. An encryption module may encrypt a message using the one-time pad. The encryption module also transmits the encrypted message to a trusted device that stores a copy of the one-time pad. A decryption module uses the one-time pad to decrypt a received message form the trusted device. The decryption module also controls the printer to perform an action based on the received message. A refresh module replaces the one-time pad during a service event.

Device programming with system generation

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.

Secure service request processing methods and apparatuses

Disclosed herein are methods, systems, and media for processing service requests. One of the methods includes: receiving, from a client application and by a trusted application, a first service request for executing a first service by the trusted application, wherein the first service request comprises a first expression and an input parameter of the first expression, and the first expression specifies a plurality of target interfaces related to the first service and a sequence of the plurality of target interfaces; executing, by the trusted application and based on the input parameter, the plurality of target interfaces according to the sequence to obtain a target execution result; and returning, by the trusted application to the client application, the target execution result responsive to the first service request.

DEVICE PROGRAMMING WITH SYSTEM GENERATION

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.

Security techniques based on memory timing characteristics

Techniques are disclosed for obtaining data using memory timing characteristics. In some embodiments, a physical unclonable function is used to obtain the data. In various embodiments, a computer system programs a timing parameter of a memory accessible by the computer system to a value that is outside of a specified operable range for the timing parameter. In various embodiments, the computer system performs one or more memory operations to a least a portion of the memory and detects a pattern of errors in the portion of the memory. In some embodiments, the computer system generates a response dependent on the pattern of errors. The response may be used to identify the computer system.

Information recording device

A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key and the medium device key certificate to establish the secure channel.

Reliable physical unclonable function for device authentication

A device having a physical unclonable function includes an integrated circuit and a phase change memory embedded in the integrated circuit and including a plurality of cells, where the phase change memory is set in a manner that creates a phase variation over the plurality of cells, and where the phase variation comprises the physical unclonable function. In another embodiment, a device having a physical unclonable function includes a phase change memory embedded in the device and comprising a plurality of cells, where the phase change memory is set in a manner that creates a phase variation over the plurality of cells, and where the phase variation comprises the physical unclonable function, and a measurement circuit for extracting the physical unclonable function from the phase change memory.

Non-volatile memory for anti-cloning and authentication method for the same

A method and a non-volatile memory apparatus for cloning prevention is provided. The non-volatile memory apparatus includes an Enhanced Media Identification (EMID) area, which is located in a specific area of the non-volatile memory, and stores an identification for identifying the non-volatile memory; and an EMID encoder for modifying the identification by a preset operation in conjunction with an arbitrary value, wherein the EMID area includes a first area in which reading by an external device is prevented, and a second area in which reading from the non-volatile memory by the external device is permitted in response to a read command.

ROOM MIRROR REMOVAL MONITORING DEVICE WITH ELECTRONIC TOLL COLLECTION FUNCTION

Provided is a room mirror removal monitoring device with an electronic toll collection (ETC) function. The room mirror removal monitoring device includes a room mirror holder to which a room mirror having the ETC function is fixed and in which an insertion recess is formed toward windshield glass, a removal switch inserted into the insertion recess, a mirror base inserted into a region that does not overlap with the removal switch in the insertion recess and fixed to the windshield glass, and a monitoring part configured to monitor a removal state of the room mirror having the ETC function.

Method and apparatus for device state based encryption key

An apparatus and a method for encrypting and decrypting data in a device are provided. The apparatus includes a processor and a memory. The processor is configured to transmit a data command from an application to an encryption driver that executes in a kernel space, determine if the application is authenticated to perform the data command based on an access policy, transmit, when the application is authenticated, a first key to a cryptographic library that executes in an application space, and perform the data command based on the first key after receiving a response via the cryptographic library. The first key is stored in an encryption driver in the kernel space and is not available to applications in the application space.

Method for authenticating a storage device, machine-readable storage medium, and host device

A method for authentication, by a host device, of a storage device having a plurality of unit storage areas comprises acquiring information on the distribution of locations of defect referenceive areas to be used for uniquely identifying the storage device, sampling the unit storage areas of the storage device, identifying the distribution of locations of physically defective areas among the sampled areas, determining the similarity between the acquired distribution of locations and the identified distribution of location, and authenticating the storage device according to the result of the determination.

TECHNOLOGIES FOR DIVIDING WORK ACROSS ACCELERATOR DEVICES

Technologies for dividing work across one or more accelerator devices include a compute device. The compute device is to determine a configuration of each of multiple accelerator devices of the compute device, receive a job to be accelerated from a requester device remote from the compute device, and divide the job into multiple tasks for a parallelization of the multiple tasks among the one or more accelerator devices, as a function of a job analysis of the job and the configuration of each accelerator device. The compute engine is further to schedule the tasks to the one or more accelerator devices based on the job analysis and execute the tasks on the one or more accelerator devices for the parallelization of the multiple tasks to obtain an output of the job.

Authentication of medical device computing systems by using metadata signature

Computer code embedded in an electronic component (e.g., a processor, a sensor, etc.) of a medical device, such as a dialysis machine, can be authenticated by comparing a metadata signature derived from the computer code of the electronic component to a key derived from a pre-authenticated code associated with the electronic component. The metadata signature can be derived by running an error-check/error-correct algorithm (e.g., SHA256) on the computer code of the electronic component. A use of the metadata signature enables detection of any unauthorized changes to the computer code as compared to the pre-authenticated code.

VERIFICATION BY REPLACEABLE PRINTER COMPONENTS

METHOD FOR UPDATING A PUBLIC/PRIVATE KEY PAIR AND PUBLIC KEY CERTIFICATE FOR AN INTERNET OF THINGS DEVICE

A method is provided for generating a public/private key pair and certificate. The method includes providing an integrated circuit (IC) with an IC specific initial public and private key pair and a public key certificate signed by a manufacturer of the IC. A smartcard having stored thereon customer unique configuration data related to the IC is provided to a customer of the IC manufacturer. The smartcard enables the customer to generate a customization value and a customized public key using the customer unique configuration data. In response to the customer receiving the public key certificate signed by the IC manufacturer from the IC, the customer is enabled to provide the customization value, the customized public key, and a public key certificate signed by the customer to the IC. The IC is thus enabled to generate a customized private key, thus providing an IoT device with a public/private key pair and a certificate signed by the device manufacturer without the use of a trusted party ...

PROGRAMMABLE DEVICE PERSONALIZATION

СПОСОБ ЗАЩИТЫ ИНФОРМАЦИОННЫХ СИСТЕМ

Изобретение относится к способам защиты информационных систем от сетевой разведки. Технический результат заключается в повышении надежности защиты информационных систем за счет имитации канала связи. Технический результат достигается за счет того, что в предварительно заданные исходные данные дополнительно задают максимальное значение коэффициента использования среды передачи данных, выделенную скорость передачи данных, вычисляют количество фрагментов, на которые будет фрагментирован ответный пакет сообщений при взаимодействии по используемому телекоммуникационному протоколу в процессе информационного обмена, после этого формируют ответный пакет сообщений из максимально возможного количества фрагментов, далее вычисляют значение коэффициента использования среды передачи данных, с учетом времени задержки направления фрагментов ответного пакета сообщений, выделенной скорости передачи данных и максимально возможного количества фрагментов пакета сообщений, после этого, в случае если вычисленное ...

Система и способ регистрации уникального идентификатора мобильного устройства

Verfahren zum Ermöglichen des Austauschens von Daten zwischen einer Datenverarbeitungseinheit außerhalb und einer Datenverarbeitungseinheit innerhalb eines Fahrzeugs sowie Kraftfahrzeug

Verfahren zum Ermöglichen eines Datenaustauschs zwischen einer zentralen Datenverarbeitungseinrichtung, die mit einem Netzwerk verbunden oder verbindbar ist und über dieses Netzwerk mit einer ersten Datenverarbeitungseinheit verbunden oder verbindbar ist, wobei in der zentralen Datenverarbeitungseinrichtung Benutzerkonten angelegt sind, und einer zweiten Datenverarbeitungseinheit in einem Fahrzeug, wobei die zweite Datenverarbeitungseinheit zur drahtlosen Verbindung mit dem Netzwerk eingerichtet ist, folgende Schritte umfassend: a) ein Benutzer loggt sich an einem Personalcomputer in sein Benutzerkonto auf der zentralen Datenverarbeitungseinrichtung unter Eingabe seines Benutzernamens und seines Kennworts ein; b) der Benutzer gibt eine Fahrzeugkennnummer (VIN) eines Fahrzeugs, das er zu benutzen beabsichtigt, ein, die in seinem Benutzerkonto auf der zentralen Datenverarbeitungseinrichtung abgespeichert wird; c) der Benutzer begibt sich in das Fahrzeug, wobei er eine tragbare Vorrichtung ...

Prozessorschaltung und Verfahren zum Zuordnen eines Logikchips zu einem Speicherchip

Eine Prozessorschaltung umfasst einen Logikchip (12) mit einer Logikschaltung (12a) und einem nicht-flüchtigen Speicher (12b) sowie einen Speicherchip (14) mit einem nicht-flüchtigen Speicher. In dem nicht-flüchtigen Speicher (12b) des Logikchips (12) ist ein Schlüssel (k) unter Verwendung von elektronischen Sicherungen (13a, 13b, 13c) abgespeichert. Ferner ist eine Personalisierungsinformation (13d) abgespeichert, die signalisiert, dass der Logikchip einem Speicherchip zugeordnet ist. In dem Speicherchip (14) ist an einem ID-Speicherbereich (16) eine mit dem Schlüssel (k) verschlüsselte Chip-Identifikation (m) abgespeichert. Während eines Hochfahrens des Prozessors wird zunächst verifiziert, ob die in dem Speicherchip gespeicherte verschlüsselte Logikchip-Identifikation authentisch ist oder nicht. Damit ist eine einfache und preisgünstige Personalisierung eines Speicherchips zu einem Logikchip erreichbar, um Attacken im Hinblick auf die Entfernung bzw. Manipulation des Speicherchips abzuwehren ...

Verfahren zur Programmierung eines Mobilendgeräte-Chips

Die Erfindung schafft ein Verfahren zur Programmierung eines Chips für ein Mobilendgerät, wobei in einem vorbereitenden Schritt eine Seriennummer in den Chip programmiert wird und nachfolgend in einem Programmierschritt die Seriennummer verifiziert wird und eine Programmierung zumindest eines weiteren Datums in den Chip nur durchgeführt wird, falls die Seriennummer erfolgreich verifiziert worden ist. Die Seriennummer wird dabei mittels eines Sicherheitsmoduls (HSM), unter Verwendung einer im Sicherheitsmodul (HSM) abgespeicherten Geheiminformation, die von der Seriennummer unterschiedlich ist, verifiziert.

GESICHERTES RECHNERNETZWERK

Radio frequency identification tag security

Controlling the configuration of computer systems

Disclosed is a method of controlling a configuration of a computer system 212, having exchangeable components 10. The exchangeable components have identification means 12 that store an identifier 14 and provide the identifier to the computer system when being attached to it. The identifier is provided by generating a private public key pair 16, 18 for each accepted manufacturer of the exchangeable components and a private public key pair 17, 19 for the computer system. Next, an identifier is assigned to each exchangeable component available for attachment to the controlled computer system. Receiving configuration data 22 of a list of encrypted identity records 40 of identifiers of the components together with signatures 24 over the data generated with the private key of the respective component manufacturer for each component expected to be attached to the respective computer system. Receiving a configuration record 28 and comparing the configuration data of the expected components from ...

Radio frequency identification tag security system

Radio frequency identification transponder security

Verfahren zum Schutz gegen Fehlprogrammierung einer feldprogrammierbaren Logikvorrichtung

Verfahren zum Schutz gegen Fehlprogrammierung einer feldprogrammierbaren Logikvorrichtung (10), wobei die Logikvorrichtung (10) aufweist:-ein oder mehrere FPGAs (3), die jeweils einer oder mehreren Baugruppen (7) örtlich zugeordnet sind,-eine Programmiereinrichtung (1), welche über eine Datenverbindung (2) mit jedem FPGA (3) verbunden ist, um an diese zum Zwecke der Konfiguration Konfigurations-Daten zu übermitteln, gekennzeichnet durch die Verfahrensschritte:a)die Programmiereinrichtung (1) erstellt Konfigurations-Daten, die bestimmungsgemäß einem FPGA zugeordnet sind und übermittelt diese über die Datenverbindung(2)an einen FPGA, für den diese Konfigurations-Daten bestimmt sind;b)der die Konfigurations-Daten empfangende FPGA (3) prüft die bestimmungsgemäße Zuordnung und verwendet bei dieser Prüfung eine Hardware-Kennungsinformation (4), die in der ihm zugeordneten Baugruppe (7) bereitgehalten wird.

DEVICE TO THE WATER-MARK MARKING, SOFTWARE FOR THE IMPLEMENTATION OF AN ELECTRONIC CIRCUIT WITH A WATER-MARK AS WELL AS PROCEDURE AND DEVICE FOR WATER-MARK DETECTION

SAFE TERMINAL, ROUTINE AND PROCEDURE FOR PROTECTING A SECRET KEY

Anti-theft device

Physically unclonable function assisted memory encryption device techniques

Method, host, storage, and machine-readable storage medium for protecting content

Methods and apparatus are provided for protecting content of a storage. First authentication information regarding a first module is acquired. The first module is one of a plurality of modules included in the storage. The first module is authenticated based on first Unique Individual Information (UII) of the first module and the first authentication information. Second authentication information regarding a second module is acquired. The second module is another of the plurality of modules included in the storage. The second module is authenticated based on second UII of the second module and the second authentication information. Access to content stored in the storage is permitted when at least the first module and the second module are successfully authenticated.

RFID Communication method and system

Ternary physical unclonable function circuit, control method and chip

Use of a string of characters in systems of cryptography, statistics, simulation, randomization, gaming machines and the like

Printer encryption

Method and device for controlling hardware equipment

Equipment identification method, device and equipment

Automatic checking system and method for chip identifier

METHOD FOR SECURELY AN ELECTRICAL APPARATUS REMOVABLE DURING INSTALLATION WITHIN A POWER SYSTEM

TV Decoder has external access for memory reset voltage avoids serialization of faulty units

Dispositif électronique (1) comportant un boîtier (2) fermé autorisant par l'intermédiaire d'un orifice (16) de ce boîtier un accès à une interface (10) contenue dans ce boîtier de manière à pouvoir commander l'interface pour réaliser des opérations d'écriture dans une zone protégée (8) d'une mémoire (4) de ce dispositif. Dispositif nécessitant un dispositif de contrôle d'accès externe (17) pour commander l'interface. Dispositif permettant un enregistrement du numéro de série après réalisation des tests fonctionnels finaux du dispositif.

APPARATUS AND METHOD FOR MANAGING INPUT AND OUTPUT OF ELECTRONIC APPARATUS

ANTI-ROLLBACK VERSION UPGRADE IN SECURED MEMORY CHIP

INTEGRATED CIRCUIT DATA PROTECTION

SECURE TRANSMISSION

DISTRIBUTION METHOD FOR LICENSES TO ELECTRONIC PARTS

In one embodiment, the method is used for distributing licenses (24) to electronic parts (1) and involves: A) providing the part (1), said part (1) comprising an identifier (12) and a root certificate (14) by a distributor (10) of the part (1); B) generating a license file (2) that comprises the identifier (12) and a license (24) by the distributor (10) for a user (20); C) signing the license file (2) with a distributor (10) certificate (29) such that a signed license file (3) is generated and the certificate (29) is based on the root certificate (14); D) loading the signed license file (3) onto the part (1); and E) having the user (20) start up the part (1), wherein the signed license file (3) is verified by the part (1) such that a use of the part (1) by the user (20) is enabled within the scope of the license (24).

CONSUMABLE UNIT HAVING A SECURITY ELEMENT, SECURITY ELEMENT AND METHOD FOR THE MANUFACTURER TO ENSURE PERMISSIBLE CONSUMPTION

The present invention relates to a consumable unit (D) for a consumption application of a consumable product, preferably in a medical apparatus, having a security element (110) for protection against manipulation or misuse by unauthorized third parties, wherein the security element comprises a first identification label (ID-1-Label) substantively forming a first manufacturer identification code; the first identification label (ID-1-Label) is non-detachably connected to the consumable unit (D) and is set up to uniquely identify the consumable unit (D), such as in regard to a product type and/or product consumption property of the consumable unit (D), and is partially or completely concealed, preferably visually concealed, by a detachable concealing means (150), preferably one not detachable without destruction. Further, a method for labelling a consumable unit (D), a method for enabling a consumable unit (D) in an associated consumption apparatus and a method for system control of both aforementioned ...

