Patent application number | Description | Published |
20090146270 | Embedded Package Security Tamper Mesh - Systems and methods for embedded tamper mesh protection are provided. The embedded tamper mesh includes a series of protection bond wires surrounding bond wires carrying sensitive signals. The protection bond wires are positioned to be vertically higher than the signal bond wires. The protection wires may be bonded to outer contacts on the substrate while the signal bond wires are bonded to inner contacts, thereby creating a bond wire cage around the signal wires. Methods and systems for providing package level protection are also provided. An exemplary secure package includes a substrate having multiple contacts surrounding a die disposed on an upper surface of the substrate. A mesh die including a series of mesh die pads is coupled to the upper surface of the die. Bond wires are coupled from the mesh die pads to contacts on the substrate thereby creating a bond wire cage surrounding the die. | 06-11-2009 |
20100254537 | Scalable and Secure Key Management For Cryptographic Data Processing - A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE. | 10-07-2010 |
20120210130 | User Authentication System - Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials. | 08-16-2012 |
20120256305 | Integrated Circuit Package Security Fence - Embodiments of an integrated circuit package security fence are provided. The integrated circuit package includes a substrate, a die, and a security fence coupled to the substrate such that the die is located between the security fence and the substrate. The security fence includes a first signal net having a plurality of bonding wires and a second signal net having a second plurality of bonding wires. The bonding wires of the first signal net and second signal net are arranged in a pattern to overlap the top surface of die. The die may include tamper detection logic to detect attempt to access the die through the security fence. | 10-11-2012 |
20120297204 | Security Architecture For Using Host Memory in the Design of A Secure Element - Embodiments of a security architecture for securely storing applications, such as Near Field Communication (NFC) applications, in host memory of a mobile device are provided. The mobile device includes a host application processor, a non-volatile memory, a NFC controller, and an embedded Secure Element (eSE). The eSE is configured to encrypt code and state data associated with a NFC application; store the code and the state data, after having been encrypted, in the non-volatile memory as a binary large object (blob); load the blob from the non-volatile memory in response to an action performed by the host application processor or the NFC controller; decrypt and authenticate the code and the state data; and execute the code to exchange data with a contactless communication device via the NFC controller. The non-volatile memory is external to the eSE. | 11-22-2012 |
20130010962 | Proximity Authentication System - An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device, Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component, Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token. | 01-10-2013 |
20130013925 | System and Method for Authentication via a Proximate Device - Techniques are provided to authenticate components in a system. Users may enter credentials into an input device and the credentials may be authenticated and/or securely transmitted to the components. The components may then provide the credentials to a server in the system. Strong authentication may thus be provided to the effect that credentials associated with specific users have been received from specific components in the system. The server may then enable the components to access selected services. | 01-10-2013 |
20130094401 | METHOD AND SYSTEM FOR MANAGING INFORMATION AMONG PERSONALIZED AND SHARED RESOURCES WITH A PERSONALIZED PORTABLE DEVICE - A user's request via a portable or handheld wireless communication device (HWCD) to process data may result in discovery of one or more networked resources capable of handling the processing. One or more communication routes may be established between one or more discovered network resources and one or more of the HWCD and a networked terminating device. The portable HWCD may be configured as a gateway. The user's identity may be determined and the user's personal networking preferences may be acquired. Based user's preferences, a route may be established between discovered networked resources and one or more of the HWCD and the networked terminating device. The user's identity may be authenticated. Data may undergo rate and/or format conversion. The data may be protected by secure operations. One or more of the HWCD and the networked terminating device may consume or render the requested data. | 04-18-2013 |
