БРАУЗЕР С СОСТОЯЩЕЙ ИЗ ДВУХ ЧАСТЕЙ МАШИНОЙ ОБРАБОТКИ СЦЕНАРИЕВ ДЛЯ ЗАЩИТЫ КОНФИДЕНЦИАЛЬНОСТИ

Изобретение относится к области обработки данных. Техническим результатом является обеспечение защиты конфиденциальных данных пользователя. Система обработки данных имеет браузер со средством машины обработки сценариев для исполнения сценария. Средство машины обработки сценариев осуществляет общедоступную машину обработки сценариев и частную машину обработки сценариев. Браузер сконфигурирован для исполнения сценария общедоступной машиной обработки сценариев, если сценарий не требует доступа к предварительно определенному ресурсу в системе. Браузер сконфигурирован для исполнения сценария частной машиной обработки сценариев, если сценарий требует доступа к предварительно определенному ресурсу. Только частная машина обработки сценариев имеет интерфейс для обеспечения возможности сценарию осуществить доступ к предварительно определенному ресурсу. Средство машины обработки сценариев сконфигурировано для предотвращения передачи данных частной машиной обработки сценариев в общедоступную машину ...

ВСЕОБЪЕМЛЮЩАЯ, ОРИЕНТИРОВАННАЯ НА ПОЛЬЗОВАТЕЛЯ СЕТЕВАЯ БЕЗОПАСНОСТЬ, ОБЕСПЕЧИВАЕМАЯ ДИНАМИЧЕСКОЙ КОММУТАЦИЕЙ ДАТАГРАММ И СХЕМОЙ АУТЕНТИФИКАЦИИ И ШИФРОВАНИЯ ПО ТРЕБОВАНИЮ ЧЕРЕЗ ПЕРЕНОСНЫЕ ИНТЕЛЛЕКТУАЛЬНЫЕ НОСИТЕЛИ ИНФОРМАЦИИ

Изобретение относится к защищенной передаче данных и предоставлению услуг в открытых или закрытых сетевых настройках. Техническим результатом является повышение надежности и гибкости передачи данных в сети. Безопасные, устойчивые сетевые соединения и эффективные сетевые транзакции среди множества пользователей поддерживаются открытой и распределенной архитектурой клиент-сервер. Схема датаграмм приспособлена для обеспечения динамической коммутации датаграмм в поддержку множества сетевых приложений и услуг. Предоставлены мобильные интеллектуальные носители данных, которые обеспечивают возможность реализации схемы аутентификации и шифрования. Интеллектуальные носители данных выполнены с возможностью целевой доставки приложений уполномоченным пользователям. Схема аутентификации и кодирования в одном варианте воплощения основана на физической или рабочей биометрии. Способы и системы предназначены для использования в сетевой среде предприятия для поддержки широкого спектра деловых, исследовательских ...

МОНОБЛОК С ДВУМЯ НЕЗАВИСИМЫМИ КОМПЬЮТЕРАМИ И ПЕРЕКЛЮЧАЕМЫМИ ПЕРИФЕРИЙНЫМИ УСТРОЙСТВАМИ

... 1. Персональный компьютер содержит корпус, в котором размещены два вычислительных модуля и устройство для переключения между вычислительными модулями устройств ввода-вывода информации, отличающийся тем, что в корпусе также размещено устройство вывода информации в виде монитора, а каждый из вычислительных модулей выполнен независимым, с возможностью работать одновременно и независимо от другого, и с возможностью подключения к сети Интернет или корпоративной сети, а также может иметь в своём составе дополнительный модуль, позволяющий осуществлять однонаправленную передачу информации из одного вычислительного модуля в другой.2. Устройство по п.1, отличающееся тем, что монитор может быть выполнен сенсорным и выполнять в этом случае дополнительно функции устройства ввода информации.3. Устройство по п.1, отличающееся тем, что в качестве устройств ввода-вывода, переключаемых устройством для переключения между вычислительными модулями устройств ввода-вывода информации, используются и/или монитор ...

ОГРАНИЧЕНИЕ ОБЛАСТЕЙ ПАМЯТИ ДЛЯ СЧИТЫВАНИЯ КОМАНД В ЗАВИСИМОСТИ ОТ АППАРАТНОГО РЕЖИМА И ФЛАГА БЕЗОПАСНОСТИ

Изобретение относится к области систем обработки данных, имеющих множество аппаратных режимов работы, а также к управлению доступом к памяти в зависимости от текущего аппаратного режима. Техническим результатом является обеспечение возможности осуществления процессором доступа к данным памяти даже в том случае, если эта возможность заблокирована в текущем режиме работы процессора. Устройство для обработки данных (2) включает в себя процессор (8), память (6) и схему (12) управления памятью. Процессор (8) работает во множестве аппаратных режимов, включающих в себя привилегированный режим и пользовательский режим. При работе в привилегированном режиме схема (12) управления памятью блокирует выборку команд процессором (8) из адресных зон (34, 38, 42) памяти в памяти (6), в которые можно производить запись в пользовательском режиме, если флаг безопасности в регистре (46) установлен таким образом, что указывает на то, что этот механизм блокировки действует. 4 н. и 9 з.п. ф-лы, 4 ил.

МНОГОКОНТУРНАЯ СИСТЕМА ОБРАБОТКИ И ЗАЩИТЫ ИНФОРМАЦИИ

Изобретение относится к области информационной безопасности. Техническим результатом является предотвращение возможности попадания информации определенной категории из одной компьютерной сети в другую. Программно-аппаратный комплекс с многоконтурной архитектурой для распределения цифровой информации содержит компьютерный терминал с независимыми аппаратно-разделенными контурами, взаимодействующими с соединенными между собой локальными автономными серверами, образующими систему безопасного ограниченного перемещения информации, реализуемого посредством однонаправленных шлюзов. Каждый из указанных локальных автономных серверов содержит подключенную к нему подсистему периферийного оборудования, причем первый сервер в системе выполнен с возможностью получения и обработки новой информации, а последний сервер в системе выполнен с возможностью обработки и извлечения поступившей информации. Выходы каждого из серверов системы подключены к своим шифраторам, которые соединены с единым маршрутизатором ...

SCHUTZSYSTEM ZUM BLOCKIEREN VON ELEKTRONISCHEN GERÄTEN UND BAUTEILEN UND VERFAHREN HIERFÜR

Method and apparatus to provide secure application execution

Exception types within a secure processing system

System and method for security-aware master

Command and control of a robot by a contact center with third-party monitoring

A robot operates in an unmonitored or monitored mode. At least one operation parameter is communicated to a third party. When the robot receives a signal indicating the third part is receiving the parameter data operates the robot in a monitored mode. In the absence to receive the signal the robot operates in an unmonitored mode. A robot may be allowed to perform certain operations if monitored or prevented from such operations if unmonitored. If authorized, a robot may be able to perform certain operations unmonitored; however, the third party may report the authorized exception. Should the robot be unmonitored, and absent unauthorized exception, the robot performs only those operations approved for unmonitored mode. Otherwise, the robot is enabled to perform tasks approved for monitored and unmonitored mode. The third party may report the monitoring, lack of monitoring, and compliance with a monitoring program accordingly.

Command and control of a robot by a contact center with third-party monitoring

Method and Apparatus to provide secure application execution

An instruction of software outside of a secure enclave is decoded and the decoded instruction is executed to read bytes from an enclave page cache (EPC) page of an enclave. The enclave is marked as being a debug enclave. An address of the bytes to read from the debug enclave is preferably provided in our CX. A debug bit is preferably set in the EPC to indicate that the enclave is a debug enclave. The contents of the debug enclave are preferably encrypted. The debug enclave may allow access using commands EDBGRD (read) and EDBGWR (write).

Method and Apparatus to provide secure application execution

Device and method for controlling communication of information

An electronic device is provided that includes a housing that has a sensor mounting panel, and first and second sensors mounted in the housing and oriented to extend through the sensor mounting panel to face an environment of interest. The electronic device is operable to change an operating state, of the first sensor, between first, second and third operating states. The first operating state represents a network sharing state in which the first type of information collected by the first sensor is shared with the network resource through the communications interface. The second operating state represents a local state in which the first type of information is maintained locally on, and is solely accessible to, the one or more processors of the electronic device and is not shared with the network resource.

Systems and methods for dynamic control of secure mode of operation in processor

A computer system, processor, and/or method for changing the mode of operation of a computer without rebooting includes: a processor having a configuration register, the configuration register having a privilege entry (PRVS) register field for each of one or more privilege levels, each PRVS register field for each privilege level having one or more control aspect entries; and an enforce below (ENFB) register field, each ENFB register field for each privilege level having one or more control aspect entries, the PRVS register field control aspects being equal in number to and corresponding to the ENRB register field control aspects. The PRVS register fields and the ENFB register fields are used to change the processor from a secure mode to a performance mode while running software applications.

Devices and methods for accessing prevalent device functions

An electronic device displays a first user interface that includes a plurality of application icons that correspond to different applications of a plurality of applications installed on the device. The device detects a first input at a location on the touch-sensitive surface that corresponds to a first application icon of the plurality of application icons, the first application icon corresponding to a first application of the plurality of applications. In response to detecting the first input, the device displays a first mini application object or a preview of the first mini application object in an overlay region, where the first mini application object corresponds to a first application of the plurality of applications; and the overlay region includes an affordance for adding the first mini application object to a second user interface that displays a plurality of mini application objects. The device detects a second input at a location on the touch-sensitive surface that corresponds ...

Devices and methods for accessing prevalent device functions

An electronic device displays a first user interface that includes a plurality of application icons that correspond to different applications of a plurality of applications installed on the device. The device detects a first input at a location on the touch-sensitive surface that corresponds to a first application icon of the plurality of application icons, the first application icon corresponding to a first application of the plurality of applications. In response to detecting the first input, the device displays a first mini application object or a preview of the first mini application object in an overlay region, where the first mini application object corresponds to a first application of the plurality of applications; and the overlay region includes an affordance for adding the first mini application object to a second user interface that displays a plurality of mini application objects. The device detects a second input at a location on the touch-sensitive surface that corresponds ...

Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers

EXCEPTION TYPES WITHIN A SECURE PROCESSING SYSTEM

CONTROL OF ACCESS TO A MEMORY BY A DEVICE

Multi-level security domain separation using soft-core processor embedded in an FPGA

A system and method for operating multiple security domains on one circuit card assembly, using a field-programmable gate array (FPGA) with an embedded security domain separation gate providing the MAC between multiple soft-core CPUs also embedded in the FPGA. In one embodiment, the FPGA is segregated into two or more security domains with no data paths between soft-core CPUs in each security domain except through the security domain separation gate. The security domain separation gate applies rules to any information to be transmitted between the security domains to avoid transmission of malicious content and to avoid transmission of information of a certain classification level or type to a security domain at a lower classification level or type.

Immobilisation protection system for electronic components

Computer security using dual functional security contexts

SYSTEM FOR THE AUTOMATED PROCESSING OF MULTI-USE DATA

L'invention a notamment pour objet un composant logiciel pour le traitement automatisé de données multi-usages, mettant en oeuvre des fonctions ayant besoin de différents niveaux de sûreté ou limites de responsabilité. Le composant logiciel selon l'invention comprend une pluralité de machines virtuelles (215), chaque machine virtuelle étant adaptée à exécuter au moins une fonction ayant besoin d'un niveau de sûreté ou d'une limite de responsabilité prédéterminé et un hyperviseur (210) adapté à contrôler l'exécution de ladite pluralité de machines virtuelles.

METHOD AND APPARATUS FOR SECURING A COMPUTING DEVICE

A method and apparatus for securing a computing device are provided. A state of the computing device is determined, the state associated with a protection state. The computing device is automatically switching between a plurality of security levels at based on the state.

COMPUTING DEVICE TO GENERATE A SECURITY INDICATOR

Aspects may relate to a computing device that comprises a processor operable in a secure mode and a memory. The processor may be configured to: obtain a first layer of graphics that includes image elements; obtain a second layer of graphics that includes image elements; randomly select an image element from the first layer of graphics; randomly select an image element from the second layer of graphics; and compose the selected image elements from the first and second layer of graphics to create a composed random image. Further, the processor may command the memory to store the composed random image.

METHODS AND SYSTEMS FOR SECURE AND RELIABLE IDENTITY-BASED COMPUTING

The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes. Systems and methods may include, as applicable, software and hardware implementations for Identity Firewalls; Awareness Managers; Contextual Purpose Firewall Frameworks for situationally germane resource usage related security, provisioning, isolation, constraining, and operational management; liveness biometric, and assiduous environmental, evaluation and authentication techniques; Repute systems and methods assertion and fact ecosphere; standardized and interoperable contextual purpose related expression systems and methods; purpose related computing arrangement resource and related information management systems and methods, ...

TOUCH EVENT PROCESSING METHOD AND PORTABLE DEVICE IMPLEMENTING THE SAME

A touch event processing method and a portable device implementing the same is provided for protecting a touch event occurring on a touch screen from hacking. Touch coordinates from a touch panel are first provided to the first operating system. It is then determined whether a function corresponding to the touch coordinates is to execute a security application. If so, a touch event processing right handover message is transmitted from the first operating system to the second, to hand over a right of processing a touch event that occurs on the touch panel to the second operating system.

Information processing method and terminal

Application control method, application control apparatus and terminal

Establishment of alliance block chain networks

USB (universal serial bus) storage device with multilayer structure

Single operation system-based double hard disk isolated encryption apparatus

Execution device

Safety system and safety storage method of intelligent terminal

The invention provides a safety system and a safety storage method of an intelligent terminal. The method comprises the following steps: providing the special safety system which needs two sub operating systems for working, and performing safety storage and reading on user privacy data. Intelligent terminal equipment provides protection on key data by the system and the method for solving the problem of non safety storage and reading of current password and related key privacy data. The method can be used for not only providing the protection on the key data but also performing other various safety function operations according to an operating mechanism.

Physical isolation system and isolation method constructed based on embedded type system

Control method, controller and terminal

Based on double architecture trusted computing platform of the dynamic measurement method

An information processing method and mobile terminal

SYSTEM AND PROCESS FOR the SECURITY Of a USER INTERFACE

EXCHANGE OF INFORMATION ENTERS AN ELECTRONIC PAYMENT TERMINAL AND A TOOL FOR MAINTENANCE BY A CONNECTION USB

L'invention concerne un terminal de paiement électronique (30) comprenant une première borne de connexion USB (13) comportant au moins un premier fil (D+") de transfert de données. Le terminal de paiement comprend, en outre, une première résistance (24) reliant le premier fil à une première source (VDD) d'un premier potentiel et un interrupteur (38) entre le premier fil et la première résistance ou entre la première résistance et la première source.

DATA STORAGE APPARATUS AND DATA PROCESSING METHOD

A data storage apparatus includes an interface unit for receiving data from a first electronic device which is connected, a storage unit in which the received data is stored, a switch representing one of a security mode in which the received data is stored in an encrypted state and a general mode in which the received data is stored in a non-encrypted state, and a control unit for controlling the received data to be stored in the storage unit in the encrypted state if the switch represents the security mode. Accordingly, the present invention can perform a security function with low costs. COPYRIGHT KIPO 2018 (100) Data storage device (101) First electric device (102) Second electric device (110) Interface unit (120) Storage unit (130) Switch (140) Control unit ...