AUTOMATIC IDENTIFICATION OF RETURNED MERCHANDISE IN A DATA CENTER

A method and system for determining a device identifier assigned to a device within an installation of devices connected via a network is provided. A system determines the device identifier of a device that has been repaired and reinstalled so that the device can be placed in service. Upon receiving an indication that a repaired device has been reinstalled, the system requests and receives a possible device identifier of the repaired device from an interconnect device that connects the repaired device to the network. To verify that the possible device identifier is the actual device identifier, the system directs the repaired device to reboot so that it broadcasts its device identifier. When the repaired device reboots, it broadcasts its device identifier. Upon receiving the broadcast device identifier, the system verifies that the possible device identifier is the same as the broadcast device identifier.

SD CARD LICENSE MECHANISM

A system and approach for providing software device or secure digital (SD) cards for computing devices. An SD card may be programmed with a unique card identification register (CID) value during a manufacture of the card. The CID value cannot necessarily be changed by a card host such as a computing device. A securely signed license may be generated with the CID value (or a hash of the CID value) as part of the license's plaintext. The license may be stored on the card with the CID value. The card may be installed in virtually any computing device that supports the card. The card may be easily removed from the computing device and installed in another computing device or be placed in a storage mechanism. The license may be treated as portable like the card.

VERIFICATION OF CODE SIGNATURE WITH FLEXIBLE CONSTRAINTS

Systems, apparatuses, and methods for signing, and verifying the signature of, code to be executed by a target device. An example method of determining a verification hash of a code image to be executed by a target device comprises receiving a header and code image, determining an image hash based on metadata and the code image, determining a fuses hash based on values of hardware fuses of the target device, determining an information hash based on information stored in memory, determining a verification hash based on the image hash, the fuses hash, and the information hash, verifying the verification hash against a code signature in the header, obtaining an unlock constant based on the verification hash, comparing the unlock constant with a stored predetermined value to unlock a memory region of the target device, and executing the code in the code image on the target device.

MODULAR ARCHTECTURE FOR CONTROL AND MONITORING OF EDGE DEVICES IN A BUILDING MANAGEMENT SYSTEM

A device for use in a building management system (BMS) includes a base hardware component that provides communication between the equipment and a first network associated with the BMS. The base hardware component includes a processor and a memory. The device further includes a modular hardware component connected to the base hardware component and a modular software component stored in the memory that recognizes the modular hardware component connected to the base hardware component and provides communication between the equipment and a second network using the modular hardware component. The processor executes a control application to control operation of the equipment based in part on data received from the equipment and data received from at least one of the first network and the second network.

VIRUS IMMUNE COMPUTER SYSTEM AND METHOD

A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a storage device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the storage device; using the symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; precluding the computer from running any part of the application program that has not been first encrypted with the symmetric private key; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.

MONITORING DEVICE, MONITORING SYSTEM, INFORMATION PROCESSING DEVICE, MONITORING METHOD, AND PROGRAM

A monitoring device that is included in a monitoring system constituting a distributed ledger system and monitors a monitoring target device includes a circuit information distribution unit configured to distribute circuit information for forming a predetermined PUF circuit to the monitoring target device; a transmission processing unit configured to transmit a predetermined challenge value to the monitoring target device to which circuit information is distributed; a reception processing unit configured to receive a response value corresponding to the challenge value of the PUF circuit formed in the monitoring target device; and an authentication processing unit configured to authenticate the monitoring target device based on input and output correspondence information of the PUF circuit formed in the monitoring target device and the received response value.

Programming on-chip non-volatile memory in a secure processor using a sequence number

An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Secure Transient Buffer Management

A system is described that secures application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components of the system, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

Tamper-protected hardware and method for using same

One of the various aspects of the invention is related to suggesting various techniques for improving the tamper-resistibility of hardware. The tamper-resistant hardware may be advantageously used in a transaction system that provides the off-line transaction protocol. Amongst these techniques for improving the tamper-resistibility are trusted bootstrapping by means of secure software entity modules, a new use of hardware providing a Physical Unclonable Function, and the use of a configuration fingerprint of a FPGA used within the tamper-resistant hardware.

SYSTEMS AND METHODS FOR DATA SECURITY WITHIN POWER TOOLS

Systems and methods for data security with power tools are provided. The systems and methods include transmitting an initialization command, by a processor of a computing device, to a power tool configured with a secure element. The secure element is a digital key storage unit configured to generate a private key and a corresponding public key upon receiving the initialization command. The power tool transmits the generated public key to the computing device. The computing device tags the public key with a unique identification number associated with the power tool, and stores the corresponding public key within a data storage unit.

SECURE BASE ACTIVATION IMAGE FOR EDGE DAY ZERO SECURE INFRASTRUCTURE PROVISIONING

A method of implementing a self-provisioning computer system is shown. The method includes storing a secure base activation image on a computer system. This includes storing executable code to implement enhanced network discovery configured to first attempt to determine if a private TCP port is open and if the private TCP port is not open to default to use of a public URL on a well-known TCP port at the computer system. This further includes storing executable code to implement an auto-connection service configured to automatically connect to a remote activation service to perform identification and attestation of the computer system. This further includes storing executable code to implement a secure vault for cryptographic secrets.

TECHNOLOGIES FOR DIVIDING WORK ACROSS ACCELERATOR DEVICES

Technologies for dividing work across one or more accelerator devices include a compute device. The compute device is to determine a configuration of each of multiple accelerator devices of the compute device, receive a job to be accelerated from a requester device remote from the compute device, and divide the job into multiple tasks for a parallelization of the multiple tasks among the one or more accelerator devices, as a function of a job analysis of the job and the configuration of each accelerator device. The compute engine is further to schedule the tasks to the one or more accelerator devices based on the job analysis and execute the tasks on the one or more accelerator devices for the parallelization of the multiple tasks to obtain an output of the job.

RELIABILITY ENHANCEMENT METHODS FOR PHYSICALLY UNCLONABLE FUNCTION BITSTRING GENERATION

MECHANISM FOR DETECTING A NO-PROCESSOR SWAP CONDITION AND MODIFICATION OF HIGH SPEED BUS CALIBRATION DURING BOOT

PROOFING AGAINST TAMPERING WITH A COMPUTER

CRYPTOGRAPHIC ASIC WITH UNIQUE INTERNAL IDENTIFIER

ELECTRONIC DEVICE WITH SELF-PROTECTION AND ANTI-CLONING CAPABILITIES AND RELATED METHOD

СПОСОБ И УСТРОЙСТВО ДЛЯ ОБЕСПЕЧЕНИЯ СВЯЗИ С УСЛУГОЙ С ИСПОЛЬЗОВАНИЕМ ИДЕНТИФИКАТОРА ПОЛУЧАТЕЛЯ

Изобретение относится к компьютерной технике, а именно к системам обмена данными между пользователями и платформами предоставления услуг. Техническим результатом является обеспечение защиты идентификатора пользователя при обмене между пользовательским оборудованием и платформой предоставления услуг. Предложен способ обеспечения связи с платформой предоставления услуг с использованием идентификатора получателя. Способ включает в себя этап, на котором сервер принимает запрос от вычислительного устройства на генерацию идентификатора получателя для индикации данных, которыми обмениваются услуга платформы предоставления услуг и приложение, установленное в вычислительном устройстве. Посредством сервера определяют идентификаторы пользователя, идентификаторы устройств, идентификаторы приложения. Сервер генерирует идентификатор получателя путем кодирования, по меньшей мере частично, по меньшей мере двух из следующего: идентификатора пользователя, одного или более идентификаторов устройства и одного ...

Uniquely identifying a computing device in trial period abuse prevention

A web browser plug-in tool is used to read or construct a unique identifier for a computing device. The tool is programmed to read or construct the identifier from one or more Microsoft ® Windows ® Management Instrumentation (WMI) sources for example: ComputerSystemProduct.UUID, ComputerSystemProduct.IdentifyingNumber and BaseBoard.Product and to provide the identifier to a remote digital media service. Preferably, the identifier is stored both in the device and on a server for the service against a record associated with the device. A further unique identifier, generated by the service, may also be stored in the browser or browser plug-in; preferably as a Flash ® Shared Object but perhaps as a cookie or in browser local storage. The unique identifier is typically used to determine whether or not a trial period for the service has been utilised on the computing device. Also disclosed is a method in which only a unique identifier, generated by a remote digital media service, is stored in ...

Identifier generation

A method is disclosed for configuring each device of a batch of electronic devices with a respective unique identifier 12. A key set 38 is obtained in which each key is a random or pseudo-random number having a key width equal to a predefined code width 36. For each seed of a set of locally unique seeds 40, a uniquely invertible function is applied to generate a corresponding code 12c. The uniquely invertible function, which may be a block cipher 32, is configured to convert a seed into a corresponding code using the key set (see Figure 3). Every code generated for a given seed of the set of seeds is therefore unique for that set of seeds. The unique identifier is formed from the corresponding code and assigned to an electronic device 10.

PROCEDURE FOR THE SUPPLY OF A GER�TEINDIVIDUELLEN GER�TECODES F�R AN ELECTRONIC GER�T

Methods and systems for facilitating communications between vehicles and service providers

Methods and systems for facilitating communications between a vehicle and a service provider are provided. A first address of a vehicle communication device and a second address of a service provider communication device are obtained at a remote location that is remote to both the vehicle and the service provider. A set of keys, including a first key and a second key, is generated at the remote server. The first key is for use by the vehicle in establishing communications with the service provider, and the second key is for use by the service provider in establishing communications with the vehicle. The first key is provided to the vehicle, and the second key is provided to the service provider.

Anti-counterfeiting electronic device and method thereof

An anti-counterfeiting electronic device includes a function component assigned with an identification code ID and a processor. The processor generates a random code K 1 and transmits the random code K 1 to the function component; the function component encrypts the random code K 1 and the identification code ID to generate a key ID 1 . The processor further obtains the key ID 1 from the function component and decrypts the key ID 1 to generate an identification code ID 2 , and determines whether the identification code ID 2 is the same as the ID and executes the system login command if the identification code ID 2 is the same as the identification code ID. An anti-counterfeiting method is also provided.

Organic keyed encryption

An encryption technique that creates a unique encryption key or fingerprint based on unique physical and electrical characteristics of a target electronic assembly to be protected. The encryption key can be constructed by exploiting the manufacturing variances present in all electronic elements including active elements and passive elements. Active elements include, for example: oscillators/clocks, internal I/O controllers, external I/O controllers, memory, processors, and digital power converters. Passive elements include, for example: internal I/O interconnects, external I/O interconnects, memory buses, and power buses. The encryption key can also include one or more environmental condition thresholds.

Systems and methods for remotely loading encryption keys in card reader systems

Systems and methods for remotely loading encryption keys in card reader systems are provided. One such method includes storing, at a card reader, a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second fingerprints includes an intrinsic magnetic characteristic of the data card, encrypting, using a first encryption key derived from the second fingerprint, information including the device identification number and first fingerprint, sending the encrypted information to an authentication server, receiving, from the authentication server, a score indicative of a degree of correlation between the first fingerprint and second fingerprint, and receiving, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first fingerprint.

Electronic device, key generation program, recording medium, and key generation method

An electronic device 100 executes a key-using process that uses a key. A physical quantity generation part 190 generates a physical quantity intrinsic to the electronic device and having a value which is different from one electronic device to another and different each time the physical quantity is generated. A key generation part 140 generates the same key for each key-using process, based on the physical quantity generated by the physical quantity generation part 190 , each time the key-using process is to be executed, immediately before the key-using process is started. A key-using process execution part 1010 executes the key-using process such as generation of a keyed hash value, by using the key generated by the key generation part 140 . A control program execution part 180 deletes the key generated by the key generation part 140 , each time the key-using process is ended.

System and Method for Automatic Authentication of an Item

A system, apparatus and method automatically authenticating an item. The media device includes a housing, a processor disposed within the housing, the item disposed within or attached to the housing, and a memory disposed within the housing. The memory stores computer readable instructions that when executed by the processor causes the processor to perform the steps: (a) obtaining the one or more identifiers from the item wherein the one or more identifiers includes a serial number or code; (b) transmitting the obtained identifier(s) to a server device for authentication; (c) receiving an authentication message from the server device; (d) continuing operation of the media device whenever the authentication message from the server device indicates that the item is authentic; and (e) performing one or more actions based on the authentication message whenever the authentication message from the server device indicates that the item is not authentic or cannot be verified.

Device archiving of past cluster binding information on a broadcast encryption-based network

Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content.

Apparatus and method to harden computer system

In some embodiments, a processor-based system may include a processor, the processor having a processor identification, one or more electronic components coupled to the processor, at least one of the electronic components having a component identification, and a hardware security component coupled to the processor and the electronic component. The hardware security component may include a secure non-volatile memory and a controller. The controller may be configured to receive the processor identification from the processor, receive the at least one component identification from the one or more electronic components, and determine if a boot of the processor-based system is a provisioning boot of the processor-based system. If the boot is determined to be the provisioning boot, the controller may be configured to store a security code in the secure non-volatile memory, wherein the security code is based on the processor identification and the at least one component identification. Other embodiments are disclosed and claimed.

System and method for physically detecting counterfeit electronics

A system for inspecting or screening electrically powered device includes a signal generator inputting a preselected signal into the electrically powered device. There is also an antenna array positioned at a pre-determined distance above the electrically powered device. Apparatus collects RF energy emitted by the electrically powered device in response to input of said preselected signal. The signature of the collected RF energy is compared with an RF energy signature of a genuine part. The comparison determines one of a genuine or a counterfeit condition of the electrically powered device.

Information processing apparatus and program product

According to one embodiment, an information processing apparatus, which is connected to an external apparatus, includes a device key storage unit, a creating unit, a calculating unit, a communication unit, and a key calculating unit. The device key storage unit stores therein a device key. The creating unit creates a media key from the device key and a media key block. The calculating unit calculates first output information on the basis of first inherent information inherent to the information processing apparatus and public information. The communication unit transmits the first output information to the external apparatus and receives second output information calculated by the external apparatus from the external apparatus. The key calculating unit calculates a shared key shared between the information processing apparatus and the external apparatus on the basis of the media key, the first inherent information, and the second output information.

Document management system and method

A document management system and method are disclosed herein. An example of the document management system includes a composite document generation module that generates a composite document and a secret seed that is associated with an owner or initiator of the composite document, and a key derivation module that derives, from the secret seed and using a key derivation function, at least one of a key for encryption, a key for decryption, a key for signature, or a key for verification for a participant of a workflow associated with the composite document.

Bit sequence generation apparatus and bit sequence generation method

A bit sequence generation apparatus includes a glitch generating circuit that generates a glitch, a sampling circuit that samples the glitch waveform generated by the glitch generating circuit, and a glitch shape determination circuit that generates 1-bit data indicating either 1 or 0, based on the glitch waveform sampled by the sampling circuit, and generates a bit sequence composed of a plurality of generated 1-bit data. The bit sequence generation apparatus can provide a PUF circuit that is able to generate highly randomized secret information even in a device with a low degree of freedom of alignment and wiring and that does not violate the design rules.

Delaying or deterring counterfeiting and/or cloning of a component

In an embodiment, to deter or delay counterfeiting/cloning of a replacement component of a host device, the replacement component is provided with a code value. The code value is generated from a value of at least one physical parameter of the replacement component and is stored on the replacement component. The host device determines whether the replacement component is authentic if the stored code value matches a reference code value.

Systems and methods for identifying consumer electronic products based on a product identifier

Systems and methods for identifying consumer electronic products using a playback device with a product identifier in accordance with embodiments of the invention are disclosed. One embodiment includes a processor, and memory configured to store a product identifier, where the product identifier is associated with a specific product and is associated with cryptographic information, and user account data, where the user account data is associated with a user account. In addition, the processor is configured by an application to receive a request for registration from a playback device, receive a product identifier from the playback device, retrieve cryptographic information using the playback device, and send user account data to the playback device encrypted using at least the cryptographic information associated with the product identifier.