20130124694 | METHOD AND SYSTEM FOR ENABLING RENDERING OF ELECTRONIC MEDIA CONTENT VIA A SECURE AD HOC NETWORK CONFIGURATION UTILIZING A HANDHELD WIRELESS COMMUNICATION DEVICE - A handheld wireless communication device (HWCD) establishes an ad hoc network comprising interconnected networks for a user. The HWCD gains access to content on a first device and controls communication of the content from the first device via the HWCD to a second device. The HWCD enables the second device to consume the content. The content may be streamed from the first device via the HWCD to the second device. The first device is a service provider network device or other network device. The access may be authenticated and/or secure. Secure access to the content is extended from the first device to the second device. The ad hoc network is configured and/or reconfigured until communication is complete. The HWCD comprises multiple wireless interfaces. The ad hoc network comprises a PAN, WLAN, WAN and/or cellular network. The HWCD may hand-off among base stations during communication of the content. | 05-16-2013 |
20130129087 | Secure Key Generation - Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key. | 05-23-2013 |
20130230165 | Scalable and Secure Key Management for Cryptographic Data Processing - A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE. | 09-05-2013 |
20130254543 | Systems And Methods For Providing Security To Different Functions - Methods and systems are provided that use smartcards, such as subscriber identity module (SIM) cards to provide secure functions for a mobile client. One embodiment of the invention provides a mobile communication network system that includes a mobile network, a mobile terminal, a server coupled to the mobile terminal via the mobile network, and a subscriber identity module (SIM) card coupled to the mobile terminal. The SIM card includes a first key and a second key. The first key is used to authenticate an intended user of the mobile terminal to the mobile network. Upon successful authentication of the intended user to the mobile network, the mobile terminal downloads a function offered from the server through the mobile network. The second key is then used by the mobile terminal to authenticate the intended user to the downloaded function so that the intended user can utilize the function. | 09-26-2013 |
20130269012 | System and Method for Securely Provisioning and Generating One-Time-Passwords in a Remote Device - A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages stand | 10-10-2013 |
20140016608 | METHOD AND SYSTEM FOR UTILIZING STANDARDIZED INTERFACE IN A WIRELESS DEVICE TO DISCOVER AND USE LOCAL AND REMOTE RESOURCES - A wireless mobile communication (WMC) device may discover available networks, and available local and/or remote resources. The WMC device may configure routes utilizing one or more of discovered resources and one or more available networks. The routes may be utilized to performed operations requested via the WMC device. A standardized language and/or protocol may be utilized in discovering and/or communicating with available resources and/or networks. The standardized language and/or protocol may enable commonality among the discovered networks and/or resources, and encryption of data communicated through the established routes. The standardized language and/or protocol may be updated and/or modified to incorporate new resources either by direct interactions between said new resources and the WMC device, or via existing available resources and/or networks. The discovery of resources and/or establishment of routes may be user-triggered, or it may be based on user preference information. | 01-16-2014 |
20140035136 | Embedded Package Security Tamper Mesh - Systems and methods for embedded tamper mesh protection are provided. The embedded tamper mesh includes a series of protection bond wires surrounding bond wires carrying sensitive signals. The protection bond wires are positioned to be vertically higher than the signal bond wires. The protection wires may be bonded to outer contacts on the substrate while the signal bond wires are bonded to inner contacts, thereby creating a bond wire cage around the signal wires. Methods and systems for providing package level protection are also provided. An exemplary secure package includes a substrate having multiple contacts surrounding a die disposed on an upper surface of the substrate. A mesh die including a series of mesh die pads is coupled to the upper surface of the die. Bond wires are coupled from the mesh die pads to contacts on the substrate thereby creating a bond wire cage surrounding the die. | 02-06-2014 |
20140053257 | Universal Authentication Token - A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory. | 02-20-2014 |
20140090093 | MESH GRID PROTECTION SYSTEM - A mesh grid protection system is provided. The system includes grid lines forming a mesh grid proximate to operational logic and assertion logic configured to transmit a first set of signals on a first set of grid lines. The system also includes transformation logic coupled to the grid lines and configured to receive the first set of signals and transform the first set of signals to generate a second set of signals and transmit the second set of signals on a second set of grid lines. The system further includes verification logic coupled to the transformation logic and configured to compare the second set of signals to an expected set of signals. | 03-27-2014 |