보안 속성으로 CPU 트랜잭션을 자격부여하기 위한 방법, 장치 및 시스템

... 보안 속성들을 갖는 CPU 트랜잭션들을 자격부여하는 방법, 장치 및 시스템이 제공된다. 불변의 보안 속성들은, 신뢰되거나 또는 신뢰되지 않는 CPU/코어의 실행 모드를 식별하는 CPU 또는 프로세서 코어에 의한 트랜잭션 개시자에 대해 생성된다. 트랜잭션들은 보호된 자산이 액세스될 수 있는 입/출력(I/O) 디바이스 또는 시스템 메모리를 타겟으로 할 수 있다. 정책 시행 로직 블록들은 장치 또는 시스템에서의 다양한 포인트들에서 구현되어, 트랜잭션들에 대해 생성된 불변의 보안 속성들에 기초하여 보호된 자산들에 대한 액세스를 허용 또는 거절한다. 하나의 양상에서, CPU/코어가 신뢰된 실행 모드에서 동작중임을 나타내기 위한 제1 트랜잭션을 통해 모드 레지스터가 갱신되는 멀티-레벨 보안 방안이 구현되며, 트랜잭션이 신뢰된 개시자로부터의 것임을 입증하기 위해 모드 레지스터에서의 실행 모드 표시를 이용하여 제2 트랜잭션에 대해 보안 속성들이 생성된다.

SECURE ZONE FOR DIGITAL COMMUNICATIONS

The systems, methods and apparatuses described herein provide a computing environment that includes a secure zone for executing tasks. An apparatus according to the present disclosure may comprise a screen, a secure zone and an indicator operatively controlled by the secure zone. The secure zone may be configured to execute a task and to assume control over an output to the screen while the apparatus is operating in a secure mode and to transfer control over the output to the screen to a non-secure zone while the apparatus is operating in a non-secure mode.

CONTROLLING CONFIGURATION DATA STORAGE

A machine-implemented method is provided for securing a storage-equipped device against introduction of malicious configuration data into configuration data storage, the method comprising steps of receiving, by the device, a trusted signal for modification of configuration of the device;responsive to the receiving, placing the device into a restricted mode of operation and at least one of deactivating a service and rebooting the device; responsive to the placing the device into the restricted mode of operation and the deactivating or rebooting, permitting configuration data entry into a restricted portion of the configuration data storage. A corresponding device and computer program product are also described.

ADDRESSING A TRUSTED EXECUTION ENVIRONMENT USING ENCRYPTION KEY

Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE), including a trustlet running on top of secure kernel, associated with a potentially untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, and an attestation statement of the secure kernel. The targeting protocol head may encrypt a transfer encryption key with a second encryption key derived from the attestation statement. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the transfer encryption key and an authentication tag, which binds the requestor with the trustlet ID. The targeting protocol head may provide the encrypted transfer encryption key, the encrypted protected data, and encrypted authentication tag to the requestor ...

SECURE DRIVER PLATFORM

Techniques described herein enable the implementation of a secure driver framework. In one example, a method includes managing an unsecure operating system execution environment comprising a first user mode and a first kernel mode. The method can also include managing a secure execution environment comprising a second user mode and a second kernel mode, and executing a secure driver within the second user mode of the secure execution environment in response to a system call from an unsecure driver in the first kernel mode or the first user mode, wherein the secure driver enables the unsecure driver to communicate with a secure device. Furthermore, the method can include providing one or more system services of the second kernel mode to the secure driver.

PERFORMANCE OF DISTRIBUTED SYSTEM FUNCTIONS USING A TRUSTED EXECUTION ENVIRONMENT

Example embodiments provide for secure storage and accessing of confidential information by a distributed system and for securely executing a function of the distributed system. Responsive to processing a function request identifying a function of the distributed system by a node computing entity, application program code corresponding to the function is accessed within a trusted execution environment. Based on data stored in a secure ledger maintained by the distributed system, the application program code is executed to generate a result within the trusted execution environment. A new entry comprising the result is generated and at least a portion thereof is encrypted using an encryption key within the trusted execution environment. The encrypted new entry is posted to the secure ledger.

MEMORY PROTECTION LOGIC

A resettable microcontroller (1) comprising a processor (7), a memory (11, 13), a memory bus, and memory protection logic (9). The microcontroller (1) is arranged to clear a set of memory- protection configuration registers (26) whenever the microcontroller (1) is reset. The memory protection logic (9) is arranged to access the set of memory-protection configuration registers (26) and is configured to monitor memory access requests on the bus; detect when a memory access request attempts to access a memory address in a protectable region of the memory (11, 13); determine whether the memory access request satisfies an access criterion for the protectable region, the access criterion depending on data stored in the set of memory- protection configuration registers (26); block the memory access request when the access criterion is not satisfied; and prevent writing to any memory-protection configuration register (26) unless the memory-protection configuration register (26) is in a cleared ...

SIDE-CHANNEL PROTECTION

In various examples there is a computing device in communication with at least one other computing device via a communications network. The computing device has a memory and a central processing unit having a trusted execution environment comprising trusted regions of the memory. The computing device has an operating system configured to create a memory mapping between a virtual address space of the memory and a memory of the at least one other computing device and to provide details of the memory mapping to the trusted execution environment. The trusted execution environment is configured to execute an application which is able to communicate with the other computing device directly using the memory mapping provided by the operating system.

THE DOUBLE COMPUTER

The invention is about gathering two computers' components in one PC Case, with two different power buttons for each, and both connected to one screen. The first one is connected to internet as regular computers, while the second doesn't have any cable plugged into NIC (network interface card). Thus, the second computer will be always protected from hacking due to no accessibility. The invention has a distinct feature where the first computer automatically switched off when the second switched on and vice versa. So, this is like having two computers in one setting/place and user can utilize both without changing his seat. The aim of this invention is to provide high protection for private Data of Individuals and institutions by blocking hackers from accessing the hard disk of the second computer.

Method for providing a secure mode for mobile device applications

Method for providing a secure mode for mobile applications including: configuring which applications should be available in secure mode; defining in the mobile operating system kernel, rules and privileges for applications defined for the secure mode; checking continuously if the secure mode is enabled by the user; if the security mode is enabled by the user, then the operating system kernel searches all processes and applications running on the operating system, suspend) the system applications not configured to be available in secure mode, hides the protected application, restricts inter-process communications and enforce privilege escalation events and enables access to application files protected by the protected application user Id; and if the security mode is disabled by the user, then the kernel releases all processes and applications that were stopped by the secure mode and denies any access to the protected application files.

System and method for the separation of systems that work together

A system and method is introduced for separating computing devices that work together. The computing devices appear to the user as a single device such as through using a single display and other I/O means. The output of computing devices such as the display output, may be monitored for unwanted display output to the user which may be filtered from the user. The device displaying unwanted content may then be reverted to a known state. Computing devices may communicate among themselves using display data while remaining separated. Secure services from the cloud to a user device may be offered through the separated computing devices that work together, services that utilizes separating and securing the user I/O from internet connected devices, while allowing to monitor and filter the internet connected devices. These services preferably use a key that is non-extractable for communicating with the secure cloud. Such services from the cloud server may include a secure remote desktop for VDI ...

System and method for validating components during a booting process

A method and system for validating components during a booting process of a computing device are described herein. The method can include the steps of detecting a power up signal and in response to detecting the power up signal, progressively determining whether software components of the computing device are valid. If the software components are determined to be valid, the computing device may be permitted to move to an operational state. If, however, at least some of the software components are determined to be not valid, the computing device may be prevented from moving to the operational state. In one arrangement, if the computing device is prevented from moving to the operational state, corrective action can be taken in an effort to permit the computing device to move to the operational state.

Address translation/specification field for hardware accelerator

Embodiments relate an address translation/specification (ATS) field. An aspect includes receiving a work queue entry from a work queue in a main memory by a hardware accelerator, the work queue entry corresponding to an operation of the hardware accelerator that is requested by user-space software, the work queue entry comprising a first ATS field that describes a structure of the work queue entry. Another aspect includes, based on determining that the first ATS field is consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, executing the operation corresponding to the work queue entry by the hardware accelerator. Another aspect includes, based on determining that the first ATS field is not consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, rejecting the work queue entry by the hardware accelerator.

Data exchange between an electronic payment terminal and a maintenance tool through a USB link

The invention relates to an electronic payment terminal (30) comprising a first USB connection port (13) comprising at least one first wire (D+) for data transfer. The payment terminal comprises, furthermore, a first resistor (24) linking the first wire to a first source (VDD) of a first potential and a switch (38) between the first wire and the first resistor or between the first resistor and the first source.

ID token having a protected microcontroller

An ID token includes a sensor, a communication interface, and a first microcontroller. The ID token includes a protected second microcontroller having at least one microcontroller communication interface, which is arranged in a holder of the ID token, wherein the microcontroller communication interface provides a data input and a data output. The first microcontroller is configured as a proxy for switching between the sensing of the measurement data by the sensor and forwarding of the sensed measurement data from the sensor to the first application of the protected second microcontroller by the microcontroller communication interface thereof on the one hand and forwarding of notifications for establishing a connection between the second application and the reading device and/or forwarding of APDUs by the connection between the second application and the reading device on the other hand.

Multi-core processor based key protection method and system

A multi-core processor based key protection method and system is described. An Operating System (OS) supporting Symmetric Multi-Processing (SMP) is set up on a multi-core processor. One core of the multi-core processor is configured as a cryptographic operation core, which is prohibited from running other processes of the OS and dedicated to perform a public-key cryptographic operation. The private key and an intermediate variable in a process of the public-key cryptographic operation are stored in a cache exclusively occupied by the cryptographic operation core.

Device for operating a camera in a private mode and a non-private mode

An electronic device to operate a camera in a private mode and non-private mode is provided. The electronic device includes a user interface (UI) including a first UI component and a second UI component, and an electronic processor coupled to the UI and the camera. The electronic processor controls the camera to be operated in a private mode in response to detecting an input selecting the first UI component, and a non-private mode in response to detecting an input selecting the second UI component. The electronic processor also tags the images captured in private mode as private images and non-private mode as non-private images. The electronic processor further applies different access policies for accessing the private and non-private images. Further, the first and second UI component are generated as graphical user interface components within a touch screen display of the electronic device.

METHOD AND APPARATUS FOR PROCESSING BIOMETRIC INFORMATION IN ELECTRONIC DEVICE

A method and apparatus for processing biometric information in an electronic device including a processor that operates at a normal mode or at a secure mode, the method comprising, detecting a biometric input event from a biometric sensor module at normal mode, creating biometric data based on sensed data from the biometric sensor module at the secure mode, performing biometric registration or biometric authentication based on the created biometric data at the secure mode, and providing result information of biometric registration or biometric authentication at the normal mode.

Computer and data protection system

A computer and data protection system include a peripheral sharing device that is communicatively linked to an onboard internet server and a separate user computer. The onboard internet server is connected to a first communication port for communicating with the separate user computer, and a second communication port for communicating over the internet. A switch selectively transitions the system between a protected operating mode wherein the second communication port is disabled or disconnected, and an open operating mode wherein the first communication port is disabled or disconnected. The system includes an authentication unit having an input/output device for communicating with a removable key. The authentication unit functioning to provide system access only upon successful comparison of a user password that is stored on the physical key with a corresponding user password that is stored in the authentication unit.

Switching users and sync bubble for EDU mode

Systems and methods are disclosed for implementing an educational mode on a portable computing device, such as a tablet computer, that is a single-user system, used serially by multiple users. Each user can have a separate user storage that may be encrypted. The computing device boots as a system user to a login screen. A first student user enters user credentials into the login screen. The computing device can reboot the user-space processes, while leaving the kernel running, rebooting the computing device as the first student user. When the first student user logs out, data to be synchronized to, e.g., the cloud, can be synchronized for the first student user while a second student user is logged into the device.

Access to memory region including confidential information

Embodiments herein relate to accessing a memory region including confidential information. A memory request from a process may be received. The memory request may include a process ID (PID) of the process, a requested memory address, and a requested access type. The memory request may be compared to a permission set associated with a memory region including the confidential information. Access to the memory region by the process may be controlled based on the comparison.

MEMORY ACCESS GATE

Methods, systems, and devices for a memory access gate are described. A memory device may include a controller, memory dice, and a pad for receiving an externally provided control signal, such as a chip enable signal. The memory device may include a switching component for selecting the externally provided control signal or an internally generated control signal. The controller may provide the selected control signal to a memory die. The memory device may determine whether it is operating in a first mode or a second mode, and select the externally provided control signal or the internally generated control signal based on the determination. The first mode may be a diagnostic mode in some cases. The controller may include a secure register whose value may impact or control the switching. An authenticated host device may direct the controller to write the value to the secure register.

Secure-aware bus system

An integrated-circuit device includes a bus system, a plurality of master components, a plurality of slave components, and hardware filter logic. The bus system is configured to carry bus transactions and security-state signals for distinguishing between secure and non-secure transactions. The master components are switchable between a secure and a non-secure state. The hardware filter logic is configured to intercept bus transactions at an interception point, positioned within the bus system such that bus transactions from at least two of the master components and at least two slave components pass the interception point. It is also configured to use i) a slave address of the intercepted bus transaction, and ii) the security state of the intercepted bus transaction, to determine whether to allow the transaction, in accordance with a set of filtering rules, and to block intercepted bus transaction that are determined not to be allowed.

METHOD AND SYSTEM FOR ON DEMAND CONTROL OF HARDWARE SUPPORT FOR SOFTWARE POINTER AUTHENTIFICATION IN A COMPUTING SYSTEM

A computer system, processor, computer program product, and method for executing instructions in a software application that includes a processor that can be dynamically controlled, in response to a value set in a control register, to operate in either a secure mode or a performance mode. In the secure mode, the processor: upon encountering a secure mode entry instruction, computes an entry hash value using a hash function and stores the entry hash value; and upon encountering a secure mode exit instruction, computes an exit hash value, loads the entry hash value, and determines whether the entry hash value is the same as the exit hash value, and depending upon verification of the hash values can execute the return function or transfer control to the operating system. In the performance mode, the processor: executes both the secure mode entry instruction and the secure mode exit instruction as no-operations.

Technologies for object-oriented memory management with extended segmentation

Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.