Systems and Methods to Communicate with Transaction Terminals

A transaction terminal is configured with an application that is configured to present a user interface for out-of-band communication with a transaction handler during the processing of a payment transaction. The transaction handler is configured invoke the application in the transaction terminal via transmitting a predetermined code in an authorization response message.

Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier

An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by receiving an encryption key request from a sending device, where the encryption key request is based upon the message specific identifier, which is associated with a plurality of attributes associated with the message and the sending device. In more detail, the message specific identifier may be an information-based indicator that is unique with respect to the message and the sending device. The method parses the encryption key request and the message specific identifier to provide an intermediate argument used to enter a current random character set that is periodically generated and stored into memory. The intermediate argument helps identify which type of encryption method is desired for use in encryption key generation. An encryption key is constructed using the intermediate argument as an entry point to the current random character set. A data structure is stored associated with the message specific identifier, a random character set identifier for the current random character set, and an identifier of the encryption method used before the key is transmitted back to the device.

Genomics-based keyed hash message authentication code protocol

Apparatuses, systems, computer programs and methods for implementing a genomics-based security solution are discussed herein. The genomics-based security solution may include reading and parsing a plaintext message comprising a string of words and assigning a lexicographic value to each word in the string to code each word in a rational number. The solution may also include assigning a letter code to each letter. The letter code for each letter may correspond with a function in molecular biology.

Authentication processing method and apparatus

A physical unclonable function (PUF) device, and a PUF reader which extracts PUF parameters required to calculate a response output from a challenge input by analyzing an operation of the PUF device. Operation parameters characterizing an operation state are obtained by observing a power waveform, an electromagnetic waveform, or a processing time of the PUF device at that time. Authentication of the PUF device is based on the extracted parameters. The PUF reader executes authenticity determination as to whether or not the PUF device is a valid PUF device by monitoring an operation of the PUF device during response generation based on the operation parameters.

Proxy Authentication

In one embodiment, receiving, by an operating system of the first computing device and from a client application executing on the first computing device, a first request for accessing a set of data associated with a user of the first computing device, wherein the set of data is managed by a second computing device; sending, by the operating system and to the second computing device, a second request for accessing the set of data; receiving, by the operating system and from the second computing device, a response to the second request; and if the response to the second request grants the client application access to the set of data, then forwarding, by the operating system and to the client application, an access token to be used by the client application for accessing the set of data with the second computing device.

Method and apparatus for providing a structured and partially regenerable identifier

An approach is provided for generating a structured and partially regenerable identifier. An identification generation platform receives a request to generate at least one regenerable that includes, at least in part, a plurality of fields. The identification generation platform determines to separately hash and/or encrypt the respective ones of the plurality of fields. A generation of the at least one identifier is caused, based at least in part, on the hashed and/or encrypted respective ones of the plurality of fields.

Method and apparatus for key sharing over remote desktop protocol

Various methods for the secure exchange of private keys for authenticating a user to an RDP service are provided. One example method may comprise receiving a request comprising a session token to provide a user with access to an RDP service, and retrieving a username and password associated with the user using the session token. The method may further comprise assigning a time period of validity to the password. Furthermore, the method may comprise generating a first secret key based on user information, generating a second secret key based on the first secret key and a salt, and encrypting a packet comprising the password and the time period using the second secret key. Additionally, the method may comprise transmitting the username and encrypted packet to the device for authenticating the user with the requested RDP service. Similar and related example methods, apparatuses, systems, and computer program products are also provided.

AUTHENTICATION IN HETEROGENEOUS IP NETWORKS

The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device. 118-. (canceled)19. A system comprising:a mobile device configured to at least determine a network access type upon receipt of an information message indicating at least one network access type, create a start message containing at least a user identity, and encapsulate the start message in an authentication message compatible with an access network identified in the information message; andan access controller configured to at least read the encapsulated message from the mobile device and forward the encapsulated message to an authentication server identified in the encapsulated message.20. A system comprisingdetermining means for determining a network access type by a mobile device, upon receipt of an information message indicating at least one network access type;creating means for creating a start message containing at least a user identity; andencapsulating means for encapsulating the start message in an authentication message compatible with an access network identified in the information message; andaccess controller means comprising reading means for reading the encapsulated message from the mobile device and a forwarding means for forwarding the encapsulated ...

METHODS OF AND SYSTEMS FOR REMOTELY CONFIGURING A WIRELESS DEVICE

A particular method includes transmitting a message from a first device to a second device. The message includes first information associated with identification of the first device. The first information enables the second device to obtain access data. The method also includes establishing a first communication link between the first device and the second device based on the access data. The method further includes receiving, via the first communication link, second information associated with establishment of a second communication link between the first device and a third device. The method also includes configuring the first device to establish the second communication link between the first device and the third device based on the second information. 1. A method comprising:transmitting a message from a first device to a second device, wherein the message comprises first information associated with identification of the first device, wherein the first information enables the second device to obtain access data;establishing a first communication link between the first device and the second device based on the access data;receiving, via the first communication link, second information associated with establishment of a second communication link between the first device and a third device; andconfiguring the first device to establish the second communication link between the first device and the third device based on the second information.2. The method of claim 1 , wherein the first device comprises a machine-to-machine communication device.3. The method of claim 1 , further comprising configuring the first device to operate in accordance with a first mode of operation claim 1 , wherein the first device is configured to provide a wireless local area network while in the first mode of operation.4. The method of claim 1 , wherein establishing the first communication link comprises:receiving security information from the second device, wherein the security ...

INFORMATION TERMINAL DEVICE AND METHOD OF PERSONAL AUTHENTICATION USING THE SAME

An information terminal device is provided that may use the input functionality of a touch panel to remove the restriction on the use thereof, for example, release the key lock. The information terminal device () is an information terminal device including a display () and a touch panel (), including: a pattern storage memory () configured to store a release pattern that is to be entered into the touch panel () to remove the restriction on the use of the information terminal device, the release pattern being designated by a user as a graphic pattern; a comparison unit () configured to determine whether an entered pattern entered into the touch panel matches the release pattern; and a controller () configured to remove the restriction on the use of the information terminal device if the comparison unit () determines that the entered pattern matches the release pattern. 1. An information terminal device including a display and a touch panel , comprising:a pattern storage memory configured to store a release pattern that is to be entered into the touch panel to remove a restriction on a use of the information terminal device, the release pattern being designated by a user as a graphic pattern;a comparison unit configured to determine whether an entered pattern entered into the touch panel matches the release pattern; anda controller configured to remove the restriction on the use of the information terminal device if the comparison unit determines that the entered pattern matches the release pattern.2. The information terminal device according to claim 1 , wherein:the pattern storage memory stores an input request pattern suggesting that the release pattern be entered, andthe input request pattern is displayed on the display when the restriction on the use of the information terminal device is to be removed.3. The information terminal device according to claim 2 , wherein:the pattern storage memory stores a set of input request patterns suggesting that the release ...

System and Method for Transaction Security Enhancement

The present disclosure involves a system that includes a computer memory storage component configured to store computer programming instructions and a computer processor component operatively coupled to the computer memory storage component. The computer processor component is configured to run a secure operating system and a non-secure operating system in parallel. The secure and non-secure operating systems are isolated from each other. The computer processor component is configured to execute code to perform the following operations: receiving an authentication request from an application that is run by the non-secure operating system, wherein the authentication request contains credentials of the application; communicating with a secure applet that is run by the secure operating system, and wherein the communicating includes transferring the credentials of the application to the secure applet; and authenticating and vetting the application based on the credentials of the application. 1. A system , comprising:a computer memory storage component configured to store computer programming instructions; and receiving an authentication request from an application that is run by the non-secure operating system, wherein the authentication request contains credentials of the application;', 'communicating with a secure applet that is run by the secure operating system, and wherein the communicating includes transferring the credentials of the application to the secure applet; and', 'authenticating and vetting the application based on the credentials of the application., 'a computer processor component operatively coupled to the computer memory storage component, wherein the computer processor component is configured to run a secure operating system and a non-secure operating system in parallel, wherein the secure and non-secure operating systems are isolated from each other, and wherein the computer processor component is configured to execute code to perform the following ...

Method and Apparatus for Enabling Secure Distribution of Digital Content

A digital content management system includes a host machine and a delivery machine remote from the host machine. The host machine sends validation agent software to the delivery machine, which executes the validation agent. The validation agent performs one or more tests or observations to determine whether the delivery machine has been compromised, and communicates the results of the tests or observations to the host machine. If the host machine determines that the delivery machine has not been compromised, the host machine sends digital content to the delivery machine, and a player module at the delivery machine delivers the content to the user according to an appropriate set of access rights. After delivering the content, the delivery machine deletes the content to prevent unwanted access to the content. The content can contain signals indicative that the content is legitimate, such as watermarks or bad code segments or sectors. 1. A digital content access control system comprising:at least one processor;at least one network interface device;at least one memory device which stores a plurality of instructions which, when executed by the at least one processor, cause the at least one processor to operate with the at least one network interface device to:(a) cause a validation agent to be sent to a remote delivery machine over a data network, said validation agent configured to determine, based on a result of at least one test performed upon arrival of the validation agent at the remote delivery machine, whether said remote delivery machine has been compromised,(b) receive, over the data network, a signal indicative of whether to send content to the remote delivery machine, said signal based, at least in part, on the determination by the validation of whether the remote delivery machine has been compromised,(c) determine whether to send the content to the remote delivery machine based on the received signal, (i) send at least a portion of the content, over the data ...

Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier

An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by assembling the message specific identifier from one or more attributes associated with the message and the first device. An encryption key request is transmitted to a server, wherein the encryption key request is based upon the message specific identifier. An encryption key is received from the server, wherein the encryption key is based on the message specific identifier and a random character set. The message is encrypted using the received encryption key and the encrypted message is sent to the second device.

SYSTEMS AND METHODS OF DEVICE AUTHENTICATION INCLUDING FEATURES OF CIRCUIT TESTING AND VERIFICATION IN CONNECTION WITH KNOWN BOARD INFORMATION

A method and system for authenticating a device, board, assembly or system includes obtaining or processing test/scan information provided via extraction of ECID or other unique identifying information regarding a board. 1. A method of authenticating a board , assembly or system , the method comprising:obtaining or processing test/scan information provided via extraction of unique identifying information regarding one or more devices on a board, assembly or system, including determination of associated mounted position(s);performing one or more re-authentication processes to verify that the board, assembly or system contains only legitimate uniquely identified devices, via comparison of re-extracted codes of devices at known positions against a reference record, the reference record being established by an initial authentication process that utilizes information regarding authentic and unique codes of devices delivered to populate the board, assembly or system as placed at specific positions to derive the reference record for the device, enabling the re-attestation of the authenticity of such devices.2. The method of further comprising processing information regarding knowledge of all legitimately shipped codes of a given device type assuring each code's uniqueness claim 1 , verifying non-duplication over the supply chain from legitimate IC fabricator(s).3. The method of wherein the reference record is received claim 1 , directly or indirectly claim 1 , from an IC fabricator that performed the initial authentication process on a newly assembled board claim 1 , assembly or system at a board claim 1 , assembly or system factory.4. The method of wherein the information regarding the codes includes lot information regarding securely documented lots of devices shipped via a supply chain.5. A method of authenticating a board claim 1 , assembly or system claim 1 , the method comprising:performing an initial authentication process that utilizes information regarding ...

PLATFORM INTEGRITY VERIFICATION SYSTEM AND INFORMATION PROCESSING DEVICE

A platform integrity verification system capable of executing platform integrity verification by a trusted boot without causing a delay of system startup time. The platform integrity verification system has an information processing device and an integrity verification computer that is communicably connected to each other. The information processing device comprises an acquisition section acquires a unique value from each of a plurality of programs executed by the information processing device when the information processing device is shut down; and a storage section configured to store the unique value acquired by the acquisition section in a storage device. The integrity verification computer comprises a comparison section configured to acquire the unique value stored in the storage device through communication with the information processing device and compares the acquired unique value with a predetermined value held in advance for each program. 1. A platform integrity verification system having an information processing device and an integrity verification computer that is communicably connected to each other , whereinsaid information processing device comprises:an acquisition unit configured to acquire a unique value from each of a plurality of programs executed by said information processing device when said information processing device is shut down; anda storage unit configured to store said unique value acquired by said acquisition unit in a storage device, andsaid integrity verification computer comprises a comparison unit configured to acquire the unique value stored in the storage device through communication with said information processing device and compares the acquired unique value with a predetermined value held in advance for each program.2. The platform integrity verification system according to claim 1 , wherein said comparison unit enables said integrity verification computer to acquire a measurement value recorded in the storage device via a ...

CONNECTION DEVICE AUTHENTICATION

A method and apparatus are provided for a secure interconnect between data modules, including a security apparatus within a secured data interconnect apparatus installed with a security chip. The interconnect apparatus may be authenticated prior to enabling a stacking feature. Authentication of a interconnect apparatus may be used to ensure the quality and performance of the interconnect apparatus and the data modules. 1. An interconnect apparatus , comprising:a cable having first and second opposed ends;a first connector provided at the first end of the cable;a second connector provided at the second end, the cable to provide communication of data between the first and the second connectors; and a processor; and', 'a memory storage unit, the processor and the memory storage unit are powered by the electronic device responsive to the connection of the interconnect apparatus with the electronic device, the first authentication module to transition to a dormant state that does not consume power,, 'at least one authentication module comprising a first authentication module, the first authentication module configured to facilitate an authentication of the interconnect apparatus responsive to a connection of the interconnection apparatus with an electronic device, the interconnect apparatus is initialized to enable data transmissions responsive to an identification of the interconnect apparatus as passing the authentication of the interconnect apparatus, the first authentication module comprisingthe interconnect apparatus to receive a data transmission from the electronic device notwithstanding the transition of the first authentication module to the dormant state2. The interconnect apparatus of claim 1 , wherein the first authentication module comprises memory to persistently store authentication information operatively used to authenticate the interconnect apparatus.3. The interconnect apparatus of claim 2 , wherein the authentication information identities a ...

Trusted Service Management Process

Techniques for providing trusted management services (TSM) are described. According to one aspect of the techniques, a secure element (SE) is personalized via the TSM. A process is provided to personalize an SE with multiple parties involved and orchestrated by a party or a business running the TSM, hence as a trusted service manager (TSM). The TSM brings the parties together to recognize the SE being personalized so that subsequent transactions can be authorized and carried out with a device embedded with the SE. In operation, each of the parties may load a piece of data into the SE, including registration information, various services or application data, and various keys so that subsequent transactions can be carried out with or via an authorized party and in a secured and acknowledgeable manner. 1. A method for trusted service management , the method comprising:initiating data communication between a portable device with a secure element (SE) and a server configured to provide the trusted service management;receiving device information of the secure element from the portable device in responding to a request from the server after the server determines that the secure element is registered therewith, wherein the device information is a sequence of characters uniquely identifying the secure element, and the request is a command causing the portable device to retrieve the device information from the secure element therein; andsending a set of instruction to cause the portable device to receive in the secure element at least a set of keys from a designated place, wherein the keys are generated in accordance with the device information of the secure element, wherein the set of keys in the secure element facilitates a subsequent transaction between the portable device and a service provider.2. The method as recited in claim 1 , further comprising:identifying a party originating the secure element from the device information; andverifying with the party that the secure ...

METHOD FOR AUTHENTICATING A PORTABLE DATA CARRIER

A method for authenticating a portable data carrier () to a terminal device employs a public key (PKG) and a secret key (SK) of the data carrier () as well as a public session key (PK) and a secret session key (SK) of the terminal device. The data carrier () employs as a public key a public group key (PKG). As a secret key the data carrier () employs a key (SK) that has been derived from a secret group key (SKG) associated with the public group key (PKG). 116.-. (canceled)171. A method for authenticating a portable data carrier to a terminal device while employing a public key (PKG) and a secret key (SK) of the data carrier and a public session key (PK) and a secret session key (SK) of the terminal device , comprising the stepsusing as a public key (PKG) a public group key (PKG), and{'b': 1', '1, 'using as a secret key (SK) a secret key (SK) derived from a secret group key (SKG) associated with the public group key (PKG).'}1811. The method according to claim 17 , wherein before a further execution of the authentication method the secret key (SK) of the data carrier is replaced by a secret session key (SK) of the data carrier that is derived from the secret key (SK).191. The method according to claim 17 , wherein claim 17 , by means of the public group key (PKG) and the secret key (SK) of the data carrier as well as the public session key (PK) and the secret session key (SK) of the terminal device claim 17 , a communication key (KK) is agreed on between the data carrier and the terminal device.20. The method according to claim 17 , wherein the public group key (PKG) employed as a public key (PKG) of the data carrier is verified by the terminal device by means of a certificate (C) of the public group key (PKG).2111. The method according to claim 17 , wherein the secret key (SK) is derived from the secret group key (SKG) while employing a first random number (RND).221. The method according to claim 17 , wherein the secret session key (SK) of the data carrier is derived ...

