Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.

Methods and apparatus provide for: communicating in respective paired relationships between a network interface and one or more controller devices operated by one or more users, respectively, via wired communication or wireless communication selected by the one or more users; and outputting light emission controls to the paired one or more controller devices, wherein the one or more controller devices each include at least one light emitter that responds to the light emission controls by emitting a selected one of a plurality of colors, outputting a first light emission control to a first of the one or more controller devices that first achieves the paired relationship, and wherein the first light emission control operates to cause a particular first color among the plurality of colors to emit, and outputting a second light emission control to a second of the one or more controller devices that next achieves the paired relationship after the first of the one or more controller devices, and wherein the second light emission control operates to cause a particular second color among the plurality of colors to emit.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer.

An information processing device includes a first processor, an information protection circuit, and a first communication path which connects between the information protection circuit and the first processor. The information protection circuit includes an interface circuit which connects the information protection circuit to the first communication path, a second processor, and a first memory which is inaccessible from the first processor but accessible from the second processor. When a command received from the first communication path is a command destined for the information protection circuit, the interface circuit passes the command to the second processor and the second processor executes a process related to information stored in the first memory in accordance with the command, but when the command received from the first communication path is not a command destined for the information protection circuit, the interface circuit does not pass the command to the second processor.

The apparatus disclosed herein, in various aspects, includes a digital asset, and an amulet that comprises an encrypted self-validating string. The amulet may be external to the digital asset. The apparatus may include a manager that cooperates securely with the digital asset and cooperates securely with the amulet to control access to the digital asset as specified by the amulet. In some aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through shared memory in process space. In other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a RAM drive in memory, the RAM drive at least partially hidden from an operating system of the computer. In yet other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a virtual machine accessible only by said apparatus. The amulet, the manager, and the digital asset are either operably receivable by a computer or are operably received by the computer, in various aspects. Related methods and compositions of matter are also disclosed.

This Abstract is presented to meet requirements of 37 C.F.R. 1.72(b) only. This Abstract is not intended to identify key elements of the apparatus, methods, and compositions of matter disclosed herein or to delineate the scope of this disclosure.

A computing system for a secure and reliable firmware update through a verification process, dynamic validation and continuous monitoring for error or failure and speedy correction of Internet of Things (IoT) device operability. The invention uses a Trusted Execution Environment (TEE) for hardware-based isolation of the firmware update, validation and continuous monitoring services. The isolation is performed by hardware System on a Chip (SoC) Security Extensions such as ARM TrustZone or similar technologies on other hardware platforms. The invention therefore comprises Firmware Update Service (FUS), System Validation Service (SMS) and Continuous Monitoring Service (CMS) running in the TEE with dedicated memory and storage, thus providing a trusted configuration management functionality for the operating system (OS) code and applications on IoT devices. Services running in the TEE use both direct (hardware level) and indirect (software agents inside main execution environment (MEE)) methods of control of the MEE. Embodiments of the invention apply all updates to a staging (new) execution environment (SEE) without changing of the MEE.

An unauthorized readout prevention mechanism includes a power source unit provided outside a casing provided in an unmanned vehicle, a power line for supplying power from the power source unit to a volatile region inside the casing, an opening-closing unit provided in the casing, and a switch that physically separates the power line and shuts off supply of power to inside the casing when the opening-closing unit is opened.

Data storage and access systems enable downloading and paying for data such as audio and video data, text, software, games and other types of data. A portable data carrier has an interface for sending and receiving data, data memory for storing received content data, and payment validation memory for providing payment validation data to an external device. The carrier may also store a record of access made to the stored content, and content use rules for controlling access to the stored content. Embodiments store further access control data and supplementary data such as hot links to web sites and/or advertising data. A complementary data access terminal, data supply computer system, and data access device are also described. The combination of payment data and stored content data and use rule data helps reduce the risk of unauthorized access to data such as compressed music and video data, especially over the Internet.

A system and method for transferring ownership of disc storage media utilizing unique disc identification includes a disc storage medium with a permanently recorded disc identification, a user console with a set identification, a network, and a host server managing a user database and a disc database. Upon purchase of software stored on a disc storage medium, the unique disc identification and user identification are transmitted over the network from the user console to the host server. The host server grants the user console access permission to the programs residing on the disc storage medium and performs the disc ownership transfer transactions.

A system and method are disclosed for creating a secure video content path, or a protected media content bus, within an unsecure personal computer. A portable security module, or electronic key safe, may be inserted into a personal computer that has different internal components for processing secure and unsecured content. The security module may establish a secure encrypted link with a secure video processor of the personal computer, and may use the personal computer's network interface to request authority to receive secured content. The security module may provide content keys to the secure video processor to access secured content received over an external network.