TRUSTED EXECUTION ENVIRONMENT SECURE ELEMENT COMMUNICATION

ADDRESSING A TRUSTED EXECUTION ENVIRONMENT USING SIGNING KEY

APPARATUS FOR LOCKING USB PORT

情報処理装置

СПОСОБ И АППАРАТ ДЛЯ БЕЗОПАСНОГО СЕНСОРНОГО ВВОДА

Изобретение относится к обеспечению защиты информации, вводимой через сенсорный экран. Технический результат – предотвращение утечки информации, вводимой через сенсорный экран. Способ безопасного сенсорного ввода, содержащий этапы, на которых визуализируют первый экран в рабочей области, имеющей первый уровень защиты, используя безопасный основной процессор, визуализируют второй экран в рабочей области, имеющей второй уровень защиты, используя небезопасный основной процессор, причем первый уровень защиты выше, чем второй уровень защиты, и выводят экран безопасного ввода с помощью отображения первого экрана в качестве наложения сверху второго экрана посредством модуля безопасности сенсорного ввода, хранимого в безопасной области блока хранения, конфигурируют часть блока хранения как безопасную область, запрещают доступ небезопасного основного процессора к безопасной области блока хранения и поддерживают доступ безопасного основного процессора к безопасной области блока хранения. 3 н. и 24 ...

Двухконтурный моноблок

Изобретение относится к вычислительной технике, в частности к системам персональных компьютеров, и может быть использовано в качестве двухконтурного моноблока, имеющего два физически разделенных вычислительных модуля. Технический результат заключается в повышении защищенности информационных потоков, используемых в двух вычислительных модулях одного моноблока. Технический результат достигается за счет двухконтурного моноблока, содержащего первый и второй вычислительные модули, а также устройство переключения и блок вывода информации в виде монитора, при этом устройство переключения выполнено в виде модуля переключения клавиатуры, видео и мыши, содержащего микроконтроллер, оснащенный памятью, первый блок переключения, первый сигнальный вход, выполненный с возможностью подключения к клавиатуре, первый и второй сигнальные выходы, второй блок переключения, а также блок переключения цифровых видео- и аудиопотоков. 2 ил.

ПРОГРАММНЫЙ КОМПОНЕНТ И УСТРОЙСТВО ДЛЯ АВТОМАТИЗИРОВАННОЙ ОБРАБОТКИ МНОГОЦЕЛЕВЫХ ДАННЫХ С ПРИМЕНЕНИЕМ ФУНКЦИЙ, ТРЕБУЮЩИХ РАЗНЫХ УРОВНЕЙ БЕЗОПАСНОСТИ ИЛИ ГРАНИЦ ОТВЕТСТВЕННОСТИ

... 1. Программный компонент для компьютера, выполненный с возможностью для автоматической обработки многоцелевых данных, при этом программный компонент отличается тем, что применяет функции, требующие разных уровней безопасности или границ ответственности и тем, что содержит:- множество виртуальных машин (215), при этом каждая виртуальная машина выполнена с возможностью исполнения, по меньшей мере, одной функции, требующей заранее определенного уровня безопасности или границы ответственности; по меньшей мере одна из упомянутых функций выполнена в зависимости от параметров виртуальной машины, в которой она исполняется, и- гипервизор (210), выполненный с возможностью контроля за исполнением упомянутого множества виртуальных машин.2. Программный компонент по п.1, в котором упомянутый гипервизор содержит средства аутентификации для аутентификации (310), по меньшей мере, одной виртуальной машины из упомянутого множества виртуальных машин.3. Программный компонент по п.2, в котором упомянутые средства ...

ИСПОЛЬЗОВАНИЕ АУТЕНТИФИЦИРОВАННЫХ МАНИФЕСТОВ ДЛЯ ОБЕСПЕЧЕНИЯ ВНЕШНЕЙ СЕРТИФИКАЦИИ МНОГОПРОЦЕССОРНЫХ ПЛАТФОРМ

... 1. Процессорная система, содержащая:архитектурно защищенную память; инесколько процессорных устройств, осуществляющих связь с этой архитектурно защищенной памятью, причем каждое процессорное устройство содержит первую процессорную логику для реализации архитектурно защищенной исполнительной среды путем выполнения по меньшей мере одного из следующих действий: выполнения команд, резидентных в архитектурно защищенной памяти, или предотвращения неавторизованного доступа к архитектурно защищенной памяти;отличающаяся тем, что каждое процессорное устройство дополнительно содержит вторую процессорную логику, предназначенную для установления защищенного канала связи со вторым процессорным устройством из состава этой процессорной системы с целью использования этого защищенного канала связи для синхронизации идентификационного ключа платформы, представляющей процессорную систему, и для передачи манифеста платформы, содержащего идентификационный ключ платформы, в систему сертификации.2. Процессорная ...

Hibernating a processing apparatus for processing secure data

Out-of-bounds recovery circuit

Out-OF-bounds recovery circuit 308 detects an out-oF-bounds violation in an electronic device and causes it to transition to a safe state. The out OF bounds recovery circuit includes detection logic 320 for when a processing element of the device has fetched an instruction from an unallowable memory address range for a current operating state; and transition logic 310 causing the transition to a safe state, when out-of-bounds violations are detected. A program counter value can be compared to an address range to determine whether the fetched instruction is from unallowable memory addresses. The operating state can be the boot or the normal state determined according to the power-ON sequence being completed. The safe states comprise idle or post-reset. It addresses the threat of malicious code causing a rogue program to execute on the device. Detecting out-OF-bounds violations in hardware rather than software allows detections of errors in the boot firmware.

Detecting out-of-bounds violations in a hardware design using formal verification

Processor switching between secure and non-secure modes

Managing access to content in a data processing apparatus

A data processing apparatus and method are provided for managing access to content within the data processing apparatus. The data processing apparatus has a secure domain 110 and a non-secure domain 100 and comprises at least one device which is operable when seeking to access content stored in memory to issue a memory access request pertaining to either the secure domain or the non-secure domain. Further, writeable memory 120 is provided which can store content required by the at least one device, with the writeable memory having at least one read only region 124 whose content is stored therein under control of a secure task 150, the secure task being a task executed by one of the devices in the secure domain. Protection logic 130 is then used in association with the writeable memory, which on receipt of a memory access request seeking to access content in the at least one read only region, prevents access to that read only region if that memory access request pertains to the non-secure ...

Securely saving a state of a processor during hibernation

A data processing apparatus comprises processing circuitry including several state retention cells for holding a current state of the processing circuitry, at least some of the state retention cells being arranged in series. In response to a hibernate signal, the processing apparatus switches from an operational mode to a low power or sleep mode in which the processing circuitry is powered down. Prior to powering down the processing circuitry its current state is output from the state retention cells and encrypted, and the encrypted state is then stored (fig. 3a). Upon detection of a wake signal, the processing apparatus switches from the low power mode to the operational mode and the stored encrypted state data is decrypted and used to restore the state of the processing circuitry (fig. 3b). The state retention cells may take the form of one or more scan chains and provide an output in the form of one or more serial data streams. This is a convenient form for subsequent encryption by hardware ...

Communication of a network node in a data network

Die Erfindung betrifft ein Verfahren zum Aufbau einer Kommunikationsverbindung zwischen einem Netzwerkknoten (1) und einem Kommunikationspartner (10) in einem Datennetz (6), wobei der Netzwerkknoten (1) zumindest eine Mitteilung (M) über eine Drahtlosschnittstelle (3) von dem Kommunikationspartner (10) empfängt und wobei der Mitteilung (M) Verifikationsdaten (9) beigefügt sind. Die Verifikationsdaten (9) beinhalten ein Sender- Messdatenabbild (8), welches für vom Kommunikationspartner (10) in einer vorhergehenden Aufzeichnungsperiode erfasste Messdaten (7) repräsentativ ist. Der Netzwerkknoten (1) verifiziert den Kommunikationspartner (10), indem das in den empfangenen Verifikationsdaten (9) enthaltene Sender-Messdatenabbild (8) anhand einer dem Netzwerkknoten (1) bekannten oder/oder vom Kommunikationspartner (10) dem Netzwerkknoten (1) mitgeteilten Korrelation mit einem Empfänger-Messdatenabbild (8‘) verglichen wird, das unabhängig vom Sender- Messdatenabbild (8) erstellt wurde und das ...

PROTECTIVE CIRCUIT FOR AN INTEGRATED CIRCUIT

PROCESSOR SWITCHING BETWEEN SECURE AND NON-SECURE MODES

Addressing a trusted execution environment using encryption key

Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE), including a trustlet running on top of secure kernel, associated with a potentially untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, and an attestation statement of the secure kernel. The targeting protocol head may encrypt a transfer encryption key with a second encryption key derived from the attestation statement. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the transfer encryption key and an authentication tag, which binds the requestor with the trustlet ID. The targeting protocol head may provide the encrypted transfer encryption key, the encrypted protected data, and encrypted authentication tag to the requestor ...

METHODS AND SYSTEMS FOR SECURE AND RELIABLE IDENTITY-BASED COMPUTING

The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes. Systems and methods may include, as applicable, software and hardware implementations for Identity Firewalls; Awareness Managers; Contextual Purpose Firewall Frameworks for situationally germane resource usage related security, provisioning, isolation, constraining, and operational management; liveness biometric, and assiduous environmental, evaluation and authentication techniques; Repute systems and methods assertion and fact ecosphere; standardized and interoperable contextual purpose related expression systems and methods; purpose related computing arrangement resource and related information management systems and methods, ...

Devices and methods for accessing prevalent device functions

An electronic device displays a first user interface that includes a plurality of application icons that correspond to different applications of a plurality of applications installed on the device. The device detects a first input at a location on the touch-sensitive surface that corresponds to a first application icon of the plurality of application icons, the first application icon corresponding to a first application of the plurality of applications. In response to detecting the first input, the device displays a first mini application object or a preview of the first mini application object in an overlay region, where the first mini application object corresponds to a first application of the plurality of applications; and the overlay region includes an affordance for adding the first mini application object to a second user interface that displays a plurality of mini application objects. The device detects a second input at a location on the touch-sensitive surface that corresponds ...

COMMUNICATION INTERFACE OF A SECURE INTERFACE CONTROL

A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/ In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction ...

SECURE PROCESSING OF SECURE INFORMATION IN A NON-SECURE ENVIRONMENT

A secured process sourcing and work management system for processing secure information in a non-secure environment is disclosed. The system permits a user, referred to herein as a customer or requestor, to submit a project, involving a human intelligence task ("HIT"), referred to as a task or task specification, to be performed with respect to secure, confidential or sensitive information, referred to herein as secure information, and have that project completed in a non-secure environment without compromising the security, confidentiality or sensitivity of the secure information. The system may be incorporated into the requestor's workflow, receiving projects therefrom and providing the results thereto. Further, a system is disclosed for implementing a processing workflow for such tasks, the system permitting, based on projects submitted by requestors, the "posting" or distribution of jobs, and subsequent management thereof, to be performed by a workforce operating in or via a non-secure-environment ...

SYSTEMS, METHODS AND APPARATUSES FOR SECURELY STORING AND PROVIDING PAYMENT INFORMATION

The systems, methods and apparatuses described herein provide a virtual integrated circuit card (ICC). In one aspect, a method of creating a virtual ICC may be provided. The method may comprise obtaining executable code configured to run on a user device to facilitate financial transactions, preparing a first encryption key usable by the executable code, receiving a second encryption key associated with the user device, forming a virtual ICC comprising the executable code and the first encryption key, and encrypting the virtual ICC with the second encryption key. In another aspect, a virtual ICC may be embodied on a non-transitory computer-readable medium. The virtual ICC may comprise executable code configured to run on a user device to facilitate financial transactions and a first encryption key usable by the executable code. The virtual ICC may be encrypted using a second encryption key associated with the user device.

SECURE ZONE FOR DIGITAL COMMUNICATIONS

The systems, methods and apparatuses described herein provide a computing environment that includes a secure zone for executing tasks. An apparatus according to the present disclosure may comprise a screen, a secure zone and an indicator operatively controlled by the secure zone. The secure zone may be configured to execute a task and to assume control over an output to the screen while the apparatus is operating in a secure mode and to transfer control over the output to the screen to a non-secure zone while the apparatus is operating in a non-secure mode.

Security isolation and monitoring management method of USB mobile storage media

The invention provides a system of USB mobile storage medium security isolation and monitoring management. In the system, U disk isolator equipment is used for physically isolating the U disks of the users from hosts. Several file security policies are set and allocated for each equipment by a network management system. The files are only allowed to enter into the system or be copied onto the U disks as long as the files are in consistent with the security policies. Audit data are generated for each file access to the system so as to be convenient for tracing the information flow direction. Through the mode of software and hardware combination, the invention thoroughly solves the problem of security when the internal network system with information security and confidentiality requirements receives and acquires the mobile storage media data of the external network. Information security places emphasis on prevention and control, and the invention adopts the file security policy management ...

Method, apparatus, system for qualifying CPU transactions with security attributes

Security code space authentication method and system, and registration method thereof

Data storing method and system based on dual system

The invention provides a data storing method based on a dual system, and is suitable for the technical field of communication. The method comprises the steps of judging whether the data is the important data during storing the data in a first system; if the data is the important data, storing the data in a second system. Correspondingly, the invention further provides a data storing system based on the dual system. Thus, under the dual system environment, the important data processed by the user in the first system can be rapidly and conveniently stored in the second system, and the information security of the user can be adequately protected.

Asymmetric security level dual-system multi-mode communication architecture

Location-based System Permissions And Adjustments At An Electronic Device

Securing access to a portable electronic device (PED), securing e-commerce transactions at an electronic device (ED) and dynamically adjusting system settings at a PED are disclosed. In an example, usage or mobility characteristics of the PED or ED (e.g., a location of the ED or PED, etc.) are compared with current parameters of the PED or ED. A determination as to whether to permit an operation (e.g., access, e-commerce transaction, etc.) at the ED or PED can be based at least in part upon a degree to which the current parameters conform with the usage or mobility characteristics. In another example, at least a current location of a PED can be used to determine which system settings to load at the PED.

Method and device for controlling mobile terminal application in moving

Method for protecting computer system

Ultra-low cost sandboxing for application appliances

The disclosed architecture facilitates the sandboxing of applications by taking core operating system components that normally run in the operating system kernel or otherwise outside the application process and on which a sandboxed application depends on to run, and converting these core operating components to run within the application process. The architecture takes the abstractions already provided by the host operating system and converts these abstractions for use by the sandbox environment. More specifically, new operating system APIs (application program interfaces) are created that include only the basic computation services, thus, separating the basic services from rich application APIs. The code providing the rich application APIs is copied out of the operating system and into the application environment—the application process.

Wireless intrusion prevention system and method

A wireless intrusion prevention system and method to prevent, detect, and stop malware attacks is presented. The wireless intrusion prevention system monitors network communications for events characteristic of a malware attack, correlates a plurality of events to detect a malware attack, and performs mitigating actions to stop the malware attack.

Method, System And Device For Securing A Digital Storage Device

Method of securing a digital storage device, wherein a host is connected to the storage device, the host digitally locks the storage device so that unauthorized data access to the storage device is denied, the host sets the encryption conditions of the storage device in one of a condition wherein encryption of data on the storage device is enabled, and a condition wherein encryption of data on the storage device is disabled.

Random-id function for smartcards

A method for low-level security based on the UID. In particular it enhances an RFID system by adding the ability to dynamically modify the UID of the smartcard or to randomly generate a new UID for the smartcard.

Apparatus Protecting Software of Sentinel Logic Circuitry Against Unauthorized Access

A method of protecting software for embedded applications against unauthorized access. Software to be protected is loaded into a protected memory area. Access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area from only either within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area.