20140106714 | Systems And Methods For Providing Security To Different Functions - Methods and systems provide secure functions for a mobile client. A circuit may include a memory configured to store a server access key and a first function authentication key. The circuit may also include authentication circuitry configured to access the server access key to authenticate access to a server to download a function capsule comprising a first function and to access the first function authentication key to authenticate use of the first function of the function capsule. | 04-17-2014 |
20140112196 | METHOD AND SYSTEM FOR ESTABLISHING A CONNECTION OUTSIDE A MESH BY INCLUDING NETWORK CONNECTIVITY INFORMATION IN ROUTER CONFIGURATION MESSAGES - A Wireless mobile communication (WMC) device may maintain user preference information, which is unique to the WMC device capabilities and the device user. WMC devices located in near proximity of each other may be enabled to form an ad hoc wireless network wherein each WMC device within the network may function as a router for other devices. Utilizing such routing capability within an ad hoc wireless network may allow WMC devices that are out of their wireless coverage area to use other WMC devices within such ad hoc wireless network to route any impending communication through such other WMC devices wherein these devices may have wireless connectivity to their coverage networks. WMC devices that are may have external connectivity may be enable to be selective in routing information and/or data from other WMC devices in the ad hoc network. | 04-24-2014 |
20140115324 | System and Method for Secure Remote Biometric Authentication - Systems and methods for secure remote biometric authentication are provided. A network-based biometric authentication platform stores biometric templates for individuals which have been securely enrolled with the authentication platform. A plurality of sensor platforms separately establishes secure communications with the biometric authentication platform. The sensor platform can perform a biometric scan of an individual and generate a biometric authentication template. The sensor platform then requests biometric authentication of the individual by the biometric authentication platform via the established secure communications. The biometric authentication platform compares the generated biometric template to one or more of the enrolled biometric templates stored in memory at the biometric authentication platform. The result of the authentication is then communicated to the requesting sensor platform via the established secure communications. | 04-24-2014 |
20140132483 | METHOD AND SYSTEM FOR ENABLING RENDERING OF ELECTRONIC MEDIA CONTENT VIA A SECURE AD HOC NETWORK CONFIGURATION UTILIZING A HANDHELD WIRELESS COMMUNICATION DEVICE - A handheld wireless communication device (HWCD) establishes an ad hoc network comprising interconnected networks for a user. The HWCD gains access to content on a first device and controls communication of the content from the first device via the HWCD to a second device. The HWCD enables the second device to consume the content. The content may be streamed from the first device via the HWCD to the second device. The first device is a service provider network device or other network device. The access may be authenticated and/or secure. Secure access to the content is extended from the first device to the second device. The ad hoc network is configured and/or reconfigured until communication is complete. The HWCD comprises multiple wireless interfaces. The ad hoc network comprises a PAN, WLAN, WAN and/or cellular network. The HWCD may hand-off among base stations during communication of the content. | 05-15-2014 |
20140156872 | SECURE ELEMENT SYSTEM INTEGRATED HARD MACRO - Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification. | 06-05-2014 |
20140157000 | SECURE DELIVERY OF PROCESSING CODE - An apparatus may comprise a secure portion of a chip and an external memory device. The secure portion of the chip may be configured to receive an encryption key, and the memory device may be configured to receive an encrypted processing code. The secure portion of the chip may be configured to verify the encrypted processing code by decrypting the encrypted processing code using the encryption key. A non-secure portion of the chip may be configured to write the encrypted processing code on the memory device while the memory device is coupled to the chip. The encryption key may be associated with an identifier of the chip. | 06-05-2014 |
20140173294 | TECHNIQUES FOR EMULATING AN EEPROM DEVICE - Disclosed are various embodiments of an emulation device for generating a cryptographic hash value associated with program data stored in a memory of a computing device. Validation data is generated based upon the cryptographic hash value and a flush counter of the computing device. The program data is encrypted in the computing device using an implementation of an encryption algorithm configured with at least a key stored in the memory. The program data is stored in a flash memory that is external to a processor of the computing device. | 06-19-2014 |