COMPUTER-READABLE MEDIUM RECORDED WITH INFORMATION PROCESSING PROGRAM, INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD

An example information processing program that causes a computer of an information processing apparatus including a restricting unit which restricts use of software or use of a function of the information processing apparatus by software, to function as: a releasing unit which releases, on a per software basis, a restriction by the restricting unit even in a state where the restriction by the restricting unit is enabled; and a release continuing unit which makes the release by the releasing unit continuous by permitting reading of release information indicating that the release by the releasing unit is enabled, upon execution of release subject software that is to be subjected to the release. 1. An computer-readable medium recorded with an information processing program that causes a computer of an information processing apparatus including a restricting unit for restricting use of software or use of a function of the information processing apparatus by software , to function as:a releasing unit for releasing, on a per software basis, a restriction by the restricting unit even in a state where the restriction by the restricting unit is enabled; anda release continuing unit for making the release by the releasing unit continuous by permitting reading of release information indicating that the release by the releasing unit is enabled, upon execution of release subject software that is to be subjected to the release.2. The computer-readable medium recorded with the information processing program according to claim 1 , whereinsoftware to be subjected to a restriction by the restricting unit includes at least apart of the information processing program, andthe release continuing unit permits reading of the release information upon execution of the release subject software by at least a part of the information processing program included in the software being executed.3. The computer-readable medium recorded with the information processing program according to claim 1 , ...

MEASUREMENT PROBE SYSTEMS FOR CO-ORDINATE POSITIONING APPARATUS

A measurement probe, such as a touch trigger measurement probe, is described that comprises a measurement portion for measuring an object and a data transfer portion for receiving data from and/or transmitting data to an associated unit. The measurement device also comprises an authentication module for verifying the authenticity of the associated unit. The authentication module may include a processor for running a one-way hash algorithm. Authenticity may be established using a challenge and response authentication process. 1. A measurement probe system comprising a measurement probe mountable to co-ordinate positioning apparatus ,the measurement probe having a measurement portion for measuring an object, comprising a deflectable stylus, a data transfer portion for receiving data from and/or transmitting data to an associated unit, and', 'an authentication module for verifying the authenticity of the associated unit., 'wherein the measurement probe system comprises;'}2. A measurement probe system according to claim 1 , wherein the authentication module comprises a processor that claim 1 , in use claim 1 , runs an encryption algorithm.3. A measurement probe system according to claim 2 , wherein the encryption algorithm is a one-way hash algorithm.4. A measurement probe system according to claim 1 , wherein the authentication module comprises a random data string generator.5. A measurement probe system according to claim 1 , wherein the authentication module comprises a secure memory for storing a secret key.6. A measurement probe system according to claim 5 , wherein the authentication module verifies the authenticity of the associated unit using a challenge and response process claim 5 , wherein the challenge and response process confirms that the associated unit holds the same secret key as the secure memory of the authentication module without disclosing the secret key.7. A measurement probe system according to claim 1 , wherein the data transfer portion ...

METHOD AND DEVICE FOR CHALLENGE-RESPONSE AUTHENTICATION

Method of performing a challenge-response process, comprising, in this sequence, the steps of a) providing a first challenge-response pair () on a source device (), assigned to a responding device (); b) loading the first challenge-response pair () from the source device () to a challenging device (), while the source device () is operationally connected to the challenging device (); c) performing a challenge-response process between the challenging device () and the responding devices () to which the first challenge-response pair () is assigned, d) loading one or more second challenge-response pairs () from a source device () to the challenging device (), while the source device () is operationally connected to the challenging device (), wherein the step of loading the first challenge-response pair () from the source device () to a challenging device () is performed before the challenging device () has received any information from one of the responding devices (), to which the first challenge-response pair () is assigned. 1. Method of performing a challenge-response process , comprising , in this sequence , the steps ofa) providing a first challenge-response pair on a source device, wherein the first challenge-response pair is assigned to one or more responding devices;b) loading the first challenge-response pair from the source device to a challenging device, while the source device is operationally connected to the challenging device;c) performing a challenge-response process between the challenging device and one of the one or more responding devices to which the first challenge-response pair is assigned, using the first challenge-response pair, which is assigned to the responding device;d) loading one or more second challenge-response pairs from a source device to the challenging device, while the source device is operationally connected to the challenging device,characterized in that the step of loading the first challenge-response pair from the source device ...

METHOD FOR MANAGING ACCESS TO PROTECTED COMPUTER RESOURCES

A method for controlling access to protected computer resources provided via an Internet Protocol network that includes registering identity data of a subscriber identity module associated with at least one client computer device; storing (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module, and (iii) authorization data regarding the protect computer resources; receiving the identity data of a subscriber identity module, and a request for the protected computer resources; authenticating (i) the identity data of the at least one access server, and (ii) the identity data of a subscriber identity module; authorizing the at least one client computer device to receive at least a portion of the protected computer resources; and permitting access to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device. 1. A method for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol , the method comprising:registering, by at least one authentication server, identity data of a subscriber identity module associated with at least one client computer device;storing, by the at least one authentication server i n an associated database, (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module associated with the at least one client computer device, and (iii) authorization data associated with the protected computer resources;receiving, by the at least one access server, (i) the identity data of a subscriber identity module associated with the at least one client computer device and (ii) a request for the protected computer resources from the at least ...

Method and system for machine identification

A method and system for identifying a machine used for an online session with an online provider includes executing a lightweight fingerprint code from a provider interface during an online session to collect and transmit machine and session information; generating and storing a machine signature or identity including a machine effective speed calibration (MESC) which may be used to identify the machine when the machine is used in a subsequent online session by a method of matching the machine signature and MESC to a database of machine identities, analyzing a history of the machine's online sessions to identify one or more response indicators, such as fraud indicators, and executing one or more responses to the response indicators, such as disabling a password or denying an online transaction, where the response and response indicator may be provider-designated.

Method and apparatus for authenticating multicast messages

The last link in an initialization hash chain, calculated by a transmitter based on its anchor value, is distributed as an initialization function value to a receiver in an initialization phase. Subsequently, a multicast message is received and stored by a receiver and an authentication key release message, containing a cryptographic authentication key, is received from the transmitter by the receiver. A cryptographic function value h, calculated by the receiver for the cryptographic authentication key using a prescribed cryptographic function, is compared with the initialization function value to check the validity of the cryptographic authentication key in the authentication key release message. The multicast message is authenticated by the receiver using the cryptographic authentication key which has been recognized as valid.

Providing Integrity Verification And Attestation In A Hidden Execution Environment

In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed. 1. An article comprising a machine-accessible storage medium including instructions that when executed cause a system to:receive an attestation request and a nonce from a verifier to attest to a hidden environment of the system executed using a hidden resource manager (HRM) implemented in microcode of a processor, wherein the hidden environment is not visible to system software;generate a signed attestation record responsive to the attestation request directly in the processor via the microcode and without communication with an agent coupled to the processor via an interconnect; andprovide the signed attestation record to the verifier.2. The article of claim 1 , further comprising instructions to receive the attestation request in a kernel of the hidden environment and access a launch history of an application associated with the attestation request claim 1 , hash the launch history and provide the nonce and the hashed launch history to the HRM.3. The article of claim 2 , further comprising instructions to generate claim 2 , using the HRM claim 2 , the attestation record including an owner identifier of the system claim 2 , the owner identifier created by an owner of the system claim 2 , a measurement of a launch control policy claim 2 , a measurement of at least one kernel of the hidden environment claim 2 , and to sign the attestation record with a private key.4. The article of claim 3 , further comprising instructions to transmit the signed attestation record to the ...

INFORMATION PROCESSING SYSTEM CONTROL METHOD, INTERMEDIATE SERVICE DEVICE, AUTHENTICATION METHOD, AND STORAGE MEDIUM

Provided is a method for controlling an information processing system including a relay service device, an intermediate service device, and an authentication service device. The control method includes transmitting an authentication request from the intermediate service device to the intermediate service device; acquiring a first access token from the authentication service device that has made a success of authentication; storing the first access token; comparing the stored first access token with a second access token included in an execution request of an relation processing upon reception of the processing execution request from the relay service; and executing processing received from the intermediate service device when it is determined in the comparing that the first access token matches the second access token or not executing the processing when it is determined in the comparing that the first access token does not match the second access token. 1. A method for controlling an information processing system , wherein the information processing system comprising a relay service device that performs relay processing related to a service provided from a provision device to a user via a network , an intermediate service device that communicates with the relay service device and performs relation processing related to the service , and an authentication service device that receives an authentication request from the intermediate service device and performs authentication processing , the method comprising:transmitting, by the relay service device, an authentication request or an execution request of the relation processing to the intermediate service device;transmitting, by the intermediate service device, the authentication request from the relay service device to the authentication service device;acquiring, by the intermediate service device, a first access token from the authentication service device that has made a success of authentication;storing, by the ...

Storage device, host device, and information processing method

A storage device includes a storage module, an authentication process execution module, an encryption processor and a security setting module. The storage module stores an encryption key, a flag indicating whether the encryption key can be used, a password used for authentication associated with the encryption key and the flag, and user data. The authentication process execution module uses a password to authenticate a connected host device. The encryption processor uses an encryption key stored being associated with a flag indicating permission to use the encryption key in accordance with an instruction from the host device, and encrypts user data received from the host device or decrypts the user data stored in the storage module. On encryption or decryption, the security setting module changes the setting of a flag stored being associated with the encryption key used for the encryption or the decryption.

Identifier generation using named objects

A candidate identifier for a process is generated and an attempt is made to have a named object created that has a name that is the candidate identifier. In response to the attempt succeeding and the named object being created, the candidate identifier is used as an identifier for the process. In response to the attempt not succeeding and the named object not being created, the generating and attempting are repeated.

COMMUNICATION APPARATUS, SERVER APPARATUS, RELAY APPARATUS, CONTROL APPARATUS, AND COMPUTER PROGRAM PRODUCT

According to an embodiment, a communication apparatus is connected to a server apparatus that issues first authentication information used in communication. The communication apparatus includes a receiving unit configured to receive an execution instruction to execute a bootstrap authentication process of issuing the first authentication information. The bootstrap authentication process includes validation of capability information indicating a capability of the communication apparatus. The communication apparatus also includes a first authentication processing unit configured to execute the bootstrap authentication process with the server apparatus based on second authentication information including the capability information, when the receiving unit receives the execution instruction. 1. A communication apparatus connected to a server apparatus that issues first authentication information used in communication , comprising:a receiving unit configured to receive an execution instruction to execute a bootstrap authentication process of issuing the first authentication information, the bootstrap authentication process including validation of capability information indicating a capability of the communication apparatus; anda first authentication processing unit configured to execute the bootstrap authentication process with the server apparatus based on second authentication information including the capability information when the receiving unit receives the execution instruction.2. The communication apparatus according to claim 1 , whereinthe first authentication processing unit receives the first authentication information from the server apparatus when the bootstrap authentication process for the communication apparatus results in success, andthe communication apparatus further comprises a second authentication processing unit configured to execute a communication authentication process of communicating with an external apparatus with the external apparatus based ...

AUTHENTICATION METHOD BETWEEN CLIENT AND SERVER, MACHINE-READABLE STORAGE MEDIUM, CLIENT AND SERVER

An authentication method between a server and a client is provided. The authentication method includes transmitting, to the client, an inquiry message including a first modified secret key generated based on a first secret key and a first blinding value, receiving, from the client, a response message including a response value generated based on the first blinding value, a second secret key, and an error value, calculating the error value from the response value, and determining whether authentication of the client has succeeded based on the error value. 1. An authentication method between a server and a client , the authentication method comprising:transmitting, to the client, an inquiry message including a first modified secret key generated based on a first secret key and a first blinding value;receiving, from the client, a response message including a response value generated based on the first blinding value, a second secret key, and an error value;calculating the error value from the response value; anddetermining whether authentication of the client has succeeded based on the error value.2. The authentication method of claim 1 , wherein the first secret key and the second secret key are shared between the client and the server.3. The authentication method of claim 1 , wherein the determining of whether authentication of the client has succeeded comprises:comparing a total number of 0s or 1s in the error value with a pre-established threshold; anddetermining whether authentication of the client has succeeded based on a result of the comparing.4. The authentication method of claim 1 , wherein the determining of whether authentication of the client has succeeded comprises:comparing a Hamming weight of the error value with a pre-established threshold; anddetermining the authentication of the client as a success when the Hamming weight is less than or equal to the pre-established threshold.5. The authentication method of claim 1 , further comprising:transmitting, ...

Protecting privacy of shared personal information

Methods and apparatus are described to protect personal information by decoupling it from user identity. According to specific embodiments, this is accomplished by associating each user with an anonymous token that is decoupled from the user's identity. Personal information (e.g., a user's physical or geographic location) is stored in association with this anonymous token, with no apparent connection to the user. Those allowed to access the personal information—including the owner himself—are granted the ability through a variety of mechanisms to connect the anonymous token back to the owner. The personal information can then be retrieved by locating the data stored in association with the anonymous token in the data store.

Method and System for a Certificate-less Authenticated Encryption Scheme Using Identity-based Encryption

A method of verifying public parameters from a trusted center in an identity-based encryption system prior to encrypting a plaintext message by a sender having a sender identity string may include: identifying the trusted center by a TC identity string, the trusted center having an identity-based public encryption key of the trusted center based on the TC identity string; determining if the sender has a sender private key and the public parameters for the trusted center including the public encryption key of the trusted center and a bilinear map; and verifying the public parameters using the TC identity string prior to encrypting the plaintext message into a ciphertext by comparing values of the bilinear map calculated with variables from the trusted center. The ciphertext may include a component to authenticate the sender once the ciphertext is received and decrypted by the recipient using the private key of the recipient.

Resilient Device Authentication System

A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data.

Determine Authorization of a Software Product Based on a First and Second Authorization Item

Embodiments disclosed herein relate to determining authorization of a software product based on a first authorization item and a second authorization item. Each authorization item may be a file or a registry key. A processor may determine whether use of the software product is authorized at a particular time period by comparing a first authorization item and a second authorization item. 1. A computing system to determine authorization of a software product based on a first and second authorization item , comprising: {'b': '104', 'claim-text': create a first authorization item when a software product is installed;', 'create a second authorization item when the software product is executed for the first time.', {'b': 106', '108, 'wherein each authorization item comprises a file stored in a storage or a registry key stored in a registry , 'determine whether use of the software product is authorized at a particular time based on a comparison of the first authorization item and the second authorization item; and', 'prevent use of the software product if determined that use of the software product is not authorized., 'a processor to, 'an electronic device comprising2. The computing system of claim 1 , wherein creating the second authorization item comprises:determining whether the first authorization item indicates that the second authorization item should exist;determining whether the second authorization item exists;if determined that the second authorization item should not exist and determined that the second authorization item exists, preventing use of the software product; andif determined that the second authorization item should not exist and determined that the second authorization item does not exist, create the second authorization item.3. The computing system of claim 1 , wherein comparing the first authorization item and the second authorization item comprises:determining whether the second authorization item exists; andif determined that the second ...

