An ecosystem for managing a public key infrastructure (PKI) includes an electronic device having at least one silicon component, an ecosystem manager configured to create at least one PKI keypair, a root certificate, and a bootstrapping certificate, and a device manufacturer configured to integrate into the electronic device the at least one silicon component. The device manufacturer is further configured to integrate into the at least one silicon component a public key of the at least one PKI keypair and the bootstrapping certificate. The ecosystem further includes an ecosystem approved test lab (ATL) configured to test the electronic device having the integrated silicon component, the public key, and the bootstrapping certificate. The ecosystem ATL is further configured to confirm that the bootstrapping certificate complies with predetermined standards of the ecosystem.

The present invention relates to a system for protecting sensitive data including at least one enclosing layer, a cryptography module, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Embodiments disclosed herein describe systems and methods for tamper-resistant verification of firmware with a trusted platform module. Embodiments may be configured to ensure the integrity of computer system firmware while still allowing reprograming of nonvolatile storage devices with arbitrary information.

Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

In one embodiment, an apparatus includes a wireless controller, which may include a byte stream parser to receive a stream of data from one or more wireless devices and parse the stream of data to identify a first data packet associated with a first channel identifier associated with a trusted application, and a cryptographic engine coupled to the byte stream parser to encrypt a payload portion of the first data packet in response to the identification of the first data packet associated with the first channel identifier. Other embodiments are described and claimed.

This invention relates to a method for controlling remotely the rights of a target secure element to an execute an operation, said target secure element being configured to load a profile image and to store a first set of at least one parameter indicating if the secure element is locked or unlocked and, in case it is locked, who is the locker of said secure element. The method is operated by an image delivery server, said method and comprises the following steps: receiving a second set of at least one parameter and an operation code OP defining a requested operation to be performed by the target secure element, receiving a profile image to be transmitted to the secure element; generating a security scheme descriptor (SSD) file adapted to bind the profile image with the target secure element and further comprising the second set of at least one parameter and the operation code OP; sending the received image profile and the associated security scheme descriptor (SSD) file to the target secure element.

The invention relates to a method for tightly coupling context to a secure pin and securely storing an asset in hardware. The method comprises a step of sending the context to a secure element, a step of ensuring that the context is shown to a user, and a step of acquiring user consent by performing an authentication check. Further, the method comprises a step of combining an authentication result with the secured context, and a step of performing an operation on the context with the asset if the authentication was successful.

Various systems and methods for configuring a pluggable computing device are described herein. A pluggable computing device may be configured to be compatible with a pluggable host system using a default communication channel to obtain configuration settings and configure a programmable logic device on the pluggable computing device. The pluggable computing device may perform chain of trust processing on the pluggable host system. The pluggable computing device may be disposed on a compute card, which may include a heat sink in a particular configuration.

The present invention relates to a system for protecting sensitive data including at least one enclosing layer, a cryptography module, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.