Program execution device

A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Data security management systems and methods

Data security management system and methods are provided. First, a first system having a management authority is provided. The first system displays an input interface on an input device. A switch switches the management authority from the first system to a second system, wherein the second system operates with a secure mechanism. When the management authority is switched to the second system, the first system transmits layout information of the input interface and an input device characteristic of the input device to the second system. The second system receives input data via the input device, and decodes the input data according to the layout information and the input device characteristic.

Device and method for disconnecting download channel of hand-held terminal

The disclosure provides a device and method for disconnecting a download channel of a hand-held terminal. The device comprises: a connection/disconnection unit ( 308 ), which comprises a fuse module ( 308 - 2 ) and a fusing module ( 308 - 4 ), arranged between a download connection point ( 302 ) and a microprocessor ( 306 ); when no downloading is needed by the hand-held terminal, the fusing module ( 308 - 4 ) is provided with a level signal through the download connection point, and switch characteristics of a triode or an MOSFET in the fusing module ( 308 - 4 ) are utilized, to control the connection/disconnection of the download channel between the download connection point ( 302 ) and the microprocessor ( 306 ), thus avoiding generation of new download channel.

Providing protection against unauthorized network access

A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Protected mode for mobile communication and other devices

An electronic device includes at least one memory unit, a plurality of applications residing on at least one of the memory units and a database residing on at least one of the memory units. The database is configured to store a record specifying a subset of the plurality of applications that are to be inaccessible to a user when in a protected mode of operation. The protected mode is designed for a user (e.g., child or friend borrowing the device) who can potentially use the device with setting that are configured under the primary user's (e.g. parent, device administrator) supervision. The device also includes a user interface through which a primary user and not other users can specify the subset of the plurality of applications to be included in the record. A processor is operatively associated with the memory unit, the database and the user interface. The processor is configured to switch, in response to a request from the primary user and not other users, between a normal mode operation in which all of the applications in the plurality of applications are available for use and the protected mode of operation.

Virtual machine system and virtual machine system control method

A virtual machine system is provided with a processor having only two privileged modes, a low privileged mode and a high privileged mode, and achieves both a security function for protecting digital copyrighted works or the like and an operating system switching function that guarantees system reliability. The virtual machine system is provided with a first and a second processor and executes a hypervisor on the first processor in the high privileged mode. An operating system on the second processor is executed by cooperation between the hypervisor running on the first processor and a program running on the second processor in low privileged mode. This eliminates the need for running the hypervisor on the second processor in the high privileged mode, thus allowing for execution on the second processor in the high privileged mode of a program for implementing the security function.

Bios flash attack protection and notification

A system and method for BIOS flash attack protection and notification. A processor initialization module, including initialization firmware verification module may be configured to execute first in response to a power on and/or reset and to verify initialization firmware stored in non-volatile memory in a processor package. The initialization firmware is configured to verify the BIOS. If the verification of the initialization firmware and/or the BIOS fails, the system is configured to select at least one of a plurality of responses including, but not limited to, preventing the BIOS from executing, initiating recovery, reporting the verification failure, halting, shutting down and/or allowing the BIOS to execute and an operating system (OS) to boot in a limited functionality mode.

Collecting Debug Data in a Secure Chip Implementation

Mechanisms, in a processor chip, are provided for obtaining debug data from on-chip logic of the processor chip while the processor chip is in a secure mode of operation. The processor chip is placed into a secure mode of operation in which access to internal logic of the processor chip to control the internal logic of the processor chip, by mechanisms external to the processor chip, is disabled on a debug interface of the processor chip. A triggering condition of the processor chip is detected that is a trigger for initiated debug data collection from the on-chip logic. Debug data collection is performed from the on-chip logic to generate debug data. Data is output, by the processor chip to an external mechanism, on the debug interface based on the debug data.

Cross-vm network filtering

A security virtual machine inspects all data traffic between other virtual machines on a virtualization platform in order to prevent an inter-VM attack. Data traffic between the machines is intercepted at the privileged domain and directed to the security virtual machine via a hook mechanism and a shared memory location. The traffic is read by the security machine and analyzed for malicious software. After analysis, the security machine sends back a verdict for each data packet to the privileged machine which then drops each data packet or passes each data packet on to its intended destination. The privileged domain keeps a copy of each packet or relies upon the security machine to send back each packet. The security machine also substitutes legitimate or warning data packets into a malicious data package instead of blocking data packets. The shared memory location is a circular buffer for greater performance. Traffic is intercepted on a single host computer or between host computers.

Scalable, highly available, dynamically reconfigurable cryptographic provider with quality-of-service control built from commodity backend providers

Exemplary embodiments include a method for remapping subsets of host-centric application programming interfaces to commodity service providers, the method including receiving a commodity service providers object, embedding the commodity service providers object with a handle, transforming the handle into a serialized object readable by a hardware security module, generating a virtualized handle from the transformed handle, selecting a target hardware security module based on characteristics of the serialized object and mapping the virtualized handle to the target hardware security module.

System for detecting vulnerabilities in web applications using client-side application interfaces

An improved method and apparatus for client-side web application analysis is provided. Client-side web application analysis involves determining and testing, using client-side application interfaces and the like, data input points and analyzing client requests and server responses. In one embodiment, a security vulnerability analyzer is employed to analyze web page content for client-side application files, such as Flash files and Java applets, extract web addresses and data parameters embedded in the client-side application file, and modify the data parameters according to user-defined test criteria. The modified data parameters are transmitted as part of a request to a respective web server used to service the client-side application files. The security vulnerability analyzer analyzes the response from the server to ascertain if there are any security vulnerabilities associated with the interface between the client-side application file and the web server.

Protecting application programs from malicious software or malware

An apparatus includes a memory to store a secure object comprising at least one of code and data that is encrypted when stored in the memory and a central processing unit (CPU) that is capable of executing an EnterSecureMode (esm) instruction that enables the decryption of the secure object's information when the secure object information is retrieved from the memory into the CPU. The CPU further comprises a feature to protect the secure object from code received from other software.

Portable electronic device, associated apparatus and methods

A portable electronic device with first and second modes, the first mode, associated with allowing for the availability of one or more of a first level of power consumption and processor activity for the portable electronic device, and allowing general unlocked user interaction with the user interface of the portable electronic device; the second mode, associated with allowing for the availability of one or more of a second level of power consumption or processor activity, and allowing locked user interaction with the user interface; and the locked user interaction allowing for the provision of one or more specific limited user inputs using the user interface, to directly interact with associated second mode output provided using the user interface in the second mode, the one or more specific limited user inputs not being associated with general unlocking of portable electronic device to enter the first mode of operation.

Multi Mode Operation Using User Interface Lock

A system and a method are disclosed for a computer implemented method to unlock a mobile computing device and access applications (including services) on a mobile computing device through a launcher. The configuration includes mapping one or more applications with a guest access code. The configuration receives, through a display screen of a mobile computing device, an access code, and determines whether the received access code corresponds with the guest access code. The configuration identifies the mapped applications corresponding to the guest access code and provides for display, on a screen of the mobile computing device, the identified applications.

Portable electronic device

A portable electronic device includes a display unit; an input detection unit that detects an input to the display unit, and a lock control unit that sets or releases a locked state for a part or all of functions of the portable electronic device when a predetermined input is detected by the input detection unit, wherein the predetermined input includes inputs, in which a preset screen operation is continuously performed by a predetermined number of times in an area of the display unit.

Facilitating System Service Request Interactions for Hardware-Protected Applications

Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action.

Non-volatile storage device, access control program, and storage control method

An access control program is executed by a specific electronic device first connected to the non-volatile storage device to associate with the specific electronic device to be given full access to the storage, executed by the specific electronic device to set the specific electronic device associated with the non-volatile storage device to a first mode permitting full access to the storage, executed by an arbitrary electronic device connected to the non-volatile storage device to judge whether the arbitrary electronic device is the specific electronic device associated with the non-volatile storage device by performing certification; and executed by the arbitrary electronic device connected to the non-volatile storage device to perform mode setting.

Safely Executing an Untrusted Native Code Module on a Computing Device

A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects. 120-. (canceled)21. A method comprising:receiving, by a web browser of a computing device that is associated with a particular instruction set architecture, a native code module;loading, by a loader included in the web browser, the native code module into a memory of the computing device; andvalidating, by a validator included in the web browser, the native code module when the native code module is loaded in the memory and determining that the native code module is compliant with a plurality of security requirements associated with the particular instruction set architecture.22. The method of claim 21 , wherein the loader and the validator are separate components.23. The method of claim 21 , further comprising:after validating the native code module, executing the native code module directly on hardware of the computing device and in a secure runtime environment that is included in the web browser.24. The method of claim 23 , further comprising:loading, by the web browser, a plug-in ...

Exception handling in a data processing apparatus having a secure domain and a less secure domain

Processing circuitry can operate in a secure domain and a less secure domain. In response to an initial exception from background processing performed by the processing circuitry, state saving of data from a first subset of registers is performed by exception control circuitry before triggering an exception handling routine, while the exception handling routine has responsibility for performing state saving of data from a second subset of registers. In response to a first exception causing a transition from the secure domain from a less secure domain, where the background processing was in the less secure domain, the exception control circuitry performs additional state saving of data from the second set of registers before triggering the exception handling routine. In response to a tail-chained exception causing a transition from the secure domain to the less secure domain, the exception handling routine is triggered without performing an additional state saving.

Method for implementing security of non-volatile memory

An integrated circuit includes a non-volatile memory module that can censor access to various memory regions based upon a censorship criteria. Information used to implement the censorship criteria is stored at a non-volatile memory location. A one-time programmable non-volatile memory location stores a value representing permanent censorship key. If the permanent censorship key is in an erased state, one or more resources are allowed to modify the non-volatile memory location and disable censorship. If the permanent censorship key has one or more programmed bits, no resource is allowed to modify the non-volatile memory location and disable censorship.

SECURE CONTROLLER FOR BLOCK ORIENTED STORAGE

A storage controller includes a command pointer register. The command pointer register points to a chain of commands in memory, and also includes a security status field to indicate a security status of the first command in the command chain. Each command in the command chain may also include a security status field that indicates the security status of the following command in the chain. 1. A storage controller comprising:a command pointer register configured to point to a chain of commands, the command pointer register having a field configured to indicate a security level of a first command of the chain of commands; andcircuitry configured to raise an exception responsive to detecting that a secure command of the chain of commands follows a non-secure command of the chain of commands.2. The storage controller of claim 1 , wherein the circuitry is configured to raise the exception to a bus master.3. The storage controller of claim 1 , wherein the circuitry is further configured to raise an exception responsive to detecting that the non-secure command is attempting to access a secure partition of a memory.4. The storage controller of claim 1 , wherein the circuitry is further configured to receive a request for a transaction from a bus master claim 1 , wherein the request for the transaction is associated with execution of the chain of commands.5. The storage controller of claim 4 , wherein the circuitry is further configured to determine whether a process of the bus master providing the request for the transaction is a secure process.6. The storage controller of claim 5 , wherein the circuitry further configured to determine whether the process of the bus master providing the request for the transaction is a secure process comprises the circuitry further configured to determine whether the process providing the request based on a value of the field configured to indicate the security level of the first command.7. The storage controller of claim 6 , wherein the ...

SYSTEMS AND METHODS FOR BEHAVIORAL SANDBOXING

Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed. 1. A method for dynamically determining an execution environment in a system having a plurality of execution environments including a first execution environment and a second execution environment , the second execution environment being a protected execution environment , the method comprising:performing behavioral analysis on an executable application prior to execution;determining an initial execution environment based on the behavioral analysis;if the determination indicates protected execution for the initial execution environment, loading the executable application for execution within the second execution environment;if the determination indicates other than protected execution for the initial execution environment, loading the executable application for execution within the first execution environment;collecting behavioral characteristics of the executable application as it is executed within the initial ...

Display Authentication

Security can be improved in electronic devices that use authentication images and trusted user interfaces (TUIs), and it can still be easy for users to see the TUIs by making more dynamic use of the authentication images and possibly adding color effects.

Methods and apparatus for information assurance in a multiple level security (mls) combat system

Methods and apparatus are provided for information assurance in a multiple level security (MLS) combat system. A plurality of tasks are executed, where at least one of the tasks requiring a transition from a first security level to a second security level. At least one of the tasks are executed on a cloud computing system; and a kernel is employed to prevent a leakage of data between at least two of the tasks. The cloud computing system comprises a virtualization layer and provides one or more operating systems, as well as interface access control to data. The kernel provides a mechanism for the transition from the first security level to the second security level. The kernel optionally tags one or more data records with a security classification to allow one or more classification levels to be segregated for role-based data access.

System and method for role based analysis and access control

A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level.

DYNAMIC CODE INSERTION AND REMOVAL FOR STATIC ANALYSIS BASED SANDBOXES

Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted. 1executing a first piece of code in a sandboxed application that is written to a secured memory;receiving, as a result of executing the first piece of code, a request to insert a new piece of code into the sandboxed application; and writing the new piece of code to a portion of the secured memory that cannot be executed by the sandboxed application;', 'validating the new piece of code; and', 'writing the validated piece of code to a portion of the secured memory that can be executed by the sandboxed application., 'in response to receiving the request. A computer-implemented method, comprising: This application is a continuation application of, and claims priority to, U.S. patent application Ser. No. 12/956,860, which was filed on Nov. 30, 2010, and which claims the benefit of U.S. Provisional Application No. 61/266,500, filed Dec. 3, 2009, and titled “Dynamic Code Insertion and Removal for Static Analysis Based Sandboxes,” which applications are incorporated here by reference in their entirety.This application relates in general, to computer security. More specifically, this application relates to a method and apparatus for ...

Device

According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded.

Mobile platform software update with secure authentication

Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

Native Code Module Security for Arm Instruction Set Architectures

Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction. 1. (canceled)2. A computer-implemented method for executing a native code module , comprising:obtaining the native code module;loading the native code module into a secure runtime environment; and bounding an address space and a call stack of the native code module with a set of unmapped pages;', enabling store instructions that increment or decrement the stack pointer without masking; and', 'masking direct updates to the stack pointer to keep a value of the stack pointer within the call stack;, 'enforcing storage of valid data addresses in a stack pointer by, 'allowing the calculation of a store address only by combining a valid base register with an immediate offset and disabling the calculation of store addresses by adding two registers together; and', 'masking non-stack-relative store instructions., 'constraining store instructions in the native code module by, 'safely executing the native code module in the secure runtime environment using a set of software fault isolation (SFI) mechanisms by3. The computer-implemented method of claim 2 , wherein the secure runtime environment is for an Advanced Reduced Instruction Set Computing (RISC) Machine (ARM) instruction set architecture.4. The computer-implemented method of claim 2 , further comprising:validating the native code module using one ...

Providing access to encrypted data

Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed.

Trusted execution environment virtual machine cloning

Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.