Security System and Methods for Integrated Devices

Systems and methods for implementing security mechanisms in integrated devices and related structures. This method can include validating a device ID, generating a random value based on selected seed parameters, performing logic operations from hardware using the random value, and validating the integrated device based on logic operations from software using the random value. The system can include executable instructions for performing the method in a computing system. Various embodiments of the present invention represent several implementations of a security mechanism for integrated devices. These implementations provide several levels of encryption or protection of integrated devices, which can be tailored depending on the hardware and/or software requirements of specific applications. 1. A micro-processor , on-chip logic , or software implemented method for implementing a security mechanism in an integrated device electrically coupled to a computing system programmed to perform the method , the method comprising:determining, by a processor disposed within the computing system, a random value;writing, by the processor, the random value to a security register disposed within the integrated device;determining, by the processor, a configuration value;writing, by the processor, the configuration value to a security configuration register disposed within the integrated device;determining, by a logic module disposed within the integrated device, an operation result via a logic operation using the random value and the configuration value;writing, by the processor, the operation result to the security register;determining, by the processor, a validation result using the logic operation;reading, by the processor, the operation result from the security register; anddetermining, by the processor, whether the integrated device is valid using the validation result and the operation result.2. The method of further comprisingreading, by the processor, a device ID from a device ...

METHODS FOR FIRMWARE SIGNATURE

A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware. 1. A method , comprising:receiving, by a first device, signature unaware firmware code;installing, by the first device via boot code, the signature unaware firmware code on the first device, wherein the boot code is configured for installation of a signature aware firmware code or the signature unaware firmware code to the first device and is not configured for signature aware firmware code.2. The method of claim 1 , wherein installing the signature unaware firmware code further comprises verifying that the signature unaware firmware code is received from a second device associated with a user that has physical access to the first device.3. The method of claim 2 , wherein the verifying further comprises employing at least one feedback mechanism to ensure that the user has physical access to the first device.4. The method of claim 1 , wherein installing the signature unaware firmware code further comprises verifying that the signature unaware firmware code is received from a proxy module located remotely from the first device claim 1 , where the proxy module has verified the signature unaware firmware code.5. The method of claim 1 , wherein installing the signature unaware firmware code further comprises receiving from a proxy module that intercepted a request to install the signature unaware firmware code on the first device claim 1 , a signed certificate containing generated by the proxy module.6. The method of claim 5 , wherein installing the ...

METHOD AND APPARATUS FOR SECURING MOBILE APPLICATIONS

A non-transitory processor-readable medium stores code that represents instructions to be executed by a processor. The code includes code to receive an object code of a first application. The first application is defined by an author different from an author of a second application. The code also includes code to dynamically load at least two intercept points into the object code of the first application, using the second application. The code further includes code to, responsive to a read request for data by the first application, intercept the read request by at least one of the two intercept points. The code further includes code to determine, in response to intercepting the read request, whether or not access to read the data is authenticated. The code further includes code to send a signal to provide the data to the first application, based on the determining. 1. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor , the code comprising code to cause the processor to:receive an object code of a first application, the first application defined by an author different from an author of a second application;dynamically load at least two intercept points into the object code of the first application, using the second application;responsive to a read request for data by the first application, intercept the read request by at least one of the two intercept points;determine, in response to intercepting the read request, whether or not access to read the data is authenticated; andsend a signal to provide the data to the first application, based on the determining.2. The non-transitory processor-readable medium of claim 1 , the code further comprising code to cause the processor to:define a password input on a mobile device associated with the first application;receive a password signal associated with the password input, the password signal having authentication information; andanalyze the password signal to ...

TEMPERATURE-PROFILED DEVICE FINGERPRINT GENERATION AND AUTHENTICATION FROM POWER-UP STATES OF STATIC CELLS

A method, system and computer program product for generating device fingerprints and authenticating devices uses initial states of internal storage cells after each of a number multiple power cycles for each of a number of device temperatures to generate a device fingerprint. The device fingerprint may include pairs of expected values for each of the internal storage cells and a corresponding probability that the storage cell will assume the expected value. Storage cells that have expected values varying over the multiple temperatures may be excluded from the fingerprint. A device is authenticated by a similarity algorithm that uses a match of the expected values from a known fingerprint with power-up values from an unknown device, weighting the comparisons by the probability for each cell to compute a similarity measure. 1. A method for authenticating an electronic device as being a particular electronic device , wherein the electronic device contains a number of static storage elements , and wherein the method comprises:applying power to the electronic device;reading initial values of the static storage elements after applying power to collect a set of power-up states; andcomparing the initial values with an identifier corresponding to the particular electronic device, wherein the identifier encodes an expected value of a set of static storage elements within the particular device and probabilities that the static storage elements will assume their corresponding expected values, and wherein the comparing applies both the expected value of the set of static storage elements and probabilities that the static storage elements will assume their corresponding expected values.2. The method of claim 1 , wherein the comparing further comprises:for the static storage elements of the particular electronic device that have an expected value that matches the initial value of the corresponding static storage elements in the electronic device, adding the corresponding ...

APPARATUS AND METHOD OF CONTROLLING PERMISSION TO APPLICATIONS IN A PORTABLE TERMINAL

An apparatus and method of controlling permission to an application in a portable terminal, the apparatus including a controller for, when requested for an invocation of a specific function provided by a framework during an execution of a specific application, determining whether a permission for the specific function is obtained using the specific application's user ID and process ID, and if the permission for the specific function is determined to be restricted, displaying a first message indicating that the permission is restricted. 1. An apparatus configured to control permission to an application in a portable terminal , the apparatus comprising:a display; and when requested for an invocation of a specific function provided by a framework during an execution of a specific application, determine whether a permission for the specific function is obtained using a user ID and a process ID of the specific application; and', 'when the permission for the specific function is determined to be restricted, display a first message indicating that the permission is restricted., 'a controller configured to2. The apparatus of claim 1 , wherein the controller is configured to display a name of the specific function together with the first message.3. The apparatus of claim 1 , wherein the controller is configured to store permission restriction information that includes a permission restricted specific function correspond to the specific application's package name claim 1 , when requested for restricting the permission for the specific function.4. The apparatus of claim 1 , wherein the controller is configured to;identify the user ID and the process ID;search for process information that includes information about a currently executing process in the portable terminal;search for application information using the process information and the process ID;identify the package name of the specific application using the application information and the user ID;identify the permission ...

Access control system and a user terminal

In a user terminal, a public key, a master key and a public parameter are generated. An ID including an identifier, an issue date and a validity period of a secret key for service is generated. The secret key is generated based on the master key and the ID. The ID and the secret key are transmitted to a service providing server. The public key and the public parameter are transmitted to a data storage device. In the service providing server, signature data is generated based on the ID and the secret key. A data request, the signature data and the ID are transmitted to the data storage device. In the data storage device, the data request is verified based on the signature data, the public key and the public parameter. When the data request is verified, measurement data of a target device is transmitted to the service providing server.

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSOR, IMAGE FORMING APPARATUS, AND INFORMATION PROCESSING METHOD

An information processing system including multiple apparatuses capable of executing one or more applications and an information processor connected to the apparatuses through a first network is disclosed. The information processing system includes a license status information obtaining part configured to obtain the license status information of the applications installed in each of the apparatuses from the corresponding apparatuses through the first network, a license data obtaining part configured to obtain license data authorizing usage of the applications from a computer connected through a second network based on the license status information, and a license data delivery part configured to deliver the license data to each of the apparatuses. 1. (canceled)2. An information processing system , comprising:an apparatus capable of installing a plurality of applications; andan information processor connected to the apparatus via a first network, 'a license data obtaining part configured to obtain license data from a computer connected to the information processor via a second network, wherein the license data include application identification information for identifying an application and apparatus information identifying an apparatus authorized to use the application in correlation with each other; and', 'wherein the information processor includes'}a license data transmission part configured to transmit the license data to the apparatus, and a license data storage part configured to receive and store the license data transmitted by the license data transmission part; and', 'a determination part configured to determine, in response to a request to use an installed application, whether the apparatus is authorized to use the installed application based on the apparatus information and the application identification information included in the license data., 'wherein the apparatus includes'}3. The information processing system as claimed in claim 2 , wherein the ...

DATA PACKET GENERATOR FOR GENERATING PASSCODES

A data packet generator periodically generates a data packet including a passcode comprising a plurality of characters. The data packet is sent to a server or a computing device for validation. If validated, the data packet is used, for example, to identify the location of a user or device. Additional systems and methods involving such a data packet generator are also disclosed. 1. A data packet generator comprising:a processing device;memory storing data instructions, which when executed by the processor cause the processor to periodically generate a passcode, the passcode including a plurality of characters;an output device that outputs a data packet including a passcode; andan attachment device configured for semi-permanent attachment to an object.2. The data packet generator of claim 1 , wherein the output device is a display device.3. The data packet generator of claim 1 , wherein the output device is a digital data communication device selected from a wired communication device and a wireless communication device.4. The data packet generator of claim 3 , wherein the data packet further includes data selected from a serial number claim 3 , a second passcode claim 3 , a temperature claim 3 , a humidity claim 3 , a username claim 3 , a distance-to-floor claim 3 , a GPS coordinate claim 3 , data received from a neighboring data packet generator claim 3 , and a tamper code.5. The data packet generator of claim 3 , wherein the output device is a wireless communication device configured to transmit the data packet in a service set identifier.6. The data packet generator of claim 1 , wherein the plurality of characters is in a range from five to ten characters.7. The data packet generator of claim 1 , wherein the attachment device includes one or more of a screw claim 1 , a bolt claim 1 , a nail claim 1 , and adhesive.8. The data packet generator of claim 1 , wherein the attachment device is configured for attachment to a worksurface and is configured to be removed ...

AUTHENTICATED LAUNCH OF VIRTUAL MACHINES AND NESTED VIRTUAL MACHINE MANAGERS

An embodiment of the invention provides for an authenticated launch of VMs and nested VMMs. The embodiment may do so using an interface that invokes a VMM protected launch control mechanism for the VMs and nested VMMs. The interface may be architecturally generic. Other embodiments are described herein. 1. An article comprising a non-transient machine-accessible storage medium including instructions that when executed enable a system to:launch a first virtual machine manager (VMM);authenticate a launch of a second VMM; andnest the second VMM within the first VMM.2. The article of including instructions that enable the system to:authenticate a launch of a first virtual machine (VM); andmanage the first VM with one of the first VMM and the second VMM.3. The article of wherein the first VMM is a root VMM launched via a non-reentrant secure boot.4. The article of claim 1 , wherein authenticating the launch of the second VMM includes bypassing the first VMM while both (a) invoking a second launch control policy module (LCPM) claim 1 , and (b) using a hardware security attestation module.5. The article of claim 4 , wherein the hardware security attestation module includes a trusted platform module (TPM).6. The article of including instructions that enable the system to evaluate a second launch control policy (LCP) claim 1 , associated with the second VMM claim 1 , via a second launch control policy module (LCPM).7. The article of including instructions that enable the system to perform claim 6 , via the second LCPM claim 6 , an integrity measurement of the second VMM and authenticate the measurement via the second LCP.8. The article of including instructions that enable the system to:extend the measurement into a platform configuration register (PCR) included in a trusted platform module (TPM); andupdate a log based on extending the measurement into the PCR.9. The article of including instructions that enable the system to load the second LCPM into protected memory and ...

Electronic physical unclonable functions

An electronic asymmetric unclonable function applied to an electronic system being evaluated includes an electronic system and an AUF array electronically associated with the electronic system. The AUF array includes a plurality of non-identical cells. Each of the non-identical cells includes a test element representing a characteristic of the electronic system being evaluated and a measurement device evaluating the test element. A comparison unit processes an output of the measurement device to provide a multi-bit output value representing a magnitude of differences.

METHOD AND SYSTEM FOR PROVIDING INTERNET SERVICES

A service integration platform system for providing Internet services includes: an interface configured to receive a service request message that is initiated by a user of an application provided by an Independent Software Vendor (ISV), the service request message being implemented according to an Application Programming Interface (API) type and including a plurality of platform-level parameters that conform to the API type. The system further includes one or more processors coupled to the interface, configured to: locate a set of authentication checks that are appropriate for the API type, based at least in part on the plurality of platform-level parameters included in the service request message and a mapping of predefined combinations of platform-level parameters and corresponding sets of authentication checks; perform authentication of the service request according to the set of authentication checks; and route the service request to a service address of the Internet Service Provider (ISP) in the event that the service request is authenticated. 1. A method for providing web services with a service integration platform comprising: the plurality of platform-level parameters comprise an Appkey associated with the application provided by the ISV;', 'the Appkey is a parameter issued to the application provided by the ISV and is not modifiable by the application provided by the ISV; and', 'the Appkey is a proof of identity that identifies the web services the application provided by the ISV is allowed to access;, 'receiving a service request message that is initiated by a user of an application provided by an Independent Software Vendor (ISV), the service request message being implemented according to an Application Programming Interface (API) type and including a plurality of platform-level parameters that conform to the API type, wherein the API type is one of a plurality of possible API types;', 'for each possible API type there is a corresponding set of ...

STATELESS ATTESTATION SYSTEM

A method includes assessing a trustworthiness level of a user computer by communication between the user computer and a first server. A record indicating the trustworthiness level is sent from the first server to the user computer, for storage by the user computer. A request is sent from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server. The record is provided from the user computer to the second server by communicating between the user computer and the second server. At the second server, the trustworthiness level is extracted from the record, and the requested service is conditionally allowed to be provided to the user computer depending on the extracted trustworthiness level. 124-. (canceled)25. A method comprising:requesting from a user computer access to a service of a first server over a network;receiving an attestation request from the first server in response to requesting access to the service; 'wherein the locally-stored attestation record is previously received from an attestation server separate from the first server, and wherein the attestation record is stored locally in a secure storage device; and', 'sending a locally-stored attestation record from the user computer to the first server in response to the attestation request,'}receiving access to the service in response to the first server verifying the attestation record received from the user computer.26. The method of claim 25 , wherein sending the locally-stored attestation record further comprises:obtaining the record from a trusted platform module (TPM) of the user computer.27. The method of claim 25 , wherein the locally-stored attestation record is received in response to the attestation server verifying trustworthiness of the user computer.28. The method of claim 27 , further comprising:the user computer sending configuration information of the user computer to the attestation server to cause the ...

Method of managing virtual computer, computer system and computer

A method of managing a virtual computer in a computer system including a plurality of computers, each of the computer storing a program for realizing a virtualization management module for managing a virtual computer, including a management storage area that is accessible only by the virtualization management module, storing start-up management information representing a correspondence among identification information on the virtual computer, identification information on a logical storage area storing a service program, and start-up authentication information for starting the virtual computer. The method including: a step of referring to the start-up management information to determine whether the start-up authentication information corresponding to the virtual computer exists, in a case of receiving a start-up request; a step of reading the service program from the logical storage area and executing the read service program, in a case of being determined the start-up authentication information exists.

Providing A Multi-Phase Lockstep Integrity Reporting Mechanism

In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed. 1. A processor comprising:a plurality of cores and an uncore logic, wherein the processor is to enforce a blacklist and to validate a device coupled to the processor according to a multi-phase lockstep integrity protocol in which the processor and the device each perform an integrity protocol, the blacklist including a list of devices that have not been validated according to the multi-phase lockstep integrity protocol the processor to act as a master to perform at least a portion of the multi-phase lockstep integrity protocol, and to extend a first trusted platform module (TPM) platform configuration register (PCR) responsive to an authority value read from a policy entry of a table of the device written by the device after the device has completed at least a portion of a first phase of the multi-phase lockstep integrity protocol.2. The processor of claim 1 , wherein the first phase includes a verification by the device of firmware.3. The processor of claim 2 , wherein the master is to extend a second TPM PCR responsive to a detail value read from a detail entry of the table written by the device after the device has completed at least a portion of a second phase of the multi-phase lockstep integrity protocol.4. The processor of claim 3 , wherein the second phase includes measurement of an image manifest by the device.5. The processor of claim 3 , wherein the table includes a plurality of entries each having a type field to indicate a type of measurement stored in the entry claim 3 , a length field to indicate a length of a ...

