In one implementation, a method for providing security on an externally connected controller includes launching, by the controller, a security layer that includes a whitelist of permitted processes on the controller, the whitelist including (i) signatures for processes that are authorized to be executed and (ii) context information identifying permitted controller contexts within which the processes are authorized to be executed; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the determined signature with a verified signature for the particular process from the whitelist; identifying, by the security layer, a current context for the controller; determining, by the security layer, whether the particular process is permitted to be run on the controller based on a comparison of the current context with one or more permitted controller contexts for the particular process from the whitelist.

A BMC firmware security system includes a BMC coupled to a programmable circuit device and a first storage subsystem. In response to BMC initialization, the BMC uses a system identifier to verify that a license in the first storage subsystem authorizes the BMC to use BMC firmware in the BMC, uses branding identity information in the BMC to verify that the BMC is branded for the BMC firmware, determines that the programmable circuit device identifies the BMC firmware and, in response, the performs BMC initialization operations using the BMC firmware. A BIOS is coupled to the programmable circuit device and a second storage system. In response to BIOS initialization, the BIOS uses the branding identity information in the second storage subsystem to identify the BMC firmware, determines that the programmable circuit device identifies the BMC firmware and, in response, performs BIOS initialization operations.

A BMC firmware security system includes a BMC coupled to a programmable circuit device and a first storage subsystem. In response to BMC initialization, the BMC uses a system identifier to verify that a license in the first storage subsystem authorizes the BMC to use BMC firmware in the BMC, uses branding identity information in the BMC to verify that the BMC is branded for the BMC firmware, determines that the programmable circuit device identifies the BMC firmware and, in response, the performs BMC initialization operations using the BMC firmware. A BIOS is coupled to the programmable circuit device and a second storage system. In response to BIOS initialization, the BIOS uses the branding identity information in the second storage subsystem to identify the BMC firmware, determines that the programmable circuit device identifies the BMC firmware and, in response, performs BIOS initialization operations.

Techniques for managing licensing of a software application that includes a plurality of executables are presented. The techniques can include detecting an initiation of the software application on a client computer; obtaining a license for a usage of a first executable of the plurality of executables; detecting an initiation of at least a second executable; obtaining execution type data for the second executable specifying one of: a license for a usage of the second executable is not required if an instance of the second executable is executing on the client computer, or a license for a usage of the second executable is not required if at least one executable of the plurality of executables is executing on the client computer; determining, based on the execution type data, that a license for a usage of the second executable is not required; and executing the second executable.

The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.

A method of writing data to a memory device and reading data from the memory device includes issuing a challenge to a PUF device during a power-up process in order to derive a PUF response, error correcting the PUF response, providing delinearized addresses via a delinearization algorithm to the memory device using the error corrected PUF response, masking data, which is written to the memory device, via a masking module using the error corrected PUF response, de-masking data, which is read from the memory device, via the masking module (19) using the error corrected PUF response; and performing a check-sum verification of read data such that address delinearization and data masking are used together to obfuscate the memory content.

An interaction method includes receiving a service request from a client application (CA) installed on a terminal and that runs in a rich execution environment (REE), determining a trusted user interface (TUI) identifier, sending a TUI call instruction carrying the TUI identifier to a trusted execution environment (TEE) to instruct to draw an image based on the TUI template or the TUI function component to call a TUI to display the drawn image, receiving response information from the TEE, and executing a corresponding service procedure based on the response information.

A wireless earpiece for digital rights management is provided. The wireless earpiece includes a processor disposed within the ear piece housing, a speaker operatively connected to the processor, a storage medium disposed within the ear piece housing and operatively connected to the processor, and a wireless transceiver disposed within the ear piece housing and operatively connected to the processor. The processor may be configured to access audio files stored on the storage medium to play the audio files over the speaker. The processor may be configured to provide a digital rights management feature for one or more of the audio files. The processor may be further configured to access an audio stream conveyed to the earpiece through the wireless transceiver. The processor may be further configured to provide a digital rights management for the audio stream.

Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that are configured to provide authenticated access to a service application. The embodiments disclose an apparatus and system configured to launch an authenticated service application session in response to capturing authentication success rendering comprising visual authentication indicia. The authentication success rendering is a captured via a user device display, and includes visual authentication indicia. To facilitate rendering of the authentication success rendering, embodiments output a browser sign-in session request configured to launch a browser sign-in session associated with a browser application. Additionally, to facilitate capturing the rendering, embodiments initiate a display recorder module configured to capture, during the browser sign-in session and via the user device display, authentication success rendering comprising visual authentication indicia. Embodiments may be configured to parse the captured authentication success rendering to identify the visual authentication indicia, and decode the visual authentication indicia to identify user authentication data. Finally, embodiments may execute a service application sign-in protocol using the user authentication data to launch the authenticated service application session.

Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that are configured to provide authenticated access to a service application. The embodiments disclose an apparatus and system configured to launch an authenticated service application session in response to capturing authentication success rendering comprising visual authentication indicia. The authentication success rendering is a captured via a user device display, and includes visual authentication indicia. To facilitate rendering of the authentication success rendering, embodiments output a browser sign-in session request configured to launch a browser sign-in session associated with a browser application. Additionally, to facilitate capturing the rendering, embodiments initiate a display recorder module configured to capture, during the browser sign-in session and via the user device display, authentication success rendering comprising visual authentication indicia. Embodiments may be configured to parse the captured authentication success rendering to identify the visual authentication indicia, and decode the visual authentication indicia to identify user authentication data. Finally, embodiments may execute a service application sign-in protocol using the user authentication data to launch the authenticated service application session.