Hybrid Virtual Machine

A method and system are disclosed for a hybrid virtual machine that allows untrusted software programs to be run securely and with high performance on computers having processors that lack hardware-assisted memory management. Contemporary computer platforms built to enable application developers to deploy software (“apps”) typically employ (a) hardware assisted memory-management and an operating system that “sandboxes” applications' access to hardware peripherals or (b) an interpreted code execution environment that acts as an insulating layer between running application code and the underlying computer hardware, with the environment configured to prevent inappropriate actions. Both contemporary approaches require a processor with a certain base level of performance and/or built-in features, which increases hardware costs. The present invention satisfies the goals of more expensive platforms but is operable on hardware with lesser performance capabilities and/or fewer features. 1. A method for creating one or more executable programs and one or more partially-virtual execution environments for the one or more executable programs in a resource-constrained computer system , the method comprising:segmenting program instructions into two categories;identifying program instructions in the first category of program instructions as suitable for direct translation into machine instructions;associating each program instruction in the second category of program instructions with a supervisor call wherein at run time the supervisor call executes one or more native instructions to verify whether the original program instruction is safe to execute; andresponsive to the original program instruction being verified at run time as safe to execute, executing the original program instruction associated with the supervisor call; andapportioning a program into one or more pages of code wherein each page of code includes a code region and a data region.2. The method for creating programs ...

Protecting secure software in a multi-security-cpu system

A computing system includes a first central processing unit (CPU) and a second CPU coupled with the first CPU and with a host processor. In response to a request by the host processor to boot the second CPU, the first CPU is configured to execute secure booting of the second CPU by decrypting encrypted code to generate decrypted code executable by the second CPU but that is inaccessible by the host processor.

Multi-security-cpu system

A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

Local secure service partitions for operating system security

Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.

Method for detecting a possibility of an unauthorized transmission of a specific datum

A tracing device for detecting whether a specific attribute datum has a possibility of being stolen is provided. The tracing device includes a label map and a first processing device, wherein the label map has a specific label attached on the specific attribute datum and a buffer region, and the first processing device is coupled to the label map and determines whether there is the specific label in the buffer region.

Secure html javascript code snippet usage in application integration

A method to secure html JavaScript code snippet usage in application integration may include serving a webpage accessible at a first domain to a user device. The webpage may include content hosted at the first domain a container for isolated execution of at least one mashup application. The at least one mashup application may be executed on a second domain. A request may be received at the first domain to render a mashup application. The mashup application may include code to display a combination of both business object data and third-party web service data. In response to the request, the mashup application may be transmitted from the first domain to the second domain. The mashup application may be served from the second domain in the container portion of the webpage of the first domain.

LOGIC CIRCUITRY

In an example, a logic circuit comprising a communications interface including a data contact to communicate via a communications bus, an enablement contact, separate from the communication interface, to receive an input to enable the logic circuit, and at least one memory register, comprising at least one reconfigurable address register. The logic circuit may be configured, such that, when enabled, it responds to communications sent via the communication bus which are addressed to the address held in a reconfigurable address register. 1. A logic circuit comprising:a communications interface including a data contact to communicate via a communications bus;an enablement contact, separate from the communication interface, to receive an input to enable the logic circuit; andat least one memory register, comprising at least one reconfigurable address register, wherein the logic circuit is configured, such that, when enabled, it responds to communications sent via the communication bus which are addressed to the address held in a reconfigurable address register.2. A logic circuit according to comprising:an analogue to digital converter.3. A logic circuit according to further comprising at least one memory register to store an offset parameter and/or a gain parameter for the analogue to digital converter.4. A logic circuit according to claim 1 , wherein the logic circuit comprises at least one sensor.5. A logic circuit according to wherein the at least one sensor comprises at least one liquid level sensor.6. A logic circuit according to wherein the at least one sensor comprises a first sensor array and a second sensor array claim 4 , wherein the first and second sensor arrays comprise sensors of different types.7. A logic circuit according to claim 4 , wherein the at least one sensor comprises at least one of an ambient temperatures sensor claim 4 , a crack detector and a fluid temperature sensor.8. A logic circuit according to claim 4 , comprising at least one of:at ...

Electronic device for providing security-required service through secure element, and method for controlling same electronic device

Disclosed is an electronic device comprising: a touchscreen display; a first processor operatively connected to the touchscreen display; a first memory operatively connected to the first processor so as to store a first application; and a secure element operatively connected to the touchscreen display; the first processor, and the first memory, wherein the secure element comprises a second processor, and a second memory configured to store a first framework, a plurality of second frameworks, and a first applet associated with the first application. In addition, various embodiments identified through the specification are possible.

TECHNIQUES AND TECHNOLOGIES TO ADDRESS MALICIOUS SINGLE-STEPPING AND ZERO-STEPPING OF TRUSTED EXECUTION ENVIRONMENTS

In one embodiment, an apparatus comprises a processing circuitry to detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave and in response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping event in the architecturally protected enclave. 1. An apparatus comprising a processing circuitry to:detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave; andin response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping event in the architecturally protected enclave.2. The apparatus of claim 1 , comprising circuitry to:implement a counter to monitor forward progress of the compute process which is to execute in the architecturally protected enclave; andgenerate an error signal when the counter indicates that the forward progress is less than a threshold.3. The apparatus of claim 1 , comprising circuitry to:monitor a frequency of fault events in the execution thread on the architecturally protected enclave;monitor a number instructions that execute between an occurrence of fault events in the execution thread on the architecturally protected enclave; andgenerate an error signal when a frequency of the fault events is greater than a threshold.4. The apparatus processor of claim 1 , comprising circuitry to:detect a page fault within a locked region of a computer-readable memory in the architecturally protected enclave; andin response to the page fault, generate an error signal.5. The apparatus of claim 1 , comprising circuitry to:implement a counter to monitor a number of asynchronous enclave exit (AEX) events that occur in the architecturally protected enclave; andgenerate an ...

ENCODED INLINE CAPABILITIES

Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments. 1. A system comprising a memory and a trusted execution environment (TEE) , the TEE to:configure a plurality of compartments in an address space of the memory, each compartment comprising a private memory and a pointer to a message block in a shared heap;receive a request to send a message from a first compartment, the request comprising the pointer to the message block and a destination compartment;respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request; andsubsequently, receive and respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault;wherein each compartment is isolated from other compartments, is unable to access private memory regions of other ...

SYSTEMS AND METHODS FOR IDENTIFYING UNKNOWN ATTRIBUTES OF WEB DATA FRAGMENTS WHEN LAUNCHING A WEB PAGE IN A BROWSER

Systems and methods for identifying unknown attributes of web data fragments during operation of a web browser with a web page. A security engine allows for the correct displaying of a web page in a browser when no information is available about the attributes of web data fragments for the web page by identifying the attributes of web data fragments for the web page. 1. A system for identifying unknown attributes of web data fragments during operation of a web browser with a web page , the system comprising:a computing platform including computing hardware of at least one processor and memory operably coupled to the at least one processor; and a web browser configured to access a networked server using an initial Universal Resource Locator (URL) request, and', create a unique second URL based on the initial URL,', 'transmit a request to the server, using the web browser, at the address of the second URL,', 'identify at least one web data fragment based on the data transmitted with the request at the address of the second URL to the server, and', 'identify at least one unknown attribute of the at least one web data fragment based on at least one known attribute of the identified at least one web data fragment and the second URL., 'a security engine configured to—'}], 'instructions that, when executed on the computing platform, cause the computing platform to implement2. The system of claim 1 , wherein the security engine is further configured to display a web page in the web browser based on the identified at least one unknown attribute.3. The system of claim 1 , wherein the web browser is operated in a protected mode.4. The system of claim 3 , wherein the security engine is configured to determine that the web browser is to be operated in the protected mode by checking content of the server.5. The system of claim 3 , wherein the security engine is configured to determine that the web browser is to be operated in the protected mode by evaluating a security policy for ...

REGISTER PARTITION AND PROTECTION FOR VIRTUALIZED PROCESSING DEVICE

A register protection mechanism for a virtualized accelerated processing device (“APD”) is disclosed. The mechanism protects registers of the accelerated processing device designated as physical-function-or-virtual-function registers (“PF-or-VF* registers”), which are single architectural instance registers that are shared among different functions that share the APD in a virtualization scheme whereby each function can maintain a different value in these registers. The protection mechanism for these registers comprises comparing the function associated with the memory address specified by a particular register access request to the “currently active” function for the APD and disallowing the register access request if a match does not occur. 1. A method for protecting a register for a virtualization-enabled processing device , the method comprising:receiving a request to access a register associated with the processing device, the register being time-shared among functions in a virtualization scheme such that a different function owns the register during a different time-slice of the virtualization scheme;analyzing an address specified by the request to obtain a requester function identifier and an offset;identifying a hardware unit associated with the register based on the offset;forwarding the requester function identifier and the offset to a hardware unit associated with the register; andcomparing the requester function identifier to an active function identifier that indicates which function is currently active on the processing device.2. The method of claim 1 , wherein comparing the requester function identifier to the active function identifier comprises:determining that the requester function identifier and the active function identifier indicate the same function; andin response, allowing the access to the register to occur.3. The method of claim 1 , wherein comparing the requester function identifier to the active function identifier comprises:determining ...

Intelligent tracking system and methods and systems therefor

An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Intelligent tracking system and methods and systems therefor

An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Intelligent tracking system and methods and systems therefor

An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator.

Resetting operating state holding element

An apparatus has processing circuitry to perform data processing in one of two or more operating states associated with different levels of privilege. At least one operating state holding element holds a state indication indicating a current operating state of the processing circuitry. In response to a transition of a reset signal from a first value to a second value for triggering a reset of the processing circuitry, the at least one operating state holding element resets the state indication to indicate a default operating state other than a most privileged operating state of the two or more operating states.

MOBILE DEVICE HAVING TRUSTED EXECUTION ENVIRONMENT

A mechanism for securing a mobile app for execution on a mobile device. The mechanism includes loading a non-trusted portion of the mobile app from a non-trusted application provider onto the mobile device, operating a key provisioning server to generate keys associated with a trusted execution environment, transmitting the keys associated with the trusted execution environment to the mobile device and to a key directory server, authenticate the mobile device, and upon authenticating the mobile device, transmitting a trusted portion of the mobile app including a trusted application to the mobile device, and installing the trusted portion of the mobile app on the mobile device thereby providing a trusted execution environment. Other systems and methods are disclosed. 1. A method for securing a mobile application for execution on a mobile device , comprising: load a non-trusted portion of the mobile application from a non-trusted application provider onto the mobile device;', 'load a trusted portion of the mobile application from a trusted application provider into the mobile device;', 'install the trusted portion of the mobile application on the mobile device thereby providing a trusted execution environment., 'the mobile device being configured to2. The method for securing the mobile application for execution on the mobile device according to claim 1 , wherein the loading of the trusted portion of the mobile application into the mobile device comprises the following steps:the mobile application generates a trusted execution environment id TEE ID from an identifier of the mobile application and a device fingerprint of the mobile device; said generated a trusted execution environment id TEE ID being transmitted by the mobile application to a key provisioning server;operating the key provisioning server to generate keys to be associated with the trusted execution environment id TEE ID and transmitting to a key director the trusted execution environment id TEE ID and ...

Goal-Driven Provisioning in IoT Systems

Techniques are disclosed for provisioning Internet of Things (IoT) devices in accordance with a state machine model. More particularly, collections of IoT devices may be organized into enclaves, groups or “shoals” that operate as autonomous or semi-autonomous groups of devices functioning as a collective having a common objective or mission. IoT devices participating in a shoal may be provisioned with shoal-specific context information as part of their device-specific provisioning activity. By way of example, a shoal context object can include a current state variable and a target next state variable. The shoal's target next state variable establishes a goal (e.g., for provisioning activity) without dictating how the individual shoal members (IoT device) are to achieve that goal. This mechanism may be used to drive a shoal's separate devices through their individual provisioning state machines until the shoal itself is made operational.

Branch destination tables

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for software sandboxing. One of the methods includes receiving a software module that includes verifiably safe computer code and a branch destination table indicating addresses of all instructions that may be targets of indirect control flow transfers; validating the computer code to determine whether it can run safely by using a statically verifiable fault isolation scheme, where validating the computer code comprises validating the addresses of the branch destination table instructions; and running the computer code, in a sandbox environment, if it has been determined to run safely.

Managing device driver cross ring accesses

Technologies managing cross ring memory accesses by a device driver on a computing device includes configuring a memory page table associated with the device driver to disable cross ring memory accesses by the device driver, trapping attempted cross ring memory accesses by the device driver, and denying the attempted cross ring memory access if the device driver is determined to be malicious. If the device driver is determined not to be malicious, the memory page table is updated to allow the attempted cross ring memory access. The device driver may be analyzed to determine whether the device driver is malicious by comparing the device driver and the attempted cross ring memory access to security data, such as a device driver fingerprint and/or cross ring memory access heuristics, stored on the computing device.

CONTROL FLOW PROTECTION BASED ON PHANTOM ADDRESSING

Disclosed are methods, systems, devices, media, circuits, and other implementations, including a method that includes generating for a code block of a process executing on a controller-based device one or more code block copies defined in a virtual address space of the controller-based device, with the code block of the process being stored in a particular segment of a physical address space of the controller-based device, and with the code block configured to separately map to each of the one or more of the code block copies in the virtual address space. The method further includes processing at least a portion of one of the one or more code block copies defined in the virtual address space when the corresponding code block of the process is to be processed. 1. A method comprising:generating for a code block of a process executing on a controller-based device one or more code block copies defined in a virtual address space of the controller-based device, wherein the code block of the process is stored in a particular segment of a physical address space of the controller-based device, with the code block configured to separately map to each of the one or more of the code block copies in the virtual address space; andprocessing at least a portion of one of the one or more code block copies defined in the virtual address space when the corresponding code block of the process is to be processed.2. The method of claim 1 , wherein generating the one or more code block copies comprises generating for the code block of the process executing on a controller-based device a plurality of code variants defined in the virtual address space of the controller-based device claim 1 , wherein the code block is configured to separately map to each of the plurality of the code variants in the virtual address space;and wherein processing the at least the portion of one of the one or more code block copies comprises selecting for execution one of the plurality of code variants when the ...

DETECTION AND MITIGATION OF TIME-DELAY BASED NETWORK ATTACKS

Systems and methods for mitigation of time-delay based network attacks are provided. According to one embodiment, an email directed to a user of an enterprise and containing a potentially malicious link is received by a mail server of the enterprise. At a first time, a file to which the potentially malicious link points is evaluated within a sandbox environment and a first hash value is generated based on contents of the file. At a second time, a file to which the potentially malicious link points is again evaluated, including downloading the file to which the potentially malicious link points to at the second time and generating a second hash value based on contents of the file. When the two hash values differ, then the file is treated by the mail server as a suspicious or high risk file or is caused to be evaluated within the sandbox environment. 1. A method comprising:receiving, by a mail server of an enterprise, an electronic mail (email) directed to a user of the enterprise and containing a potentially malicious link;at a first time, causing, by the mail server, a file to which the potentially malicious link points at the first time to be evaluated within a sandbox environment and a first hash value to be generated based on contents of the file to which the potentially malicious link points at the first time;at a second time, causing, by the mail server, a file to which the potentially malicious link points to at the second time to be evaluated, including downloading the file to which the potentially malicious link points to at the second time and generating a second hash value based on contents of the file to which the potentially malicious link points to at the second time;when the first hash value and the second hash value differ, then (i) treating, by the mail server, the file to which the potentially malicious link points to at the second time as a suspicious or high risk file or (ii) causing, by the mail server, the file to which the potentially malicious ...