20140177441 | METHOD AND SYSTEM FOR ESTABLISHING A QUEUING SYSTEM INSIDE A MESH NETWORK - Wireless mobile communication (WMC) devices located in operating proximity of each other may be enabled to form a mesh (ad hoc wireless) network. WMC devices in a mesh network may form a queuing system wherein each WMC device may store data forwarded to and/or from other WMC devices in the mesh network. Each WMC device in the mesh network may have different queuing capability based on a plurality of factors that may comprise internal factors such as processing, storage, power, and/or connectivity. The mesh network may comprise an internal addressing scheme that may enable utilization of the queuing system whether or not WMC devices in the mesh network are communicatively coupled to external networks. | 06-26-2014 |
20140245007 | User Authentication System - Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials. | 08-28-2014 |
20140310826 | MESH GRID PROTECTION SYSTEM - A mesh grid protection system is provided. The system includes assertion logic configured to transmit a first set of signals on a first set of grid lines and a second set of grid. lines. The system also includes transformation logic to transform the first set of signals to generate a second set of signals, to transmit the second set of signals on a third set of grid lines that are coupled to the first set of grid lines, and to transmit the second set of signals on a fourth set of grid lines that are coupled to the second set of grid lines. In addition, the system includes verification logic; to compare the second set of signals on the third and fourth set of grid lines to an expected set of signals. | 10-16-2014 |
20140344160 | Universal Authentication Token - A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory. | 11-20-2014 |
20140344945 | Thin-Client Embedded Secure Element - A thin-client embedded secure element, which includes a processor and a memory coupled to the processor, and a proxy client. The thin-client embedded secure element also includes a storage device including an identification uniquely identifying the thin-client secure element. The proxy client is configured to receive a request for the secured data from a module in the client device, establish a secure communication channel with a proxy server coupled to the computing device over a network, request the secured data from the proxy server using the identification, and provide the secured data to the module of the client device. | 11-20-2014 |
20140365764 | System and Method for Distributed Security - A security architecture in which a security module is integrated in a client machine, wherein the client machine includes a local host that is untrusted. The security module performs encryption and decryption algorithms, authentication, and public key processing. The security module also includes separate key caches for key encryption keys and application keys. A security module can also interface a cryptographic accelerator through an application key cache. The security module can authorize a public key and an associated key server. That public key can subsequently be used to authorize additional key servers. Any of the authorized key servers can use their public keys to authorize the public keys of additional key servers. Secure authenticated communications can then transpire between the client and any of these key servers. Such a connection is created by a secure handshake process that takes place between the client and the key server. A time value can be sent from the key server to the client, allowing for secure revocation of keys. In addition, secure configuration messages can be sent to the security module. | 12-11-2014 |
20150058620 | Proximity Authentication System - An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of a computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential received from the token. | 02-26-2015 |
20150087227 | METHOD AND SYSTEM FOR MANAGING INFORMATION AMONG PERSONALIZED AND SHARED RESOURCES WITH A PERSONALIZED PORTABLE DEVICE - A user's request via a portable or handheld wireless communication device (HWCD) to process data may result in discovery of one or more networked resources capable of handling the processing. One or more communication routes may be established between one or more discovered network resources and one or more of the HWCD and a networked terminating device. The portable HWCD may be configured as a gateway. The user's identity may be determined and the user's personal networking preferences may be acquired. Based user's preferences, a route may be established between discovered networked resources and one or more of the HWCD and the networked terminating device. The user's identity may be authenticated. Data may undergo rate and/or format conversion. The data may be protected by secure operations. One or more of the HWCD and the networked terminating device may consume or render the requested data. | 03-26-2015 |