METHOD AND SYSTEM FOR MONITORING CALLS TO AN APPLICATION PROGRAM INTERFACE (API) FUNCTION

A method and device for monitoring calls to an application program interface (API) function includes monitoring for a memory permission violation of a computing device caused by the API function call. If a memory permission violation occurs, control of the computing device is transferred to a virtual machine monitor to intervene prior to execution or the API function. The virtual machine monitor may perform one or more actions in response to the API function call. 124-. (canceled)25. A computing device comprising:a processor; anda memory having stored therein a plurality of instructions that, in response to being executed by the processor, causes the processor to:set a memory permission of an extended page table (EPT) to cause an error in response to an attempted execution of a monitored application programming interface (API) function located in a memory page associated with the EPT; andgenerate an EPT permission violation error in response to the attempted execution of the monitored API function.26. The computing device of claim 25 , wherein the memory permission indicates that the memory page includes non-executable code.27. The computing device of claim 25 , wherein the plurality of instructions further causes the processor to transfer control to a virtual machine monitor (VMM) of the computing device in response to the EPT permission violation error.28. The computing device of claim 27 , wherein the plurality of instructions further causes the processor to determine whether the call to the monitored API function is made to perform a malicious activity on the computing device.29. The computing device of claim 28 , wherein to determine whether the call to the monitored API function is malicious comprises to invoke an error handler with the VMM to manage the EPT permission violation error.30. The computing device of claim 28 , wherein the instructions further cause the processor to at least one of (i) prevent execution of the monitored API function in response to ...

METHOD AND DEVICE FOR CONTROLLING ACCESS TO A COMPUTER SYSTEM

A device for controlling access to a computer system, the device comprising at least one multifunctional port capable of being connected to various categories of peripherals and an access interface capable of being connected to the computer system, wherein the device comprises access management means connected between the multifunctional port and the interface, the access management means being physically configured to authorize the interface access by means of a peripheral connected to the multifunctional port, only if said peripheral belongs to a category of peripherals specifically and permanently associated with the multifunctional port to which same is connected. 1. A device for controlling access to a computer system , the device comprising at least one multifunctional port capable of being connected to different categories of peripherals and an access interface capable of being connected to the computer system , wherein the device being characterized in that it comprises access management means connected between the multifunctional port and the interface , the access management means being physically configured to authorize access to the interface by means of a peripheral connected to the multifunctional port only if said peripheral belongs to a category of peripherals specifically and permanently associated with the multifunctional port to which it is connected.2. The device according to claim 1 , wherein the device comprises a first and a second multifunctional port claim 1 , and the access management means are physically configured to authorize access to the interface by means of a peripheral connected to the first multifunctional port only if said peripheral belongs to a first category of peripherals specifically and permanently associated with the first multifunctional port and to authorize access to the interface by means of a peripheral connected to the second multifunctional port only if said peripheral belongs to a second category of peripherals ...

AUTHENTICATION DEVICE AND SYSTEM

A public key architecture () includes a dual certificate hierarchy which facilitates two independent authentication functions. One of the authentication functions authenticates an authentication device () to a verification device (). The other authentication function authenticates a configuration device () to the authentication device (). In some embodiments, the authentication process uses a lightweight certificate formed in conjunction with a lightweight signature scheme (). 1. An authentication method comprising:storing a device authentication private key on an authentication device;storing a device authentication public key certificate on the authentication device, wherein the device authentication private key and the device authentication public key certificate facilitate authentication of the authentication device to a verification device according to a device authentication protocol; andstoring a configuration root certificate on the authentication device, wherein the configuration root certificate facilitates authentication of a configuration device to the authentication device according to a configuration authentication protocol.2. The authentication method of claim 1 , further comprising:receiving, at the authentication device, a configuration public key certificate from the configuration device; anddetermining, at the authentication device, whether the configuration device has a configuration private key corresponding to the configuration public key certificate.3. The authentication method of claim 2 , further comprising:Receiving, at the authentication device, a configuration parameter from the configuration device; andstoring the configuration parameter on the authentication device in response to a determination at the authentication device that the configuration device has the configuration private key.4. The authentication method of claim 3 , wherein the configuration parameter from the configuration device comprises identification information for the ...

Location Bound Secure Domains

A telecommunications apparatus has secure operation based on geographic location. A positioning mechanism determines a geographic location for the telecommunications apparatus. A processor identifies a secure domain and determines an availability of an application programming interface for the based on the geographic location, wherein at certain geographic locations access to the application programming interface is restricted, and at other geographic locations access to the application programming interface is unrestricted. 1. A method for location bound secure domains in a mobile client device , comprising:identifying a secure domain for a mobile client device;determining the geographic location of the mobile client device; andlimiting the availability of a native function on the device based on the geographic location.2. The method of claim 1 , wherein the mobile client device can obtain an allowed permission by which unfettered access to an API is permitted based upon the geographic location of the mobile client device.3. The method of claim 1 , wherein the mobile client device further includes a selective user permission claim 1 , granting access upon user approval claim 1 , in a secure domain.4. The method of claim 1 , wherein the mobile client device further includes a selective user permission claim 1 , in a secure domain claim 1 , barring access to an API upon access denial.5. The method of claim 1 , further comprising multiple interaction modes claim 1 , including access to an API for the length of installation.6. The method of claim 1 , further comprising multiple interaction modes claim 1 , including access to an API for a limited predetermined period of time.7. The method of claim 1 , further comprising multiple interaction modes claim 1 , including a mode requiring permission request for each use of the API.8. A telecommunications apparatus with secure operation based on geography claim 1 , comprising:a positioning mechanism that determines a ...

System and Method for Enabling Seamless Transfer of a Secure Session

An information handling system includes a memory and a processor to execute instructions stored in the memory, which causes the processor to at least: send identification information to a second information handling system in response to an identification request broadcast from the second information handling system via a short-range communication; receive first authentication information for a local application and a remote service from the second information handling system; receive a copy of the local application; authenticate a user for the copy of the local application and for the remote service prior to the user logging on to the information handling system; receive second authentication information from the user to access the information handling system; authenticate the user to the information handling system; and automatically initiate a secure session between the copy of the local application and the remote service when the user is authenticated to the information handling system. 1. An information handling system comprising:a memory; and receive first authentication information for a local application and a remote service from a second information handling system via a short-range communication;', 'receive a copy of the local application, wherein the copy of the local application includes session data from a secure session between the local application and the remote service, and keys used to encrypt and decrypt information sent during the secure session;', 'authenticate a user for the copy of the local application and for the remote service prior to the user logging on to the information handling system based on the first authentication information;', 'authenticate the user to the information handling system based on second authentication information received from the user; and', 'automatically initiate a secure session between the copy of the local application and the remote service when the user is authenticated to the information handling system., 'a ...

Authenticate a Hypervisor with Encoded Information

Disclosed embodiments relate to authenticating a hypervisor with encoded hypervisor information. In one embodiment, booting firmware includes instructions to determine whether a received hypervisor is an authentic hypervisor. In one embodiment, booting firmware includes instructions to determine whether the received hypervisor is in a selected configuration. In one embodiment, booting firmware includes instructions to determine whether the receive hypervisor is a selected version. 1. An electronic device for authenticating s hypervisor , comprising:a hypervisor; determine whether a hypervisor is an authentic hypervisor based on encoded hypervisor authentication information; and', 'if determined that the received hypervisor is not the authentic hypervisor, perform at least one of terminating the boot process or providing an error message; and, 'firmware toa processor to execute the firmware during the boot process of the electronic device.2. The electronic device of claim 1 , wherein the encoded authentication information comprises a digital signature.3. The electronic device of claim 2 , wherein determining whether a received hypervisor is an authentic hypervisor comprises verifying the digital signature with a public key.4. The electronic device of claim 1 , wherein the firmware comprises a setting indicating whether to determine if the received hypervisor is authentic.5. The electronic device of claim 1 , wherein the firmware further:determines whether the hypervisor received during the boot process is in a selected configuration by comparing the configuration of the received hypervisor to encoded configuration information; andif determined that the hypervisor is not in the selected configuration, performs at least one of terminating the boot process or providing an error message.6. The electronic device of claim 5 , wherein the firmware comprises a setting indicating whether to determine if the received hypervisor is in the selected configuration.7. The ...

IMAGE FORMING APPARATUS, LAUNCHING METHOD OF PROGRAM IN THE APPARATUS, IMAGE FORMING SYSTEM, AND PROGRAM AND STORAGE MEDIUM THEREFOR

An image forming apparatus which is connected to an external device via a communication unit includes a launching program identification unit which stores launching program information for specifying a program module to be executed upon launching from a plurality of program modules for realizing a plurality of functions, and a program management unit which executes a program module corresponding to the launching program information when the image forming apparatus is activated, on the basis of the launching program information stored in the launching program identification unit. License information containing the identification information and launching program information of the apparatus is acquired from a PC via the communication unit. The launching program information stored in the launching program identification unit is updated on the basis of the acquired license information, thereby changing the program module to be executed upon activating the apparatus. 115.-. (canceled)16. An image forming apparatus capable of communicating with an information processing apparatus , the image forming apparatus comprising:a server unit configured to provide an operation screen for designating license information of a program module to be sent to the image forming apparatus from the information processing apparatus, in response to an access from a web browser application of the information processing apparatus, wherein the license information of the program module is stored in the information processing apparatus and the license information designated on the operation screen displayed on the information processing apparatus is transmitted from the information processing apparatus to the image forming apparatus;a license confirmation unit configured to confirm whether the license information of the program module transmitted from the information processing apparatus is valid; anda program control unit configured to control operation of the program module,wherein the program ...

Method for Programming a Mobile End Device Chip

The invention provides a method for programming a chip for a mobile end device, wherein, in a preparatory step, a serial number is programmed into the chip and thereafter, in a programming step, the serial number is verified and a programming of at least one further datum into the chip is only carried out if the serial number has been successfully verified. The serial number is verified here by means of a security module (HSM), while employing a secret information item stored in the security module (HSM) and different from the serial number.

CLIENT COMPUTER, REMOTE CONTROL SYSTEM, AND REMOTE CONTROL METHOD

A client computer that is connectable to a host computer by a network, includes a communication part to communicate with the host computer; a user input part; a system part to perform a function depending on an application; and a controller to control the system part to be put into a locking state to stop performing operations input by a user from the user input part if a locking signal is received from the host computer through the communication part, and to control the communication part to unlock the locking state if an unlocking signal is received from the host computer through the communication part. 1. A mobile device comprising:a communication portion to communicate with an external device via a wireless network;a display portion to display information; anda controller configured to:cause the mobile device to transition into a locked state based on a lock instruction and authentication information associated with the lock instruction received from the external device via the communication portion, andunlock the mobile device using the authentication information while the mobile device is in the locked state.2. The mobile device according to claim 1 , wherein the controller is configured to display a notification on the display portion to inform a user that the mobile device is in the locked state.3. The mobile device according to claim 1 , further comprising:a speaker to output an informing sound that the mobile device is in the locked state if a user input is received through a user input portion while the mobile device is in the locked state.4. The mobile device according to claim 1 , further comprising:a storing portion to store the authentication information, the authentication information comprising passwords,wherein the controller determines whether the lock instruction includes a first password if the lock instruction is received, and controls the storing portion to store the first password if the lock instruction includes the first password, ...

ENABLE/DISABLE METHOD OF ADDITIONAL-FUNCTION UNIT, SYSTEM FOR SAME, PROGRAM FOR SAME, AS WELL AS ADDITIONAL-FUNCTION UNIT

The objective of the present invention is to disable functionality of an additional-function unit if an unauthorized program has been installed in an information processing device, thereby preventing an unauthorized program from acquiring, in an unauthorized manner, information from the additional-function unit. The present invention is an enable/disable method for an additional-function unit in an information processing device to which the additional-function unit has been added, which has a step for calculating a first directional function value on the basis of data included in a recording medium storing a boot loader and an operating system so as to store the first directional function value at manufacture time into the additional-function unit, a step for calculating a second directional function value on the basis of data included in the recording medium after the information processing device has been started up, and a step for disabling the functionality of the additional-function unit if the first directional function value and the second directional function value are different. 1. A method of validating/invalidating an additional function unit in an information processing apparatus to which the additional function unit is added , the method comprising:a step of calculating a first one-way function value based on data included in a recording medium that stores a boot loader and an operating system, and storing the first one-way function value in the additional function unit upon manufacturing;a step of calculating a second one-way function value based on the data included in the recording medium after the information processing apparatus is activated; anda step of, when the first one-way function value and the second one-way function value are different, invalidating a function of the additional function unit,wherein the recording medium is provided in the information processing apparatus,the additional function unit is a unit that is added to the ...

MEMORY DEVICE COMPRISING A PLURALITY OF MEMORY CHIPS, AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD THEREOF

A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information. 1. A memory device , comprising:a plurality of memory chips, wherein one or more memory chips of the plurality of memory chips is configured to store authentication information; anda controller comprising a first register configured to store information indicating a representative memory chip from among the one or more memory chips configured to store the authentication information, wherein valid authentication information is stored in the representative memory chip.2. The memory device of claim 1 , wherein at least one of the plurality of memory chips is a memory chip that is not configured to store the authentication information.3. The memory device of claim 1 , wherein the valid authentication information stored in the representative memory chip comprises information used to authenticate the memory device.4. The memory device of claim 1 , wherein the authentication information comprises a unique ID of a memory chip of the one or more memory chips configured to store the authentication information that is currently storing the authentication information.5. The memory device of claim 4 , wherein the authentication information cannot be changed or deleted subsequent to the authentication information being initially programmed.6. The memory device of claim 4 , wherein the memory chip of the one or more memory chips comprises:a first region configured to store the authentication information; anda second region configured to store encrypted authentication information corresponding to the authentication information,wherein the authentication information stored in the first region is not accessible to a host ...

SYSTEMS, METHODS AND APPARATUSES FOR THE APPLICATION-SPECIFIC IDENTIFICATION OF DEVICES

The systems, methods and apparatuses described herein provide a computing environment that manages application specific identification of devices. An apparatus according to the present disclosure may comprise a non-volatile storage storing identifier (ID) base data and a processor. The processor may be configured to validate a certificate of an application being executed on the apparatus. The certificate may contain a code signer ID for a code signer of the application. The processor may further be configured to receive a request for a unique ID of the application, generate the unique ID from the code signer ID and the ID base data and return the generated unique ID. 1. An apparatus , comprising:a non-volatile storage storing identifier (ID) base data; and validate a certificate of an application being executed on the apparatus, the certificate containing a code signer ID for a code signer of the application;', 'receive a request for a unique ID of the application;', 'generate the unique ID from the code signer ID and the ID base data; and', 'return the generated unique ID., 'a processor configured to2. The apparatus of claim 1 , wherein the request for the unique ID is received from the application and wherein the generated unique ID is returned to the application.3. The apparatus of claim 2 , wherein the ID base data is device specific.4. The apparatus of claim 3 , wherein the unique ID is generated by combining the code signer ID and ID base data and calculating a one-way hash function from the combination.5. The apparatus of claim 4 , wherein the unique ID is generated by taking the code signer ID as a string claim 4 , appending the ID base data to the string claim 4 , and calculating a hash of the resulting string.6. The apparatus of claim 1 , wherein the non-volatile storage also stores key base data and the processor is further configured to:receive a request for a cryptographic operation from the application;generate an encryption key from the code signer ID ...

SYSTEM AND METHOD FOR OUT-OF-BAND APPLICATION AUTHENTICATION

Application-to-Application authentication features using a second communication channel for out-of-band authentication separate from a communication channel of a request from a client to a server. Authentication information is associated with a component of the system such as the request or the client application, while being collected independent of interaction with the client application initiating the request. Implementations provide improved security over existing solutions using in-band or other means of collecting authentication information. 1. A system for authentication comprising: (i) receive, via a first channel, a request from a client machine, said request associated with a client application on said client machine;', '(ii) connect, via a second channel that is separate from said first channel, to said client machine to request authentication information;', '(iii) receive, via said second channel, said authentication information;', '(iv) validate, based on said authentication information, said request, and, '(a) a server machine configured to wherein said authentication information is associated with a component of the system selected from the group consisting of:', '(A) said request; and', '(B) said client application, and', 'wherein said authentication information is collected independently of interaction with said client application., '(i) collect said authentication information'}, '(b) a client machine configured to2. The system of wherein said server machine is further configured to effect a preliminary request validation of said request prior to connecting via said second channel to said client machine claim 1 , said connecting being contingent on a success of said preliminary request validation.3. The system of wherein said request is for access credentials to network resources or other server machines.4. The system of wherein said server machine is further configured to:(v) initiate a transmission, in response to said request from the client ...