INTELLIGENT TRACKING SYSTEM AND METHODS AND SYSTEMS THEREFOR

An intelligent tracking system generally includes one or more tracking devices, some of which may be passive tracking devices. Each passive tracking device includes one or more transceivers and is energized by an energizing signal. Some of these passive tracking devices may operate in a first communication mode or a second communication mode based on the energizing signal. Some tracking devices may include encryption modules or authentication modules. Some of these devices may incorporate a bulk acoustic wave oscillator. 1. A method for generating encrypted messages that are used to authenticate a tracking device by an authentication device , the method comprising:obtaining, by an encryption module of the passive tracking device a device identifier that uniquely identifies the tracking device;generating, by the encryption module, an obscured device identifier based on the device identifier and a secret pattern;generating, by the encryption module, a message based on the obscured device identifier;encrypting, by the encryption module, the message using a secret key to obtain an encrypted message; andoutputting, by the encryption module, the encrypted message to a transmission module of the tracking device; andmodulating, by the transmission module, a response signal that includes the encrypted message for transmission via an antenna of the tracking device.2. The method of claim 1 , wherein generating the obscured device identifier includes:generating a random N-bit string; andinserting the random N-bit string into the device identifier according to the secret pattern.3. The method of claim 2 , wherein the secret pattern defines N different insertion slots claim 2 , wherein each insertion slot respectively defines a bit position of the device identifier where a respective bit of the random N-bit string is inserted.4. The method of claim 2 , wherein an authentication device decrypts the message using the secret key to obtain the obscured device identifier claim 2 , and ...

COMPUTER SECURITY SYSTEM AND METHOD

A method is provided for protecting a computer system, comprising creating an isolated process, then assigning a first process group to the process; creating an additional group process within the first process group; performing a first determination by an application programming interface (API) that the additional group process is within the first process group, and as a result of the first determination, causing the additional group process to inherit and duplicate a handle of the process. Process communications and control within isolated groups is permitted freely, whereas process control by an isolated process for non-isolated processes or isolated processes in different groups is constrained or prohibited. 1. A method for protecting a computer system , comprising:attaching a security descriptor to a process running on a processor of the computer system that has been previously started;associating with the security descriptor an isolation indicator that, by the isolation indicator itself, indicates the process is running in an isolation mode, thereby rendering the process as an isolated process, the isolated process running with a plurality of non-isolated processes in a common environment;calling a kernel routine by the isolated process that is also callable by a non-isolated process that is not running in isolation mode, the non-isolated process is among the plurality of non-isolated processes;attempting to perform an operation on an object by the kernel routine called by the isolated process;determining, by a filter driver running in kernel mode, whether the kernel routine is requesting the operation on behalf of the isolated process or the non-isolated process;if the operation is requested on behalf of the isolated process, then performing the operation utilizing a pseudo storage area; and if the operation is requested on behalf of the non-isolated process, then performing the operation utilizing an actual storage area in which the object of the computer ...

Firmware verified boot

Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.

PROCESSOR STATE DETERMINATION

An example system includes a main processor operable in a normal mode or a trusted mode, the main processor having an embedded diagnostic trusted code executable in the trusted mode; a secure memory accessible by the main processor when the main processor is in the trusted mode and inaccessible to the main processor when the main processor is in the normal mode, wherein execution of the embedded diagnostic trusted code causes the main processor to write diagnostic information to the secure memory; and a monitor processor having access to the secure memory to analyze the diagnostic information to determine a state of the main processor. 1. A system , comprising:a main processor operable in a normal mode or a trusted mode, the main processor having an embedded diagnostic trusted code executable in the trusted mode;a secure memory accessible by the main processor when the main processor is in the trusted mode and inaccessible to the main processor when the main processor is in the normal mode, wherein execution of the embedded diagnostic trusted code causes the main processor to write diagnostic information to the secure memory; anda monitor processor having access to the secure memory to analyze the diagnostic information to determine a state of the main processor.2. The system of claim 1 , wherein the monitor processor causes switching of the main processor from the normal mode to the trusted mode by issuing an interrupt through an interrupt line between the monitor processor and an interrupt controller of the main processor.3. The system of claim 1 , wherein the monitor processor switches the main processor from the trusted mode to the normal mode after the diagnostic information is written to the secure memory.4. The system of claim 1 , wherein monitor processor analyzes the diagnostic information by accessing a main memory system of the main processor and analyzing information on the main memory system and the diagnostic information written to the secure memory.5. ...

MEMORY INITIALIZATION IN A PROTECTED REGION

Secure memory allocation technologies are described. A processor includes a processor core and a memory controller that is coupled between the processor core and main memory. The main memory comprises a protected region including secured pages. The processor, in response to a content copy instruction, is to initialize a target page in the protected region of an application address space. The processor, in response to the content copy instruction, is also to select content of a source page in the protected region to be copied. The processor, in response to the content copy instruction, is also to copy the selected content to the target page in the protected region of the application address space. 1. A processor comprising:a processor core; and execute a first enclave instruction, wherein the first enclave instruction is a single instruction; and', copy content of a source EPC page within a same enclave as a target EPC page,', 'update an access permission level of the target EPC page, and', 'change a page type flag of the target EPC page from a pending state to a valid state for use in the enclave., 'in response to executing the first enclave instruction,'}], 'a memory controller coupled between the processor core and main memory, wherein the main memory comprises an enclave that includes enclave page cache (EPC) pages, and wherein the processor core is to2. The processor of claim 1 , wherein the processor core is further to:execute a second enclave instruction to allocate the target EPC page in the enclave, wherein the second enclave instruction is to set the page type flag of the target EPC page to the pending state.3. The processor of claim 1 , wherein the processor core is further to:set a lock on the target EPC page;select at least a portion of the content of the source EPC page in the enclave to be copied to the target EPC page;determine that the page type flag for the source EPC page is not set for a blocked state, the pending state, or a modified state; ...

Secure configuration data storage

A machine-implemented method for controlling a configuration data item in a storage-equipped device having at least two security domains, comprising receiving, by one of the security domains, a configuration data item; storing the configuration data item; providing a security indication for the configuration data item; and when an event indicates untrustworthiness of the data item, invalidating a configuration effect of the stored configuration data item. Further provided is a machine-implemented method for controlling a storage-equipped device as a node in a network of devices, comprising receiving information that a data source or type of a configuration data item is untrusted; analysing metadata for the data source and the configuration data item; populating a knowledge base with analysed metadata; and responsive to the analysed metadata, transmitting security information to the network of devices. A corresponding device and computer program product are also described.

LESS-SECURE PROCESSORS, INTEGRATED CIRCUITS, WIRELESS COMMUNICATIONS APPARATUS, METHODS AND PROCESSES OF MAKING

An integrated circuit () includes an on-chip boot ROM () holding boot code, a non-volatile security identification element () having non-volatile information determining a less secure type or more secure type, and a processor (). The processor () is coupled to the on-chip boot ROM () and to the non-volatile security identification element () to selectively execute boot code depending on the non-volatile information of the non-volatile security identification element (). Other technology such as processors, methods of operation, processes of manufacture, wireless communications apparatus, and wireless handsets are also disclosed. 114-. (canceled)15. A process of manufacturing products wherein the process has a yield subject to a yield loss comprising:providing integrated circuits, the integrated circuits having a first feature and a second feature, the second feature having a state of disablement or enablement dependent on an on-chip alterable non-volatile element;testing the integrated circuit devices so made with the second feature enabled thereby identifying a first group of the devices that pass the testing of both the first feature and the second feature, and a second group of the devices that pass the testing of the first feature and do not pass the testing of the second feature; andaltering the non-volatile element in a plurality of devices from the second group.16. The process of wherein the process further comprising:altering the non-volatile element in at least one device from the first group.17. The process of wherein the process further comprising:saving, as a first yield of the process, devices in the first group with the non-volatile element unaltered; andsaving, as a second yield of the process, devices in the first group with the non-volatile element altered and devices in the second group with the non-volatile element altered.18. The process of wherein the process further comprising:delivering to a customer as a first yield of the process for that ...

SECURE IOT DEVICE UPDATE

The disclosed technology is generally directed to updating of applications, firmware and/or other software on IoT devices. In one example of the technology, a request that is associated with a requested update is communicated from a normal world of a first application processor to a secure world of the first application processor. The secure world validates the requested update. Instructions associated with the validated update are communicated from the secure world to the normal world. Image requests are sent from the normal world to a cloud service for image binaries associated with the validated update. The secure world receives the requested image binaries from the cloud service. The secure world writes the received image binaries to memory, and validates the written image binaries. 1. An apparatus for updating , comprising: communicating a request for a requested update from the second independent execution environment to the first independent execution environment;', 'validating, by the first independent execution environment, the requested update;', 'communicating instructions associated with the validated update from the first independent execution environment to the second independent execution environment;', 'for update binaries associated with the validated update, sending update requests from the second independent execution environment to a cloud service;', 'receiving, by the first independent execution environment, the requested update binaries from the cloud service;', 'using the first independent execution environment to write the received update binaries to the second memory;', 'validating, by the first independent execution environment, the written update binaries; and', 'in response to validating the written update binaries, enabling, by the first independent execution environment, access by the second independent execution environment to the validated written update binaries., 'an IoT device including a first memory adapted to store run-time data ...

RENDERING AN OBJECT USING MULTIPLE VERSIONS OF AN APPLICATION IN A SINGLE PROCESS FOR DYNAMIC MALWARE ANALYSIS

Techniques for rendering an object using multiple versions of an application in a single process for dynamic malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for rendering an object using multiple versions of an application in a single process for dynamic malware analysis includes receiving a sample at a cloud security service, in which the sample includes an embedded object; detonating the sample using a browser executed in an instrumented virtual machine environment; and rendering the embedded object using a plurality of versions of an application in a single process during a dynamic malware analysis using the instrumented virtual machine environment. 1. A system , comprising: receive a sample at a cloud security service for detonating in an instrumented virtual machine environment, wherein the sample includes an embedded object;', 'modify the instrumented virtual machine environment to support execution of a plurality of versions of an application, wherein modifying the instrumented virtual machine environment to support execution of the plurality of versions of the application includes hot patching a baseline virtual machine image or modifying a physical executable file for each of the plurality of versions of the application;', 'launch a browser library, a browser plugin, or a browser helper object (BHO) in a single process executed in the instrumented virtual machine environment, wherein the browser library, the browser plugin, or the BHO is loaded by the browser prior to rendering the sample, and wherein the browser library, the browser plugin, or the BHO facilitates rendering the embedded object using the plurality of versions of the application in the single process during a dynamic malware analysis using the instrumented virtual machine environment;', 'detonate the sample using a browser executed in the instrumented virtual machine environment; and', 'render the embedded object included in the sample ...

INFORMATION PROCESSING DEVICE, MOBILE OBJECT, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT

According to an embodiment, an information processing device switching between a secure mode and a non-secure mode to operate, includes one or more processors configured to perform: implementing a secure OS which operates in the secure mode; implementing a non-secure OS which operates in the non-secure mode; acquiring initialization process information autonomously in the secure mode, the initialization process information relating to an initialization process which the non-secure OS executes for a shared resource shared by the secure OS and the non-secure OS; and enabling, based on the initialization process information, the shared resource to be shared and used by the secure OS and the non-secure OS. 1. An information processing device switching between a secure mode and a non-secure mode to operate , comprising:one or more processors configured to perform:implementing a secure OS which operates in the secure mode;implementing a non-secure OS which operates in the non-secure mode;acquiring initialization process information autonomously in the secure mode, the initialization process information relating to an initialization process which the non-secure OS executes for a shared resource shared by the secure OS and the non-secure OS; andenabling, based on the initialization process information, the shared resource to be shared and used by the secure OS and the non-secure OS.2. The device according to claim 1 , wherein the secure OS performs the acquiring and the enabling.3. The device according to claim 1 , whereinthe secure OS further performs determining whether or not a progress degree of the initialization process for the shared resource by the non-secure OS satisfies an enabling condition of the shared resource, the progress degree of the initialization process being indicated by the initialization process information, andat the enabling, the one or more processors enable the shared resource when it is determined that the enabling condition is satisfied.4. The ...

Secure System Having a Multi-Locking Mechanism for Devices Having Embedded Systems

A device configured to implement multiple locks to increase security of assets associated with the device including an embedded system, a multi-lock mechanism configured to provide a plurality of locks to prevent an authorized access to the assets associated with the embedded system, each of the plurality of locks of the multi-lock mechanism having an different unlock parameters, a memory configured to securely store at least one of the lock parameters of the plurality of locks of the multi-lock mechanism, the memory further configured to securely store at least one of the unlock parameters of the multi-lock mechanism, and the embedded system further configured to provide access to the assets after each of the lock parameters of the plurality of locks of the multi-lock mechanism is provided the unlock parameters of the multi-lock mechanism. 1. A device configured to implement multiple locks to increase security of assets associated with the device comprising:an embedded system;a multi-lock mechanism configured to provide a plurality of locks to prevent an unauthorized access to the assets associated with the embedded system and wherein at least one of the plurality of locks of the multi-lock mechanism comprises a secure default lock state;each of the plurality of locks of the multi-lock mechanism having lock parameters and each of the plurality of locks of the multi-lock mechanism having different unlock parameters;a memory in communication with the embedded system, the memory configured to securely store at least one of the following: the lock parameters of the plurality of locks of the multi-lock mechanism and the unlock parameters of the plurality of locks of the multi-lock mechanism;the memory further configured to securely store at least one of the unlock parameters of the multi-lock mechanism, wherein the memory comprises one of the following: a NAND flash memory, double data rate (DDR2) random access memory (RAM), a replay protected memory block (RPMB) memory ...

METHOD AND SYSTEM FOR IMPROVING EFFICIENCY OF PROTECTING MULTI-CONTENT PROCESS

The invention provides method and system for improving efficiency of protecting multi-content process. The system may cooperate with a memory, and may comprise one or more hardware IPs (intellectual properties) for content processing, one of the one or more IPs may be associated with multiple access identities. The memory may comprise multiple different ranges, each range may register an access of one of the multiple access identities as a permissible access. The method may comprise: selecting one of the access identities for processing a first content, and using the selected access identity when said IP accesses the memory during processing of the first content; selecting a different one of the access identities for processing a second content, and using the selected different access identity when said IP accesses the memory during processing of the second content. 1. A method applied to a system for improving efficiency of protecting multi-content process; the system cooperating with a memory , and comprising one or more hardware IPs (intellectual properties) for content processing: wherein:one of the one or more IPs is associated with multiple access identities;the memory comprises multiple different ranges, each said range is configurable to register an access of one of the multiple access identities as a permissible access; andthe method comprises:selecting one of the multiple access identities for processing a first content, and using the selected access identity when said IP accesses the memory during processing of the first content; andselecting a different one of the multiple access identities for processing a second content, and using the selected different access identity when said IP accesses the memory during processing of the second content.2. The method of further comprising: between processing of the first content and the second content claim 1 , not reconfiguring the registered permissible access of each said range.3. The method of further ...

