An electronic device is provided. The electronic device includes a communication circuit, a display, a memory including a first display driver, a processor functionally connected with the communication circuit, the display, and the memory, and a secure module which is physically separated from the processor, and includes a secure processor and a second display driver, and the secure processor is configured to: when secure data is received from an external server through the communication circuit, disable the first display driver and enable the second display driver, and output a user interface including a first object corresponding to the secure data to the display by using the enabled second display driver.

In accordance with an embodiment, an electronic device includes a secure element configured to implement a plurality of operating systems; and a near field communication module coupled to the secure element by a single bus and by a routing circuit configured to route routing data between the plurality of operating systems and a receive circuit of the near field communication module.

Embodiments of the present disclosure include apparatuses and methods for sensor blocking. In a number of embodiments, a method can include operating a sensor block of an apparatus in a first mode to allow a sensor to receive inputs, and operating the sensor block in a second mode to inhibit the sensor from receiving the inputs. A sensor block can be used to prevent a sensor, such as an image sensor, from receiving an input, such as a light source input, to capture image data. A sensor block can be used to prevent a sensor from capturing image data even when an application causing to the sensor to operate, such as when applications have access to the sensor, but the user of a device is unaware that an application is using the sensor. The sensor block can be used to prevent the sensor from capturing useful images and the sensor can only capture a black image of the sensor block and not the surroundings of the device.

Embodiments of the present disclosure include apparatuses and methods for sensor blocking. In a number of embodiments, a method can include operating a sensor block of an apparatus in a first mode to allow a sensor to receive inputs, and operating the sensor block in a second mode to inhibit the sensor from receiving the inputs. A sensor block can be used to prevent a sensor, such as an image sensor, from receiving an input, such as a light source input, to capture image data. A sensor block can be used to prevent a sensor from capturing image data even when an application causing to the sensor to operate, such as when applications have access to the sensor, but the user of a device is unaware that an application is using the sensor. The sensor block can be used to prevent the sensor from capturing useful images and the sensor can only capture a black image of the sensor block and not the surroundings of the device.

An example system includes a main processor operable in a normal mode or a trusted mode, the main processor having an embedded diagnostic trusted code executable in the trusted mode; a secure memory accessible by the main processor when the main processor is in the trusted mode and inaccessible to the main processor when the main processor is in the normal mode, wherein execution of the embedded diagnostic trusted code causes the main processor to write diagnostic information to the secure memory; and a monitor processor having access to the secure memory to analyze the diagnostic information to determine a state of the main processor.

An example system includes a main processor operable in a normal mode or a trusted mode, the main processor having an embedded diagnostic trusted code executable in the trusted mode; a secure memory accessible by the main processor when the main processor is in the trusted mode and inaccessible to the main processor when the main processor is in the normal mode, wherein execution of the embedded diagnostic trusted code causes the main processor to write diagnostic information to the secure memory; and a monitor processor having access to the secure memory to analyze the diagnostic information to determine a state of the main processor.

Methods and systems for token transfer are described herein. A remote computing device may receive, from a mobile computing device, a public key of a public-private key pair. The public key may be associated with a first application of the mobile computing device. The first application may be configured to send credentials to a second application of the mobile computing device. The second application may be isolated from other applications executable on the mobile computing device. The remote computing device may receive, from the first application, a token. The token may have been previously issued to the first application and may have been encrypted, using the public key, by the first application. The remote computing device may send, to the second application, the token to enable the second application to authenticate with a plurality of services that interact with the second application.

Measurements of a device's firmware are made regularly and compared with prior, derived measurements. Prior measurements are derived from a set of identical firmware measurements obtained from multiple devices having the same make, model and firmware version number. The firmware integrity status is reported on a data and device security console for a group of managed endpoints. Alerts about firmware changes, which may be potential attacks on the firmware, are given automatically.

Measurements of a device's firmware are made regularly and compared with prior, derived measurements. Prior measurements are derived from a set of identical firmware measurements obtained from multiple devices having the same make, model and firmware version number. The firmware integrity status is reported on a data and device security console for a group of managed endpoints. Alerts about firmware changes, which may be potential attacks on the firmware, are given automatically.

Systems and methods for ensuring that data received from a virtual device is random are provided. A processing device may be used to generate, by a virtual device executing on a hypervisor, data intended for a virtual machine (VM) having a guest memory that includes one or more encrypted pages and one or more unencrypted pages. Data written to an encrypted page of the guest memory by the VM is encrypted using an encryption key assigned to the VM and information read from the encrypted page by the VM is decrypted using the encryption key. The hypervisor may write the data to the encrypted page, wherein the data is not encrypted by the encryption key assigned to the VM because it is written by the hypervisor. The VM reads the data from the encrypted page as randomized data because it cannot be properly decrypted by the encryption key.