A method and system for rendering a stolen mobile communications device inoperative is presented. A determination that the mobile communications device is in a first state is made at a security component on the mobile communications device. A removal of a cryptographic key is affected at the security component on the mobile communications device.

Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

There is provided a tamper responsive sensor comprising a carrier printed circuit board, carrier PCB, holding a mesh of one or more electrically conductive tracks. The sensor also holds a pressure or force sensitive switch contact arranged on top of the carrier PCB, which contact has first and second electrical contact connections. Furthermore, the sensor has a tamper detecting circuitry arranged at the carrier PCB, which circuitry is powered via two electrical power lines, and which circuitry is connected to one or more electrically conductive signal lines. One of the power lines or one of the signal lines is electrically connected to the tamper detecting circuitry via a first tamper line holding the switch contact, and one of the power lines or one of the signal lines is electrically connected to the tamper detecting circuitry via a second tamper line holding a conductive track of the carrier PCB mesh, thereby enabling the tamper detecting circuit to detect an interruption of the signal path through the first tamper line and/or an interruption of the of signal path through the second tamper line.

The disclosure relates to systems, methods and devices for secure routing and recording of network data streams passing through a network switch. Specifically, the disclosure relates to systems, methods and devices for reversibly deconstructing networks' OSI L1-L7 in time and space, in the process of selectively recording network data streams for secure access, as well as providing external rule-based security auditing and functioning as a black-box in industry-specific applications.

Embodiments of an invention for custom protection against side channel attacks are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive an instruction to provide for shielding code against side channel attacks, wherein the instruction includes a first operand to specify one of a plurality of levels of protection. The execution hardware is to execute the instruction, wherein execution of the instruction includes configuring the processor to provide a specified level of protection.

Example implementations relate to attestation. For example, in an implementation, a target device attestation request is transmitted to a target device, where the target device attestation request includes an identity-based encryption (IBE) ciphertext and a retrieval index. The ciphertext is a nonce encrypted using a trusted platform module (TPM) public key together with an IBE public key. The TPM public key is retrieved from a TPM of the target device, and the IBE public key is an expected value presumed to be stored at the TPM.

One embodiment provides a client device. The client device includes a Trusted Platform Module (TPM). The TPM includes a secure controller to extend a secure hash digest with at least a portion of a data stream or a hash of the at least a portion of the data stream. Another embodiment provides a server system. The server system includes verifier logic. The verifier logic is to verify that an attestation identity key (AIK) public key associated with a received Trusted Platform Module (TPM) quote corresponds to an authenticated client device.

One embodiment provides a client device. The client device includes a Trusted Platform Module (TPM). The TPM includes a secure controller to extend a secure hash digest with at least a portion of a data stream or a hash of the at least a portion of the data stream. Another embodiment provides a server system. The server system includes verifier logic. The verifier logic is to verify that an attestation identity key (AIK) public key associated with a received Trusted Platform Module (TPM) quote corresponds to an authenticated client device.

Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

A field replaceable unit authentication system provides for a field replaceable unit device to be positioned in a chassis. A trusted platform module is included in the field replaceable unit device. A network operating system engine may be provided in the field replaceable unit device and coupled to the trusted platform module. The network operating system engine participates in a boot process with a booting subsystem to generate current boot metric data that is provided for storage in the trusted platform module. A platform management controller in the field replaceable unit device retrieves the current boot metric data from the trusted platform module, authenticates the trusted platform module, and compares the current boot metric data to previously stored boot metric data to determine whether to authenticate the network operating system engine. If authenticated, the network operating system engine then authenticates the platform management controller.