SECURITY, SAFETY, AND REDUNDANCY EMPLOYING CONTROLLER ENGINE INSTANCES

The claimed subject matter provides a system and/or method that facilitates employing safety within an industrial environment. An enhancing component can implement at least one of a security level, authentication, authorization, or an access right to a validated action to at least one of the controller or the controller engine instance. The enhancing component can further separate two or more entities within the industrial environment, the first entity related to process control and the second entity related to process safety. Additionally, the enhancing component can employ at least one of a backup controller or a backup controller engine instance in the event of at least one of a software error or a hardware error within the industrial environment. 1. An industrial controller , comprising:a processor; and an enhancing component configured to generate a first controller engine instance having a first security level for control of an industrial process and a second controller engine instance having a second security level for control of a safety device; and', 'a redundancy component configured to generate one or more backup controller engine instances for at least one of the first controller engine instance or the second controller engine instance, wherein the redundancy component determines a quantity of the one or more backup controller engine instances based on ratio data maintained in a data store specifying a ratio of backup controller engine instances to primary controller engine instances., 'a memory communicatively coupled to the processor, the memory having stored therein computer-executable instructions configured to implement the system, comprising2. The industrial controller of claim 1 , further comprising a separation component configured to classify the industrial process and the safety device based on an evaluation of industrial data collected from the industrial process and the safety device.3. The industrial controller of claim 2 , wherein the ...

Credential authentication methods and systems

Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.

Arrangement for selective enabling of a debugging interface

An arrangement for disabling a configuration of a first programmable hardware component, having the first programmable hardware component, a second programmable hardware component, and a switching element. The first programmable hardware component has a configuration interface for configuring a logic of the first programmable hardware component, a data interface for communication of the logic with the second programmable hardware component, a debugging interface for debugging and configuring the logic, and a configuration monitoring interface for signaling a configuration process of the logic. The switching element is designed and connected to the debugging interface such that access to the debugging interface during a configuration process of the logic can be disabled.

Autonomous driving system with dual secure boot

An autonomous driving system having dual secure boot is provided. The autonomous driving system includes: a control system, a host, and a baseboard management controller (BMC). The control system includes a microcontroller, a first flash memory, and a second flash memory. The first flash memory stores first embedded-controller firmware and a first application image file. The second flash memory stores second embedded-controller firmware and a second application image file. When the autonomous driving system is turned on, the microcontroller executes a dual secure boot procedure to execute the first embedded-controller firmware or the second embedded-controller firmware. In response to the microcontroller successfully executing the first embedded-controller firmware or the second embedded-controller firmware, the microcontroller authenticates the first application image file or the second application image file. In response to the BMC executing the authenticated first application image file or second application image file, the host executes a boot procedure.

Electronic devices and signature wakeup methods thereof

An electronic device including a touch sensor and a processing unit is provided. The touch sensor is disposed on or under a display, and generates touch data for a touch detected thereon or therenear when the electronic device is locked with the display in a sleep state. The processing unit determines whether the touch data matches a predetermined signature according to the touch data, and wakes the display from the sleep state and unlocks the electronic device when the touch data matches the predetermined gesture.

METHOD AND SYSTEM FOR PREVENTING UNAUTHORIZED PROCESSOR MODE SWITCHES

A system comprising a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules. 2040-. (canceled)41. A computing system operable in multiple security modes , comprising:a register bit that indicates whether said computing system is in one of a secure or a non-secure mode depending upon a state of said bit;a memory management unit capable of being switched between an enabled state and a disabled state;a monitoring device coupled to said register bit and to said memory management unit, said monitoring device operable to report a security violation within said system if said state of said register bit changes from a state indicating a non-secure mode to a state indicating a secure mode when said memory management unit is in said disabled state.42. The computing system of claim 41 , wherein said system further comprises a power reset control manager coupled to said monitoring device claim 41 , wherein said security violation is reported by said monitoring device to said power reset control manager.43. The computing system of claim 41 , wherein said system has an ARM® Trustzone® architecture.44. The computing system of claim 41 , wherein all of said components are on a single semiconductor die.45. A computing system operable in multiple security modes claim 41 , comprising:a secure configuration register comprising an NS bit, said computing system in one of a secure or non-secure mode depending upon a state of said NS bit;a memory management unit comprising an output that indicates whether said memory management unit is in an enabled state or a disabled state;a monitoring device coupled to said secure configuration register and to said memory management unit to receive the state of said NS bit and ...

Method and apparatus for processing biometric information in electronic device

A method and apparatus for processing biometric information in an electronic device including a processor that operates at a normal mode or at a secure mode, the method comprising, detecting a biometric input event from a biometric sensor module at normal mode, creating biometric data based on sensed data from the biometric sensor module at the secure mode, performing biometric registration or biometric authentication based on the created biometric data at the secure mode, and providing result information of biometric registration or biometric authentication at the normal mode.

TECHNIQUES TO ENFORCE POLICIES FOR COMPUTING PLATFORM RESOURCES

Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack. In several such embodiments, a second ISA instruction implemented by microcode may enable untrusted software to verify the validity of the wrapped blobs and program registers associated with the platform resource with policy information provided via the wrapped blobs. 1. An apparatus , comprising:a processor; and receive a plurality of wrapped policy blobs; and', 'send a configuration command to a trusted computing base, the command to cause the trusted computing base to program, based in part on the wrapped policy blobs, one or more policy registers to allow access to platform resources by the untrusted system instructions., 'a memory comprising untrusted system instructions, which when executed by the processor cause the processor to2. The apparatus of claim 1 , wherein the command to further cause the trusted computing base to set a lock bit associated with the platform resource to allow access to the platform resources by the untrusted system instructions.3. The apparatus of claim 2 , the untrusted system instructions claim 2 , when executed by the processor cause the processor to:store at least one of the wrapped policy blobs in a general purpose register accessible by the trusted computing base; andadd an indication ...

Hypervisor measurement agent

An apparatus including a processor and a memory configured to provide an SEE and an REE. The processor is configured to provide a client application configured to execute at a user privilege level and a hypervisor configured to execute at a hypervisor privilege level. The user privilege level is more restrictive than the hypervisor privilege level. The processor is further configured to provide a trusted application configured to execute within the SEE. The trusted application provides secure services to the client application. The processor is configured to send a request for secure services from the client application to the trusted application, send a measurement request to the hypervisor, generate within the hypervisor a measured value based on the client application, return the measured value to the trusted application, and determine whether the client application is authorized to access the secure services. The authorization determination is based on the measured value.

MOBILE DEVICE WITH MULTIPLE SECURITY DOMAINS

Included within a shared housing are at least one user interface element; a first isolated computational entity; a second isolated computational entity; and a switching arrangement. The switching arrangement is configured to, in a first mode, connect the first isolated computational entity to the at least one user interface element; and, in a second mode, connect the second isolated computational entity to the at least one user interface element. 1. An apparatus comprising:at least one user interface element;a first isolated computational entity;a second isolated computational entity; in a first mode, connect said first isolated computational entity to said at least one user interface element; and', 'in a second mode, connect said second isolated computational entity to said at least one user interface element; and, 'a switching arrangement configured toa shared housing for said at least one user interface element, said first isolated computational entity, said second isolated computational entity, and said switching arrangement; said first isolated computational entity comprises an enterprise computing system including an enterprise memory, and an enterprise system processor coupled to said enterprise memory;', 'said second isolated computational entity comprises a non-enterprise computing system including a non-enterprise memory isolated from and physically separate from said enterprise memory, and a non-enterprise system processor coupled to said non-enterprise memory and isolated from said enterprise processor; and', 'said enterprise memory and said enterprise system processor are used only for said enterprise computing system;', 'said non-enterprise memory and said non-enterprise system processor are used only for said non-enterprise computing system., 'wherein226.-. (canceled)27. A method comprising: at least one user interface element;', 'a first isolated computational entity;', 'a second isolated computational entity;', in a first mode, connect said first ...

METHOD OF ENFORCING CONTROL OF ACCESS BY A DEVICE TO A SECURE ELEMENT, AND CORRESPONDING SECURE ELEMENT

A method of enforcing control of access by a hosting device to a secure element, and a secure element are described. The method includes steps performed by the secure element: receiving a request for retrieving at least one access rule controlling access to at least one application of the secure element, from access rules stored in the secure element; outputting at least one access rule retrieved from the stored access rules, wherein an access rule controlling access to an application of the secure element is retrieved by searching only in access rules stored in a security domain to which the application belongs in the secure element, or an access rule controlling access to an application of the secure element is stored only in a security domain to which the application belongs in the secure element. 1. A method of enforcing control of access by a device to a secure element hosted in the device , the secure element comprising a master security domain and at least one other security domain , each security domain storing one or more access rules , each access rule identifying at least one application of the secure element to control access to the application , the method comprising the following steps performed by an access rule application of the master security domain of the secure element:receiving a request from the hosting device, for retrieving at least one access rule controlling access to at least one application of the secure element, from access rules stored in the secure element, the request including an identifier identifying the at least one application;outputting, to the hosting device, at least one access rule retrieved from the stored access rules,wherein the method further comprises enforcing the output access rule by an access control enforcer of the hosting device;characterized in that the method further comprises the following steps performed by the access rule application of the master security domain of the secure element, upon receiving the ...

SECURING MULTI-TENANCY IN A DATACENTER USING NANOSERVICES

A datacenter is configured to execute a method to improve multi-tenant security by isolating container applications or nano-service applications by implementing a set of system call separation functions (SCSFs) in a set of corresponding nano-services for each container application or nano-service application. The method includes receiving a request to initiate a container application or a nano-service application, determining a set of nano-services and SCSFs to service the container application or the nano-service application, packaging the set of nano-services and SCSFs to service the container application or the nano-service application, and sending the set of nano-services and SCSFs to be instantiated by the datacenter. 1. A method implemented by a datacenter to improve multi-tenant security by isolating container applications or nano-service applications by implementing a set of system call separation functions (SCSFs) in a set of corresponding nano-services for each container application or nano-service application , the method comprising:receiving a request to initiate a container application or a nano-service application;determining a set of nano-services and SCSFs to service the container application or the nano-service application;packaging the set of nano-services and SCSFs to service the container application or the nano-service application; andsending the set of nano-services and SCSFs to be instantiated by the datacenter.2. The method of claim 1 , wherein the set of SCSFs are configured to intercept system calls from the container application or nano-service application.3. The method of claim 1 , wherein the set of nano-services and SCSFs are packaged with the container application or the nano-services application.4. The method of claim 1 , wherein the datacenter executes at least one SCSF claim 1 , the method further comprising:receiving a system call from the container application or nano-services at the at least one SCSF; anddetermining whether the ...

PROGRAM EXECUTION DEVICE

A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program. 1. A method for operating a portable terminal having a hardware processor and a non-transitory memory , the method comprising:processing, using a hardware processor, a first component including at least a first program for tamper detection and a second component including at least a second program for executing a task; andloading, in a non-transitory memory, at least the second component from the non-transitory memory,wherein, the first program of the first component judges whether or not at least part of the second program of the second component is tampered with, by using a tamper detection value in a secure environment,the tamper detection value is a first hash value, andthe secure environment cannot be accessed outside of the secure environment.2. The method according to claim 1 ,wherein the first hash value is calculated for the second component prior to the loading.3. The method according to claim 1 ,wherein the first program of the first component judges whether or not at least part of the second program of the second component is tampered with, by comparing the first hash value and a second hash value which is calculated after the calculation of the first hash value.4. The method according to claim 1 ,wherein the secure environment is a higher security level than a normal environment in which the second program is executed.5. The method ...

SEGREGATED USER-UPLOADED PLUGINS TO AVOID AFFECTING CO-HOSTED WEBSITES

Disclosed embodiments relate to website hosting implemented in a server environment. Operations include co-hosting, on a hosting server, a plurality of websites generated by a plurality of users; making available to the plurality of users common editing tools; preventing at least some of the plurality of users from altering co-hosted specific websites generated by others of the plurality of users; generating an interface for enabling the at least one subset of the plurality of users to upload to the hosting server plugin code associated with plugins for the co-hosted specific websites generated by the at least one subset of the plurality of users; storing the user-uploaded plugin code; and securely enabling, using an isolation mechanism, at least one of execution of front-end plugin functionality code at the client or execution of back-end plugin functionality code at the plugin server. 1. A website hosting system implemented in a server environment , the system comprising:at least one hosting server configured to co-host a plurality of websites generated by a plurality of users, the hosting server including hosted common editing tools accessible to the plurality of users to enable each of the plurality of users to selectively alter specific websites generated by each of the plurality of users, the hosting server further being configured to prevent at least some of the plurality of users from altering co-hosted specific websites generated by others of the plurality of users; front-end plugin functionality code executable by a client; or', 'back-end plugin functionality code executable at a plugin server;, 'at least one processor configured to generate an interface, for display by at least one subset of the plurality of users, for enabling the at least one subset of the plurality of users to upload to the hosting server plugin code associated with plugins for the co-hosted specific websites generated by the at least one subset of the plurality of users, the plugin ...

VEHICLE SECURE COMMUNICATION METHOD AND APPARATUS, VEHICLE MULTIMEDIA SYSTEM, AND VEHICLE

This application discloses a vehicle security communication method and apparatus, a vehicle multimedia system, and a vehicle. The vehicle includes an open system, a security chip and a closed system, the open system is connected to the closed system through the security chip, the method is applied to the security chip, and the method includes: receiving a first vehicle data instruction from the closed system, where the first vehicle data instruction includes original vehicle data; encrypting the original vehicle data to obtain corresponding encrypted vehicle data; and replacing the original vehicle data in the first vehicle data instruction with the encrypted vehicle data to form a second vehicle data instruction, and sending the second vehicle data instruction to the open system. 1. A vehicle secure communication method , wherein the vehicle comprises an open system , a security chip and a closed system , the open system is connected to the closed system through the security chip , the method is applied to the security chip , and the method comprises:receiving a first vehicle data instruction from the closed system, wherein the first vehicle data instruction comprises original vehicle data;encrypting the original vehicle data to obtain corresponding encrypted vehicle data; andreplacing the original vehicle data in the first vehicle data instruction with the encrypted vehicle data to form a second vehicle data instruction, and sending the second vehicle data instruction to the open system.2. The method according to claim 1 , wherein the first vehicle data instruction further comprises a parity check code associated with the original vehicle data.3. The method according to claim 1 , wherein the first vehicle data instruction further comprises security level information of the original vehicle data claim 1 , the security level information indicates whether the original vehicle data is sensitive data;the step of encrypting the original vehicle data in the first vehicle ...

