Patent application number | Description | Published |
20080215847 | SECURE YET FLEXIBLE SYSTEM ARCHITECTURE FOR SECURE DEVICES WITH FLASH MASS STORAGE MEMORY - A device with mass storage capability that uses a readily available non secure memory for the mass storage but has firmware (and hardware) that provides security against unauthorized copying of data. This is true even though the firmware itself is stored in the non secure mass storage memory, and therefore potentially vulnerable to hacking. An indication of the authenticity of the firmware must be present before it will be executed by the device. This protects the device contents from unauthorized duplication or tampering. Additional functionality can be added to the device with additional firmware applications, and the authenticity of those additional applications will also be verified before they will be executed. This further prevents unauthorized copying or tampering of secure content through any mechanisms that may be unscrupulously introduced. Any data within the mass storage memory may also be encrypted. | 09-04-2008 |
20090031133 | METHOD AND SYSTEM FOR SCREENING AND AUTHORIZING CONTENT - Apparatus and method are disclosed for preventing the use of disapproved received electronic content on a Mobile Station. The apparatus and method may include modules for extracting and comparing fingerprints of the received content on the Mobile Station to fingerprints of disapproved content, and for the activation of an authorization process based on the results of the comparison, as well as on the decisions of the user whether to purchase authorization when it is required. A cryptography-based check-in procedure is introduced to assure that all content has passed the verification phase. | 01-29-2009 |
20090031427 | DEVICE, SYSTEM, AND METHOD OF DIGITAL RIGHTS MANAGEMENT UTILIZING SUPPLEMENTAL CONTENT - Device, system, and method of digital-rights-management (DRM). In some embodiments, a device may include a DRM agent to manage the utilizing of a content object including secured digital content based on a rights object related to the content object, wherein based on at least one restriction defined in the rights object, the agent is to cause the device to present supplemental content of at least one supplemental content object when the content object is utilized. Other embodiments are described and claimed. | 01-29-2009 |
20090202078 | DEVICE, SYSTEM, AND METHOD OF SECURELY EXECUTING APPLICATIONS - Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed. | 08-13-2009 |
20100077214 | Host Device and Method for Protecting Data Stored in a Storage Device - The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the storage device generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files. | 03-25-2010 |
20110116635 | METHODS CIRCUITS DEVICES AND SYSTEMS FOR PROVISIONING OF CRYPTOGRAPHIC DATA TO ONE OR MORE ELECTRONIC DEVICES - Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector. | 05-19-2011 |
20130301830 | DEVICE, SYSTEM, AND METHOD OF SECURE ENTRY AND HANDLING OF PASSWORDS - Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A mobile electronic device includes: a secure execution environment (SEE) to securely execute code; and a secure video path (SVP) to securely exchange information between the SEE and a touch-screen of the mobile electronic device; wherein the SEE includes a secure password entry module to generate a scrambled on-screen interface, and to send the scrambled on-screen interface to the touch-screen through the SVP. | 11-14-2013 |
20130305041 | METHOD, DEVICE, AND SYSTEM OF SECURE ENTRY AND HANDLING OF PASSWORDS - Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A server includes: an authentication module to send, to a remote client device, a server authentication certificate; an accreditation certificate stored in a pre-defined location on the server, wherein the pre-defined location is accessible to the remote client device; wherein the accreditation certificate indicates a condition that the server authentication certificate needs to meet in order for the server authentication certificate to be accepted for authentication by the remote client device. | 11-14-2013 |
20130305392 | SYSTEM, DEVICE, AND METHOD OF SECURE ENTRY AND HANDLING OF PASSWORDS - Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server. | 11-14-2013 |
20140195807 | SYSTEM, DEVICE, AND METHOD OF PROVISIONING CRYPTOGRAPHIC DATA TO ELECTRONIC DEVICES - System, device, and method of provisioning cryptographic assets to devices. A method includes: (a) generating a delegation message at a first provisioning server; the delegation message indicating provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device; wherein generating the delegation message comprises at least one of: (A) inserting into the delegation message an association key unknown to the first provisioning server, encrypted using a public key of the electronic device; (B) inserting into the delegation message a public key of the second provisioning server; enabling the electronic device to locally generate the association key unknown to the first provisioning server; (b) delivering the delegation message to the electronic device; (c) at the second provisioning server, based on the delegation message, provisioning cryptographic assets to the electronic device, using the association key. | 07-10-2014 |