DEBUG ARCHITECTURE

Roughly described, a method of restricting access of a debug controller to debug architecture on an integrated circuit chip, the debug architecture comprising an access controller, a plurality of peripheral circuits, and a shared hub, the shared hub being accessible by the access controller and the plurality of peripheral circuits, the method comprising: at the access controller, authenticating the debug controller; at the access controller, following authentication, assigning to the debug controller a set of access rights, the set of access rights granting the debug controller partial access to the debug architecture; and after assigning the set of access rights, allowing the debug controller access to the debug architecture as allowed by the set of access rights. 1. A method of restricting access of a debug controller to debug architecture on an integrated circuit chip , the debug architecture comprising an access controller , a plurality of peripheral circuits , and a shared hub , the shared hub being accessible by the access controller and the plurality of peripheral circuits , the method comprising:at the access controller, authenticating the debug controller;at the access controller, following authentication, assigning to the debug controller a set of access rights, the set of access rights granting the debug controller partial access to the debug architecture; andafter assigning the set of access rights, allowing the debug controller access to the debug architecture as allowed by the set of access rights.2. A method as claimed in claim 1 , further comprising implementing the set of access rights by asserting and/or deasserting locks on links between the shared hub and the peripheral circuits.3. A method as claimed in claim 2 , wherein an asserted lock on a link between the shared hub and a peripheral circuit prevents the passage of data on that link from the debug controller to the peripheral circuit.4. A method as claimed in claim 2 , wherein an asserted ...

USER DEVICE SECURITY MANAGER

Systems and methods are disclosed to authenticate and authorize a user for web services using user devices. In various embodiments, a method may comprise: identifying, by a user device security manager executing at a user device corresponding to a user of a web service, a first request issued from an application to access remote resources associated with the web service, the application executing at the user device and separate from the user device security manager; acquiring, by the user device security manager, security information of the application in response to the identifying of the first request, the security information including at least one of an application identification, an access scope or a nonce of the application; and transmitting a second request from the user device security manager to the web service to authenticate the application by the web service based, at least in part, on the application identification. 1. An apparatus comprising:a processor-implemented identification module to identify a first request issued from an application to access remote resources associated with a web service, the application configured to execute at a user device and separate from the user device security manager;a processor-implemented acquisition module to acquire security information associated with the application in response to the identifying of the first request, the security information including at least one of an application identification, an access scope or a nonce for the application; anda processor implemented communication module to transmit a second request to the web service to authenticate the application by the web service at least based on the application identification.2. The apparatus of claim 1 , further comprising:a processor-implemented artifact module to retrieve at least one user artifact from a security manager identifier (SMID) received from the web service; anda processor-implemented verification module to perform fingerprinting of ...

Educational Management System and Method of Operation for Same

A method of selectively deactivating features on a computing device is described herein. The method can include the step of determining an examination time period for one or more students in which each of the students is in possession of a computing device. The examination time period can be set aside to enable the students to participate in a testing exercise. The method can further include the steps of generating a deactivation signal and transmitting the deactivation signal. The deactivation signal, when received at the student computing devices, can cause the student computing devices to selectively deactivate predetermined features of the student computing devices. The predetermined features may be based on a factor of providing an unfair advantage to a student during the examination time period. 1. A method of selectively deactivating features on a computing device , comprising:determining an examination time period for one or more students, each of the students in possession of a computing device, wherein the examination time period is set aside to enable the students to participate in a testing exercise;generating a deactivation signal; andtransmitting the deactivation signal, wherein the deactivation signal, when received at the student computing devices, causes the student computing devices to selectively deactivate predetermined features of the student computing devices, wherein the predetermined features are based on a factor of providing an unfair advantage to a student during the examination time period.2. The method according to claim 1 , further comprising reactivating the deactivated features following the completion of the examination time period.3. The method according to claim 1 , wherein the predetermined features of the student computing devices that are deactivated include applications claim 1 , access to communications networks and calculators.4. The method according to claim 1 , wherein the deactivation signal is generated by a computing ...

ANTI-CLONING SYSTEM AND METHOD

A method for authenticating a software application instance, the method includes a user device transmitting a request for access to a server device, wherein the request includes an App ID. The method further includes a server device transmitting a session ID to the user device and transmitting the session ID and the App ID to an anti-clone engine. The method further includes the anti-clone engine generating and transmitting a challenge token to the user device, and receiving and processing a response token to determine whether the user device is an authentic software application instance. The method further includes the anti-clone engine transmitting an authorization message to the server device. 1. A method for authenticating a software application instance , the method comprising:transmitting, by a user device comprising a software application instance, a request for access to at least one server device, said request including application identification data (App ID) associated with said software application instance; transmitting session identification data (session ID) to the user device, and', 'transmitting the session ID and the App ID to an anti-clone engine, said anti-clone engine being embodied in a non-transient computer readable medium; and, 'the at least one server device generating and transmitting a challenge token to the user device,', 'receiving a response token from said user device,', 'processing the response token to determine whether the software application instance comprises an authentic instance of said software application, and', 'transmitting an authorization message to said server device according to said determination., 'the anti-clone engine2. The method of claim 1 , wherein the authorization message comprises a confirmation message if the software application instance is determined to be authentic.3. The method of claim 2 , further comprising the server device granting access to the user device.4. The method of claim 1 , wherein the ...

METHODS AND SYSTEMS FOR INTERACTIVE EVALUATION USING DYNAMICALLY GENERATED, INTERACTIVE RESULTANT SETS OF POLICIES

A method for interactive policy evaluation using dynamically generated, interactive resultant sets of policies includes the step of receiving, by a graphical user interface, at least one of: a description of a client requesting access to a resource, a description of the resource, and a description of a method of access requested by the client. The graphical user interface displays at least one policy applicable to the client request for access to the resource. The graphical user interface displays a decision made by applying the at least one policy to the received description. 158.-. (canceled)59. A method for interactive policy evaluation using dynamically generated interactive resultant sets of policies , the method comprising: a description of a client requesting access to a resource,', 'a description of the resource,', 'a description of a method of access requested by the client;', 'displaying, by the graphical user interface, at least one policy applicable to the at least one received description;, 'receiving, by a graphical user interface, at least one ofdisplaying, by the graphical user interface, a decision made by applying the at least one policy to the at least one received description; anddisplaying, by the graphical user interface, a description of a policy aspect that resulted in denial of access to at least one of a client, resource, or method of access in the case a client, resource, or method of access has been denied as a result of the simulation, the description comprising a summary of the policy aspect that resulted in denial of access.60. The method of claim 59 , wherein a description of the client further comprises displaying a user identifier.61. The method of claim 59 , wherein a description of the resource further comprises displaying an identifier of the resource.62. The method of claim 59 , further comprising displaying at least one filter associated with the at least one policy.63. The method of claim 62 , further comprising receiving a ...

Infusion Devices and Methods

Medical devices having restrictive access, and methods thereof are provided. 1. A medical device , comprising:one or more processing units;a memory operatively coupled to the one or more processing units including programming stored therein, which, when executed by the one or more processing units, causes the one or more processing units to provide an access level hierarchy that enables a plurality of individuals to have different access level rights to enter, modify or lock parameters of the medical device, the access level hierarchy including at least a first, a second, and a third access level;wherein first access level rights enable a healthcare professional having first access level rights to set, modify or lock prescriptive parameters and non-prescriptive parameters of the medical device;wherein second access level rights enable a caregiver having second access level rights to set, modify or lock non-prescriptive parameters of the medical device that have not been locked by the healthcare professional;wherein the second access level rights preclude the caregiver from setting, modifying or locking prescriptive parameters of the medical device;wherein third access level rights enable a user having third access level rights to set, modify or lock non-prescriptive parameters of the medical device that have not been locked by the healthcare professional or the caregiver; andwherein the third access level rights preclude the user from setting, modifying or locking prescriptive parameters of the medical device.2. The medical device of wherein at least one of the parameters comprises a reminder for reminding the user to take a diagnostic action.3. The medical device of wherein the diagnostic action is to measure the user's analyte level.4. The medical device of wherein the non-prescriptive parameters include at least one non-prescriptive alarm threshold value configured to trigger an alarm claim 1 , an alert or a reminder.5. The medical device of wherein the ...

METHOD FOR DISPLAYING INFORMATION ON A DISPLAY DEVICE OF A TERMINAL

The invention relates to a method for displaying information on a display device (D D) of a terminal, particularly a mobile terminal, wherein the terminal contains a microprocessor unit in which a normal runtime environment (NZ) and a protected runtime environment (TZ) are implemented, wherein display data (DD DD DD′, TDD) can be provided for reproduction on the display device (D D) by means of the normal runtime environment (NZ) and the protected runtime environment (TZ). In this case, at least some display data (DD) provided by means of the normal runtime environment (NZ) are transferred to the protected runtime environment (TZ), which checks whether the transferred display data (DD) satisfy one or more security criteria, wherein if they do not satisfy at least one security criterion then the display data (DD) are rejected or are altered such that they can be distinguished from display data (TDD) provided by means of the protected runtime environment (TZ) when they are next reproduced on the display device (D D). 112122212. A method for displaying information on a display device (D , D) of a terminal , particularly a mobile terminal , wherein the terminal contains a microprocessor unit in which a normal runtime environment (NZ) and a protected runtime environment (TZ) are implemented , wherein display data (DD , DD , DD′ , TDD) for reproduction on the display device (D , D) can be provided via the normal runtime environment (NZ) and the protected runtime environment (TZ) ,characterized in that{'b': 2', '2', '2', '2', '1', '2, 'display data (DD) provided via the normal runtime environment (NZ) are transferred at least in part to the protected runtime environment (TZ), which checks whether the transferred display data (DD) meet one or more security criteria, wherein if the display data (DD) do not meet at least one security criterion then they are rejected or altered such that they can be distinguished from display data (TDD) provided via the protected runtime ...

ANALYZING APPARATUS VALIDATING SYSTEM AND PROGRAM FOR THE SYSTEM

In validation of an analyzing apparatus, in the case where the system configuration is not standard or where a reference value required for the validation is different from a standard value, the validation work cannot be automatically performed, which requires time and effort. For a validation target analyzing apparatus system, first, a parameter acquiring unit acquires parameters for qualification implementation of the analyzing apparatus system on a basis of an electronically supplied qualification plan document and an electronically supplied qualification implementation procedure manual. Then, a validation executing unit executes validation of the analyzing apparatus system using the acquired parameters for qualification implementation. 1. An analyzing apparatus validating system that executes validation of an analyzing apparatus system , comprising:a parameter acquiring unit acquiring a parameter for qualification implementation of the analyzing apparatus system, from an electronically supplied qualification plan document and an electronically supplied qualification implementation procedure manual of the analyzing apparatus system; anda validation executing unit executing the validation of the analyzing apparatus system using the acquired parameter for qualification implementation.2. The analyzing apparatus validating system according to claim 1 , further comprising a report creating unit creating claim 1 , in a predetermined format claim 1 , a qualification report of the analyzing apparatus system on a basis of a validation result obtained by executing the validation.3. An analyzing apparatus validating system that executes validation of an analyzing apparatus system claim 1 , comprising:a parameter acquiring unit acquiring a parameter for qualification implementation from an electronically supplied qualification basic plan document;a procedure manual creating unit adding the parameter for qualification implementation to an electronically supplied qualification ...

AUTHENTICATION REQUESTING APPARATUS, AUTHENTICATION PROCESSING APPARATUS, AND AUTHENTICATION EXECUTION METHOD BASED ON PHYSICALLY UNCLONABLE FUNCTION

An authentication requesting apparatus, an authentication processing apparatus and an authentication execution method based on a physically unclonable function (PUF) are provided. The authentication requesting apparatus includes a signal transmission and reception unit, a response generation unit, and an authentication request unit. The signal transmission and reception unit receives a first pilot signal from an authentication processing apparatus that processes authentication. The response generation unit generates a challenge value based on the first pilot signal, acquires an output value by inputting the challenge value into a PUF circuit, and generates a response value from the output value. The authentication request unit requests authentication by transmitting the response value to the authentication processing apparatus, receives authentication result information from the authentication processing apparatus, and determines whether authentication has been successful. 1. An authentication requesting apparatus based on a physically unclonable function (PUF) , comprising:a signal transmission and reception unit configured to receive a first pilot signal from an authentication processing apparatus that processes authentication;a response generation unit configured to generate a challenge value based on the first pilot signal, to acquire an output value by inputting the challenge value into a PUF circuit, and to generate a response value from the output value; andan authentication request unit configured to request authentication by transmitting the response value to the authentication processing apparatus, to receive authentication result information from the authentication processing apparatus, and to determine whether authentication has been successful.2. The authentication requesting apparatus of claim 1 , further comprising a channel state information estimation unit configured to estimate state information of a communication channel between the authentication ...

Manufacturing method

According to one embodiment, a manufacturing method of a device to be authenticated, wherein the device includes a first memory area which is prohibited from data-reading and data-writing after shipping from a memory vendor; a second memory area which is allowed to data-read from outside after shipping from the memory vendor; and a third memory area which is allowed to data-read and data-write from outside after sipping from the memory vendor.

INFORMATION PROCESSOR, SYSTEM AND RECORDING MEDIUM

An information processor is connected via a network to an output apparatus and configured to control a job outputting process of the output apparatus. The information processor includes a job identifier generation part configured to generate a job identifier for uniquely identifying a job input from a terminal apparatus connected via the network to the information processor, an information storage part configured to store information that correlates the job identifier and the input job, a job identifier transmission part configured to transmit the job identifier correlated with the input job to the terminal apparatus, and a job association part configured to associate user information for uniquely identifying an authenticated user received from the output apparatus with the input job based on a job association request including the user information and the job identifier and on the information stored in the information storage part. 1. An information processor connected via a network to an output apparatus and configured to control a job outputting process of the output apparatus , the information processor comprising:a job identifier generation part configured to generate a job identifier for uniquely identifying a job input from a terminal apparatus connected via the network to the information processor;an information storage part configured to store information that correlates the job identifier and the input job;a job identifier transmission part configured to transmit the job identifier correlated with the input job to the terminal apparatus; anda job association part configured to associate user information for uniquely identifying an authenticated user received from the output apparatus with the input job based on a job association request including the user information and the job identifier and on the information stored in the information storage part.2. The information processor as claimed in claim 1 , further comprising:an authentication status ...

ADAPTIVE DEVICE AUTHENTICATION

Device attributes corresponding to hardware and system configuration and characteristics of the user of the device are associated with adjustment logic, e.g., according to various types and classes of attributes. A hierarchical authentication process provides highly detailed and accurate authentication of a device, including device identification, device authentication, user authentication, and attribute adjustment. If the device is not properly identified, authentication fails. Otherwise, device authentication is attempted. If device authentication fails, all authentication fails. Otherwise, the user of the device is authenticated. If user authentication fails, authentication of the device fails. Otherwise, adjustment logic is used to adjust attributes for subsequent authentication. 1. A method for identifying a remotely located device , the method comprising: a device identifier, wherein the device identifier is a unique identifier of one of a number of known devices;', 'attribute data, wherein the attribute data represents one or more hardware configuration characteristics of the device; and', 'interactive attribute data, wherein the interactive attribute data represents one or more characteristics of a user of the device;, 'receiving device identification data from the device, wherein the device identification data includesdetermining that the device identifier identifies the device;in response to determining that the device identifier identifies the device, determining that the attribute data is consistent with corresponding reference attribute data stored for the device;in response to determining that the attribute data is consistent with corresponding reference attribute data stored for the device, determining that the interactive attribute data is consistent with corresponding reference interactive attribute data stored for the user of the device; andin response to determining that the interactive attribute data is consistent with corresponding reference ...

CLIENT CREDENTIALS DATA STRUCTURE AND METHOD OF EMPLOYING THE SAME

A client credentials data structure, a method of employing the same and a secure client-server communication system employing the data structure or the method. One embodiment of the data structure is associated with a client and includes: (1) a pre-provisioned set of credentials configured to register the client with a server, (2) a standard user set of credentials employable for secure client-server communication, and (3) a re-acquisition token combinable with the pre-provisioned set of credentials to allow the client to re-register the client with the server. 1. A client credentials data structure associated with a client and comprising:a pre-provisioned set of credentials configured to register said client with a server;a standard user set of credentials employable for secure client-server communication; anda re-acquisition token combinable with said pre-provisioned set of credentials to allow said client to re-register said client with said server.2. The client credentials data structure as recited in wherein said re-acquisition token is combinable with said pre-provisioned set of credentials after said standard user set of credentials is invalidated.3. The client credentials data structure as recited in wherein said re-acquisition token is configured to be replaced when said new standard user set of credentials is generated.4. The client credentials data structure as recited in wherein said re-acquisition token is configured to be authenticated by data shared by said client and said server.5. The client credentials data structure as recited in wherein said client is managed.6. The client credentials data structure as recited in wherein said client is configured to store said new standard user set of credentials in a memory within said server.7. The client credentials data structure as recited in wherein said new standard user set of credentials are employable to resume said secure client-server communication.8. A method of restoring secure communication between ...