METHOD AND SYSTEM FOR PREVENTING UNAUTHORIZED PROCESSOR MODE SWITCHES

Disclosed embodiments relate to a system having a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules. 1. A computing system operable in a plurality of security modes , the computing system comprising:a register having one or more register bits to indicate whether the computing system is operating in one of a secure mode or a non-secure mode depending on a state of the one or more register bits;an instruction bus;a memory to store secure instructions and non-secure instructions, the memory being coupled to the instruction bus; anda monitoring device coupled to the register, wherein the monitoring device is configured to block execution of a non-secure instruction when the one or more register bits indicate that the computing system is operating in the secure mode.2. The computing system of claim 1 , wherein the computing system includes a security architecture to provide the plurality of security modes.3. The computing system of claim 2 , wherein the security architecture is ARM® TrustZone®.4. The computing system of claim 1 , wherein:the memory is partitioned into a secure domain and a non-secure domain;the secure instructions are stored in the secure domain; andthe non-secure instructions are stored in the non-secure domain.5. The computing system of claim 1 , comprising a memory management unit (MMU) coupled to the memory.6. The computing system of claim 1 , wherein the monitoring device comprises a hardware state machine7. The computing system of claim 1 , wherein the monitoring device is configured to block the execution of a non-secure instruction by preventing non-secure instructions from being fetched from the memory when the at least one register bit indicates that the computing ...

METHODS AND SYSTEMS FOR ACTIVATING MEASUREMENT BASED ON A TRUSTED CARD

Methods and systems for activating measurement based on a trusted card are provided. The method includes loading, by a security chip, a trusted metric root for a metric object to a host processor, wherein the trusted metric root is an encrypted metric root; receiving, by the security chip, a processing result after the host processor performs asymmetric encryption and decryption processing on the trusted metric root, wherein the processing result includes metric object data encrypted by a public key; decrypting, by the security chip, the metric object data encrypted by the public key; and determining, by the security chip, integrity of the metric object by performing a comparison on decrypted metric object data. 1. A method comprising:loading, by a security chip, a trusted metric root for a metric object to a host processor, wherein the trusted metric root is an encrypted metric root;receiving, by the security chip, a processing result after the host processor performs asymmetric encryption and decryption processing on the trusted metric root, wherein the processing result includes metric object data encrypted by a public key;decrypting, by the security chip, the metric object data encrypted by the public key; anddetermining, by the security chip, integrity of the metric object by performing a comparison on decrypted metric object data.2. The method according to claim 1 , wherein the security chip stores a private key for the trusted metric root claim 1 , and the host processor stores the public key for the trusted metric root.3. The method according to claim 2 , wherein before the security chip loads the trusted metric root of the metric object to the host processor claim 2 , the method further comprises:loading, by the security chip, a metric root of the metric object to an encryption module; andencrypting the metric root, by the encryption module, using the private key to obtain the trusted metric root.4. The method according to claim 2 , wherein decrypting claim ...

ALLOCATION POLICY FOR SHARED RESOURCE ACCESSIBLE IN BOTH SECURE AND LESS SECURE DOMAINS

Processing circuitry may support a secure domain and a less secure domain, where secure information associated with a secure software process is prevented from being accessed by a less secure software process in the less secure domain. Shared resource is accessible to both secure and less secure software processes. In response to detection of an anomaly condition, allocation policy for the shared resource is switched from a shared allocation policy to a secure-biased allocation policy. The secure-biased allocation policy has a stronger bias of resource allocation to secure software processes than the shared allocation policy. 2. The apparatus according to claim 1 , in which the anomaly condition comprises a condition indicative of starvation of shared resource for the secure software processes due to demand for shared resource by the less secure software processes.3. The apparatus according to claim 1 , in which the shared resource comprises a cache; andthe anomaly condition is dependent on a cache replacement rate exceeding a threshold, where the cache replacement rate is indicative of a frequency with which information stored in the cache is evicted to make way for other information.4. The apparatus according to claim 1 , in which the anomaly condition is dependent on a latency metric exceeding a threshold claim 1 , where the latency metric is indicative of latency of servicing requests for access to the shared resource.5. The apparatus according to claim 1 , in which when anomaly-triggered switching of allocation policy is enabled claim 1 , the resource allocation control circuitry is configured to switch the allocation policy from the shared allocation policy to the secure-biased allocation policy in response to detection of the anomaly condition; andwhen anomaly-triggered switching of allocation policy is disabled, the resource allocation control circuitry is configured to use the shared allocation policy regardless of whether the anomaly condition occurs.6. ...

Electronic device and method for protecting personal information using secure switch

An electronic device according to an embodiment includes: a memory configured to store encryption information, a processor, and a switch configured to electrically disconnect the processor from the memory in a first state and to electrically connect the processor and the memory in a second state. The processor is configured to receive a user input for switching the switch from the first state to the second state, provide the encryption information stored in the memory to a secure application executing only in a second execution environment through a secure operating system of the second execution environment, when the switch is switched from the first state to the second state to generate an electrical path between the memory and the processor, acquire signature information for a transaction based on the encryption information, and provide the signature information acquired based on the encryption information to a signature request application.

Method for Reporting and Addressing an Unauthorized Disclosure of Classified Information at an Imaging Device

A method of addressing an unauthorized disclosure of sensitive information at an imaging device, including receiving an indication of the unauthorized disclosure of sensitive information; receiving or generating preliminary information about the unauthorized disclosure; and transmitting the indication and the preliminary information to a remote location to initiate an investigation on the unauthorized disclosure. After receiving the indication, the method includes entering a reduced function mode by the imaging device; receiving a clearance key when in the reduced function mode; and after receiving the clearance key, exiting the reduced function mode and entering a normal mode of operation. 1. A method of correcting for an unauthorized disclosure of sensitive information at an imaging device , comprising:receiving, by the imaging device, an indication of the unauthorized disclosure of sensitive information;receiving or generating, by the imaging device, preliminary information about the unauthorized disclosure;transmitting, by the imaging device, the indication and the preliminary information to a remote location to initiate an investigation on the unauthorized disclosure;after receiving the indication, entering a reduced function mode by the imaging device, the reduced function mode enabling the imaging device to perform a reduced set of functions relative to a set of functions that are enabled to be performed during a normal mode of operation;receiving, by the imaging device, a clearance key when in the reduced function mode; andafter receiving the clearance key, exiting the reduced function mode and returning the imaging device to the normal mode of operation by the imaging device,wherein the indication is received via an interface element of a user interface of the imaging device.2. The method of claim 1 , further comprising determining whether a predetermined event occurred following the document being processed and prior to receiving the indication claim 1 , ...

Storage system and storage system control method

The present invention curbs encryption key information used in a virtual logical volume and improves security. A storage management function 33201 is configured to provide to a host computer a virtual logical volume 327 created on the basis of a pool volume 324 . The storage management function is configured to allocate a prescribed page from among pages in the pool volume to a virtual logical volume in accordance with a write request from the host computer. The storage management function is configured to select a page to be allocated to the virtual logical volume on the basis of information regarding encryption key information associated with a page that has been allocated to the virtual logical volume and information regarding encryption key information associated with a page capable of being allocated to the virtual logical volume from the pages managed in the pool.

Remote enforcement of device memory

A method for anti-replay protection of a memory of a device, wherein the memory is used by and external to a secure element of the device, the method comprising the following steps, wherein the steps are performed in the device after a content of the memory is modified: generating device state data indicative of a state of the content of the memory; transmitting the device state data to a remote system for updating an authentication key of the device stored in a data storage of the remote system and for use by the remote system in an authentication procedure; and providing authentication information based on the device state data from the secure element to the remote system in the authentication procedure between the device and the remote system to verify a validity of the content of the memory.

System and method for protecting against ransomware without the use of signatures or updates

A cybersecurity solution for preventing malware from infecting a computing device or a computer resource on the computing device. The solution can include detecting a computer resource process running or attempting to run on an operating system and comparing details of the computer resource process against an authorized processes database containing details of previously run computer resources processes to determine if the computer resource process is running or attempting to run for a first time on the operating system. The solution can include adding, during a learning mode, the details of the computer resource process to the authorized processes database when it is determined that the computer resource process is running or attempting to run for the first time on the operating system, and suspending, during a protect mode, the computer resource process from running on the operating system when it is determined that the computer resource process is running or attempting to run for the first time on the operating system. The details of the computer resource process can include at least one of semaphore data, mutex data or atom data for the computer resource process.

Directed wakeup into a secured system environment

Embodiments of processors, methods, and systems for directed wakeup into a secured system environment are disclosed. In one embodiment, a processor includes a decode unit, a control unit, and a messaging unit. The decode unit is to receive a secured system environment wakeup instruction. The control unit is to cause wake-inhibit indicator to be set for each of a plurality of responding logical processor to be kept in a sleep state. The messaging unit is to send a wakeup message to the plurality of responding logical processors, wherein the wakeup message is to be ignored by each of the plurality of responding logical processors for which the wake-inhibit indicator is set.

Detecting Selection of Disabled Inner Links Within Nested Content

Detecting selection of disabled inner links within nested content techniques are described herein. In one or more implementations, a document comprising nested content is displayed on a display of a computing device. The nested content is obtained from a third-party source and includes one or more disabled inner links to respective target portions within the nested content. A disabled link service monitors an address associated with the third-party source of the nested content to detect an address change corresponding to a user selection of one of the disabled inner links within the nested content. Responsive to detecting the address change, a respective target portion of the nested content associated with the selected inner link is located by scanning the nested content. The document is then scrolled to cause display of the target portion of the nested content on the display of the computing device. 1. A computer-implemented method comprising:causing display of a web page that includes nested content on a display of a computing device, the nested content including a disabled inner link to a target portion of the nested content;detecting a user selection of the disabled inner link within the nested content; andresponsive to the user selection of the disabled inner link, causing display of the target portion associated with the selected inner link on the display of the computing device.2. The method as described in claim 1 , wherein the document comprises an HTML document.3. The method as described in claim 2 , wherein the nested content is displayed within an HTML inline frame element (iframe) of the HTML document.4. The method as described in claim 1 , wherein the detecting further comprises monitoring an address associated with a third-party source of the nested content to detect an address change corresponding to the user selection of the disabled inner link within the nested content.5. The method as described in claim 4 , wherein the address comprises a URL of ...

Systems and methods for managing state

The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.

METHOD FOR A SECURED START-UP OF A COMPUTER SYSTEM, AND CONFIGURATION COMPRISING A COMPUTER SYSTEM AND AN EXTERNAL STORAGE MEDIUM CONNECTED TO THE COMPUTER SYSTEM

A method of starting-up a computer system includes accessing a second storage area of a storage in which program data are stored; loading and executing the program data from a second storage area; mounting an external storage medium connected to the computer system, wherein a file system key that decrypts a file system data is stored on an external storage medium, wherein the file system key is encrypted on the external storage medium; loading the encrypted file system key from the external storage medium into the computer system; decrypting the encrypted file system key by a key stored in the second storage area; setting the decrypted file system key in a cryptographic module established by the start-up process; and decrypting and loading file system data of the encrypted file system by the cryptographic modules by the set file system key, whereby the computer system is started up completely. 117. -. (canceled)18. A method for a secured start-up of a computer system including an encrypted file system stored in a first storage area of a storage in the computer system , wherein the method comprises steps automatically executed during start of the computer system:triggering a start-up process of the computer system by accessing a second storage area of the storage in which the program data required for the start-up process are stored,loading and executing the program data required for the start-up process from the second storage area,mounting an external storage medium that is connected to the computer system, wherein a file system key that decrypts the file system data of the encrypted file system is stored on the external storage medium, wherein the file system key is encrypted on the external storage medium,loading the encrypted file system key from the external storage medium into the computer system,decrypting the encrypted file system key by a key, which is stored in the second storage area,setting the decrypted file system key in a cryptographic module ...

MULTI-USE PAYMENT DEVICE

Disclosed herein are system, method, and device embodiments for tablet mode switching. In an embodiment, an electronic device enters a payment mode associated with a secure processor of the electronic device and suspends access by a primary processor of the electronic device to a component of the electronic device. Further, the electronic device determines that it is connected to a docking hub, permits the primary processor to access a peripheral device connected to the docking hub via a pair connection, and receives, by the primary processor, user input from the peripheral device connected to the docking hub via the pair connection. 1. A method comprising:entering, by an electronic device, a payment mode associated with a secure processor of the electronic device;suspending access, by a primary processor of the electronic device, to a component of the electronic device;determining that the electronic device is connected to a docking hub;permitting the primary processor to access a peripheral device connected to the docking hub via a pair connection; andreceiving, by the primary processor, user input from the peripheral device connected to the docking hub via the pair connection.2. The method of claim 1 , wherein the peripheral device includes a graphical display claim 1 , and further comprising:displaying graphical information associated with an application executing on the primary processor on the graphical display.3. The method of claim 1 , further comprising:entering a normal operating mode associated with the primary processor based on completion of a step of a payment workflow associated with the payment mode; andre-enabling access by the primary processor to the component of the electronic device.4. The method of claim 1 , wherein entering the payment mode comprises performing one or more steps of a payment workflow via a payment application executing on the secure processor.5. The method of claim 1 , wherein the component of the electronic device includes at ...

ACCESS CONTROL AND CODE SCHEDULING

A data processing system operates in a plurality of modes including a first privilege mode and a second privilege mode with the first privilege mode giving rights of access that are not available in the second privilege mode. Application code executes in the second privilege mode and generates function calls to hypervisor code which executes in the first privilege mode. These function calk are to perform a secure function requiring the rights of access which are only available in the first privilege mode. Scheduling code which executes in the second privilege mode controls scheduling of both the application code and the hypervisor code. Memory protection circuitry operating with physical addresses serves to control access permissions required to access different regions within the memory address space using configuration data which is written by the hypervisor code. The hypervisor code temporarily grants access to different regions within the physical memory address space to the system in the second privilege mode as needed to support the execution of code scheduled by the scheduling code. 1. A method of processing data using a data processing apparatus having a plurality of privilege modes including a first privilege mode and a second privilege mode , said first privilege mode giving rights of access that are not available in said second privilege mode , said method comprising the steps of:executing, application code M said second privilege mode to generate a function call to hypervisor code to perform a secure function using said rights of access;upon generation of said function call, executing hypervisor code in said first privilege mode bat least control execution of said secure function; andexecuting scheduling code in said second privilege mode to control scheduling of execution of said application code and said hypervisor code by said data processing apparatus,2. A method as claimed in claim 1 , wherein said hypervisor code performs said secure function.3. A ...

TRUSTED EXECUTION OF AN EXECUTABLE OBJECT ON A LOCAL DEVICE

In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device. 1. An electronic device , comprising:at least one processor;at least one memory; acquire authentication data for an authorized user;', 'store the authentication data in an enclave;', 'acquire identification data for a potential user; and', 'compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user., 'at least one driver, wherein the electronic device is configured to2. The electronic device of claim 1 , wherein the electronic device is further configured to:obtain an authentication signing key from an attestation server; andstore the authentication signing key in the enclave, wherein the authentication signing key verifies the identity of the enclave.3. The electronic device of claim 2 , wherein the electronic device is further configured to:send results of the comparison and the authentication signing key to an authentication server.4. The electronic device of claim 3 , wherein the results of the comparison are encrypted.5. The electronic device of claim 1 , wherein the results of the comparison are ...