Access Arbitration Module and System for Semiconductor Fabrication Equipment and Methods for Using and Operating the Same

An access arbitration module includes a plurality of active component communication ports for communicating with a plurality of active components, and includes a passive component communication port for communicating with a passive component. The access arbitration module also includes switching logic defined to control transmission of access communication protocol signals between each of the plurality of active component communication ports and the passive component communication port, such that an authorized one of the plurality of active component communication ports is connected in communication with the passive component communication port at a given time, and such that non-authorized ones of the plurality of active component communication ports are prevented from communication with the passive component communication port at the given time. 1. An access arbitration module for a passive component within a semiconductor fabrication facility , comprising:a plurality of active component communication ports for communicating with a plurality of active components;a passive component communication port for communicating with a passive component; andswitching logic defined to control transmission of access communication protocol signals between each of the plurality of active component communication ports and the passive component communication port, such that an authorized one of the plurality of active component communication ports is connected in communication with the passive component communication port at a given time, and such that non-authorized ones of the plurality of active component communication ports are prevented from communication with the passive component communication port at the given time.2. The access arbitration module of claim 1 , wherein the plurality of active components include a near-tool container buffer system and an overhead container transport system.3. The access arbitration module of claim 2 , wherein the plurality of components ...

Secure Connected Digital Media Platform

An embodiment of the invention provides a system including a secure media device having one or more security keys stored therein. The secure media device is housed in a device that is connected to a television unit and a network. Secure application environments are housed in the device, wherein each secure application environment is operationally isolated from one another. The secure application environments receive and process information sent over the network only if the information includes a security code corresponding to the security key in the secure media device. The security code is obtained from a clearinghouse when the information satisfies predetermined criteria. More specifically, the clearinghouse receives a copy of the security key from a manufacturer of the secure media device and creates the security code based on the security key. 1. A method comprising:receiving a request to create a secure partition for accessing a content provider in a digital media device;receiving a security code from the content provider; and comparing the received security code with a key value that is burned into a memory unit at the hardware circuit to determine if the security code is from an authorized content provider and, if the content provider is determined to be authorized, creating a secure partition at the digital media device, wherein the creation of the secure partition comprises creating a memory partition that corresponds to the secure partition in a non-volatile memory at the digital media device, wherein the memory partition can only be accessed by the content provider having the security code,', 'receiving software from the content provider and storing the software in the secure partition, and', 'receiving content from the content provider and storing the content in the secure partition., 'invoking a hypervisor at the digital media device, wherein at least part of the hypervisor is comprised of a hardware circuit, wherein the hypervisor performs the ...

BIOS PROTECTION DEVICE

A boot program held in a BIOS memory device of a processing system is authenticated. At system start-up, a BIOS protection device temporarily prevents execution of the boot program by the central processor of the processing system by control of address and data paths. The BIOS protection device interrogates the contents of the BIOS memory device to establish authentication. If the contents of the BIOS memory device are not authentic, execution of the boot program is prevented. 1. A processing system comprising:a central processor;a BIOS memory device including a boot program;a BIOS protection device including an internal memory;a plurality of memory address and data paths configured to provide communication between the processor, the BIOS memory device and the BIOS protection device; andwherein the BIOS protection device is configured to store a copy of the boot program in the internal memory as the BIOS protection device verifies the authenticity of the boot program, wherein the BIOS protection device is further configured to control the memory address and data paths to prevent execution of the boot program until the boot program is authenticated, and wherein the BIOS protection device communicates with the central processor when the boot program is successfully authenticated.2. The system as claimed in wherein the BIOS protection device is in communication between the central processor and the BIOS memory device claim 1 , wherein the BIOS protection device includes address and data path interface connections claim 1 , and an authentication processor claim 1 , wherein the BIOS protection device is configured to control the address and data path(s) to which it is connected claim 1 , and wherein the authentication processor is configured to interrogate the BIOS memory device connected to the address and data path(s) to determine if the boot program contained in the BIOS memory device is authentic claim 1 , and if the boot program is determined to be authentic permit ...

Method and System for Authentication of Device Using Hardware DNA

Methods and systems for authentication of a device are disclosed. An exemplary method includes transmitting an energy towards the device including a material, monitoring a response of the device to the transmitted energy, generating a signature of the device based on the response of the device to the transmitted energy, comparing the device signature to an enrolled signature for the device, and indicating that authentication of the device is successful when the generated signature matches the enrolled signature. An exemplary system includes a transmitter configured to transmit an energy towards the device, a receiver configured to monitor a response of the device, and a processor configured to generate a signature of the device based on the response of the device, compare the device signature to an enrolled signature for the device, and indicate that authentication of the device is successful when the generated signature matches the enrolled signature. 1. A method for authentication of a device comprising:transmitting an energy towards the device including a material;monitoring a response of the device to the transmitted energy;generating a signature of the device based on the response of the device to the transmitted energy;comparing the device signature to an enrolled signature for the device; andindicating that authentication of the device is successful when the generated signature matches the enrolled signature.2. The method of claim 1 , wherein transmitting the energy towards the device comprises:illuminating a surface of the device with a laser beam.3. The method of claim 2 , wherein monitoring the response comprises:capturing an image of the surface of the device.4. The method of claim 1 , wherein transmitting the energy towards the device comprises:emitting an electromagnetic signal.5. The method of claim 4 , wherein monitoring the response comprises:capturing an image of the surface of the device.6. The method of claim 4 , wherein monitoring the response ...

SECURED COMPUTING SYSTEM WITH ASYNCHRONOUS AUTHENTICATION

A computing device includes an input bridge, an output bridge, a processing core, and authentication logic. The input bridge is coupled to receive a sequence of data items for use by the device in execution of a program. The processing core is coupled to receive the data items from the input bridge and execute the program so as to cause the output bridge to output a signal in response to a given data item in the sequence, and the authentication logic is coupled to receive and authenticate the data items while the processing core executes the program, and to inhibit output of the signal by the output bridge until the given data item has been authenticated. 1. A computing device , comprising:an input bridge, which is coupled to receive a sequence of data items for use by the device in execution of a program;an output bridge;a processing core, which is coupled to receive the data items from the input bridge and execute the program so as to cause the output bridge to output a signal in response to a given data item in the sequence; andauthentication logic, which is coupled to receive and authenticate the data items while the processing core executes the program, and to inhibit output of the signal by the output bridge until the given data item has been authenticated.2. The device according to claim 1 , wherein the data items comprise program instructions and the given data item comprises an output instruction claim 1 , and wherein the processing core is configured to execute the program by executing the program instructions claim 1 , including the output instruction.3. The device according to claim 1 , wherein the authentication logic is configured to authenticate the data items asynchronously with execution of the program by the processing core.4. The device according to claim 1 , wherein the authentication logic is configured to authenticate the given data item after the given data item has been used in executing the program by the processing core claim 1 , and to ...

KEY INFORMATION GENERATION DEVICE AND KEY INFORMATION GENERATION METHOD

In initial generation (for example, shipping from the factory), a security device generates an identifier w specific to the security device, with the PUF technology, generates key information k (k=HF(k)) from the identifier w, generates encrypted confidential information x by encrypting (x=Enc(mk, k)) confidential information mk with the key information k, and stores the encrypted confidential information x and an authentication code h (h=HF′(k)) of the key information k, in a nonvolatile memory. In operation, the security device generates the identifier w with the PUF technology, generates the key information k from the identifier w, and decrypts the encrypted confidential information x with the key information k. At a timing where the identifier w is generated in the operation, the security device checks whether the current operating environment has largely changed from the initial generation (S). If a change in operating environment is detected (S→S), the security device conducts a reset-up process (S to S) of an authentication code h which is confidential information, and the encrypted confidential information x. 1. A key information generation device which generates key information , comprising:an identifier generating part which, based on physical properties of the key information generation device, generates an identifier specific to the key information generation device;a key information generating part which, based on the identifier generated by the identifier generating part, generates the key information to be used for encrypting and decrypting confidential information;a cryptographic part which encrypts and decrypts the confidential information using the key information generated by the key information generating part;a hash part which generates a hash value in accordance with a predetermined hash value generating scheme that uses at least the key information generated by the key information generating part;a storing part which stores encrypted ...

ELECTRONIC APPARATUS AND CONTROL METHOD

According to one embodiment, an electronic apparatus includes a close proximity communication module and a controller. The close proximity communication module executes close proximity communication. The controller receives, by using the close proximity communication, first account information from an external apparatus close to the electronic apparatus in response to an account setting request from the external apparatus, and sets the first account information in the electronic apparatus. The first account information is information for logging in to a server system configured to provide a certain service. 1. An electronic apparatus comprising:a close proximity communicator configured to execute close proximity communication; anda controller configured to receive, by using the close proximity communication, first account information from an external apparatus close to the electronic apparatus in response to an account setting request from the external apparatus, and to set the first account information in the electronic apparatus, wherein the first account information is for logging in to a server system configured to provide a certain service.2. The apparatus of claim 1 , wherein the controller is further configured to delete the first account information set in the electronic apparatus in response to an account deletion request from the external apparatus.3. The apparatus of claim 1 , wherein the controller is further configured to temporarily invalidate second account information for logging in to the server system and validates the first account information claim 1 , if the second account information is set in the electronic apparatus.4. The apparatus of claim 1 , wherein the controller is further configured to activate an application program for use of the certain service and transmit the first account information to the server system to log in to the server system claim 1 , after the first account information is set in the electronic apparatus.5. The ...

METHODS FOR BIOMETRIC REGISTRATION AND VERIFICATION, AND RELATED SYSTEMS AND DEVICES

The invention relates to a registration method for future biometric verification purposes, including the following steps for one person (I): obtaining first biometric data () and second biometric data () relating to said person; obtaining alphanumerical data (a) including at least one identifier relating to said person; storing, in a first biometric database (), the thus-obtained first biometric data in association with a decryption key (); storing, in a correspondence table (T), first information from the thus-obtained second biometric data and alphanumerical data in correspondence with an index (j); storing, in a second database (), second information from the thus-obtained second biometric data and alphanumerical data in association with a version (J) of said index that is encrypted with an encryption key corresponding to said decryption key, said second information being different from the first information. 1. Enrollment method for future biometric verification purposes , comprising the following steps relative to an individual:obtaining first biometric data and second biometric data relating to said individual;obtaining alphanumeric data including at least one identifier relating to said individual;storing the obtained first biometric data, in a first biometric database, in association with a decryption key;storing, in a mapping table, first information from among the obtained second biometric data and the obtained alphanumeric data, in correspondence with an index;storing, in a second database, second information from among the obtained second biometric data and the obtained alphanumeric data, in association with a version of said index that is encrypted with an encryption key corresponding to said decryption key, said second information being different from the first information.2. Method according to claim 1 , wherein the second biometric data is traceless biometric data.3. Method according to claim 1 , wherein the mapping table initially stores synthetic ...

Secure Information Release

An embodiment of the invention provides a responder such as a health care professional with quick and secure access to select information about a user. An embodiment of such quick and secure access to select information may include receiving a user request to authenticate a responder mobile phone from the responder mobile phone, separately sending a common secure data to each of the responder's mobile phone and the user's mobile phone, receiving user authorization to release select data to the responder's mobile phone, the user's authorization received from the responder's mobile phone. Other embodiments are described herein.

SYSTEM AND METHOD FOR AUTHENTICATING RFID TAGS

A system and method of providing authenticity to a radio frequency identification (RFID) tag are provided. The method comprises generating a plurality of digital signatures, wherein each digital signature is generated using an index value unique to that digital signature and using information associated with the RFID tag; and storing the plurality of digital signatures on the RFID tag in association with respective index values to enable a desired digital signature to be selected according to a provided index value. Also provided are a system and method of enabling an RFID reader to authenticate an RFID tag, which utilize a challenge comprising an index value to request one of the stored signature and authenticating same. Also provided is an RFID tag that is configured to participate in the challenge-response protocol. 123-. (canceled)24. A method for authenticating a radio frequency identification (RFID) tag , the method comprising:sending a challenge comprising an index value i to the RFID tag;{'sup': th', 'th, 'sub': i', 'i', 'i, 'receiving, in response to the challenge, at least, a corresponding iset of signature components, wherein each of said iset of signature components having been generated from a message mcomprising at least a hidden portion Hand a corresponding visible portion V;'}{'sub': 'i', 'sup': 'th', 'obtaining the corresponding visible portion Vand a public key W corresponding to the iset of signature components; and,'}{'sup': 'th', 'sub': 'i', 'verifying the corresponding iset of signature components using the corresponding visible portion Vand the public key W;'}{'sup': th', 'th, 'sub': 'i', 'wherein the RFID tag is authenticated if the corresponding iset of signature components is verified, and wherein the hidden portion His recoverable from the corresponding iset of signature components.'}25. The method of claim 24 , wherein before authenticating the RFID tag the method further comprises:{'sub': i', 'i, 'sup': 'th', 'recovering a representation ...

SECURE EMBEDDED MICROCONTROLLER IMAGE LOAD

A system and method for pairing two devices for secure communications. A user selects a first device to pair with a second device. The first and second devices have the ability to securely communicate with each other through the use of encrypted communications. An encryption key is written to the first device and then burned into the encryption module on the first device. A corresponding decryption key is written to the second device and then is burned into the decryption module of the second device. 1. A method for securely pairing two devices , comprising:selecting a first device to pair with a second device;writing an encryption key to the first device;burning the encryption key into an encryption module on the first device;writing a corresponding decryption key to the second device, the decryption key allowing the second device to decrypt data transmitted by the first device; andburning the decryption key into a decryption module on the second device.2. The method of wherein the encryption key is burned into a plurality of physically modifiable internal components (PMIC) disposed on the encryption module claim 1 , wherein each of the plurality of PMICs can only be modified one time.3. The method of wherein the encryption key is burned into the plurality of PMICs as a binary representation of the encryption key.4. The method of wherein the decryption key is burned into a plurality of physically modifiable internal components (PMIC) disposed on the decryption module claim 1 , wherein each of the plurality of PMICs can only be modified one time.5. The method of wherein the decryption key is burned into the plurality of PMICs as a binary representation of the decryption key.6. The method of wherein the encryption key and decryption key are a public/private key pair.7. The method of further comprising:writing a second encryption key to the second device;burning the second encryption key into an encryption module on the second device;writing a corresponding second ...

ELECTRONIC COMPONENT CLASSIFICATION

A system and method of electronic component authentication or component classification can reduce the vulnerability of systems (e.g., satellites, weapons, critical infrastructure, aerospace, automotive, medical systems) to counterfeits. Intrinsic deterministically random property data can be obtained from a set of authentic electronic components, processed, and clustered to create a classifier that can distinguish whether an unknown electronic component is authentic or counterfeit. 1. A method of classifying an unknown electronic component comprising:measuring with a sensor system, a noise signal for each of a plurality of electronic components;building a classifier for a classification system based on the noise signals of the plurality of electronic components by segmenting each noise signal into a noise vector, transforming each noise vector into a feature vector, conducting a statistical analysis on each feature vector, and clustering the feature vectors to create the classifier;measuring, with the sensor system a noise signal of the unknown electronic component;classifying the unknown electronic component using the classifier and the noise signal of the unknown electronic component; andwherein the classification system classifies the unknown electronic component according to functionality and performance characteristics.2. The method of wherein the classification system classifies the unknown electronic component according to thermal performance characteristics.3. The method of wherein the classification system classifies the unknown electronic component according to manufacturing date.4. The method of wherein the classification system classifies the unknown electronic component according to manufacturing equipment.5. The method of wherein the classification system classifies the unknown electronic component according to generation.6. The method of wherein the plurality of electronic components are temporarily installed one at a time into a component interface.7 ...