Disclosed is a system and method for increased security of files stored on local machines. The system and method include a number of checks to ensure that the file is being opened on the local machine where it was created. The checks may include a comparison to a CPUID of the machine on which the file is being opened to a CPUID stored in a script when the file was created. The checks may also include a review of a plurality of memory locations in search of artifacts indicating that the file is being opened on a virtual machine. A server may also check that any messages send from the local machine do not pass through an intermediate server.

Systems and methods for providing cryptographic services. A cryptography service obtains a request to provision a computing device to perform cryptographic operations. The cryptography service generates executable code for a protected execution environment. The computing device obtains and executes the executable code. The computing device fulfills requests for cryptographic operations in the protected execution environment.

Embodiments of the disclosure provide application management capabilities to enterprises. A computing device of a user, associated with the enterprise, receives an enrollment token signed with a certificate. The enrollment token includes an enterprise identifier associated with the enterprise. The computing device receives a package containing one or more applications. The package also includes an enterprise identifier. Installation and execution of one or more applications from the received package is accepted or rejected based on a comparison of the enterprise identifier from the enrollment token with the enterprise identifier from the received package or application. A web service provides validation services by monitoring the installation and execution of applications on the computing devices associated with the enterprise.

A communication device. The communication device comprises a central processing unit (CPU), a graphics processing unit (GPU), and a non-transitory memory comprising executable instructions for a sharing application that when executed by at least one of the CPU or the GPU, causes the sharing application to transmit an executable of a trusted application to an endpoint communication device, begin execution of the sharing application in a trusted security execution zone (TSZ) execution mode for sharing media content, instantiate a trustlet application that begins execution by the CPU or the GPU in the TSZ execution mode, display a unit of media content on the communication device, determine whether the unit of media content comprises confidential information, and in response to a determination the unit of media content comprises confidential information, transmit commands to the trusted application to control one or more functions at the endpoint communication device.

A variety of methods are provided for an application or operating system (OS) kernel intrusion detection and prevention, based on usage of existing vulnerability fixes and their transformation into honeypot detectors. A honeypot patch may be generated for a computing system associated with a software vulnerability in software installed on the computing system. The honeypot patch, when used to modify the installed software, can convert the computing system into a honeypot system configured to detect attempts to exploit the software vulnerability of the software, and in response, generate a security event associated with the software vulnerability.

In accordance with the teaching described herein, systems and methods are provided for providing secure access to a software application on a computing device. The software application may include a security framework having a set of predetermined security requirements. Prior to enabling access to the software application by a user, the computing device may, (i) verify installation of a device security configuration profile on the computing device, wherein the device security configuration profile certifies that the software application includes the set of predetermined security requirements, (ii) receive identifying information from the user via a user interface, (iii) verify the identifying information with an authentication server, and (iv) based on a successful verification of the identifying information, receive and store a security token. Access to the software application on the computing device may be provided for a specified period identified by the security token.

Embodiments of the disclosure provide application management capabilities to enterprises. A computing device of a user, associated with the enterprise, receives an enrollment token signed with a certificate. The enrollment token includes an enterprise identifier associated with the enterprise. The computing device receives a package containing one or more applications. The package also includes an enterprise identifier. Installation and execution of one or more applications from the received package is accepted or rejected based on a comparison of the enterprise identifier from the enrollment token with the enterprise identifier from the received package or application. A web service provides validation services by monitoring the installation and execution of applications on the computing devices associated with the enterprise.

A computer system comprising a processor and a memory for storing instructions, that when executed by the processor performs a copy protection method. The copy protection method comprises executing a software loop of a first software application in a first operating system. A first call is executed in the software loop to a code portion. A decrypted code portion of the first software application is executed in a second operating system in response to the first call. The code portion is decrypted in response to a successful validation of the first software application.

An electronic apparatus operated based on an OS is provided. The electronic apparatus includes a storage to store the OS, a virtual device program capable of generating a virtual device executed based on the OS, and at least one program; and at least one processor to execute the virtual device program to generate the virtual device, and to execute the OS to determine whether a first program having an administration authority assigned by the OS from among the at least one program has access authority to data about the virtual device in response to an attempt to access the data from the first program and to selectively permit the access to the data based on the determined access authority. With this, the electronic apparatus may restrain the access to the virtual device or the data thereabout according to a presence of the access authority, thereby safely protecting the virtual device or the data.

A method of obfuscating a circuit design includes, in part, receiving data representative of the circuit design. The method further includes, in part, simulating the circuit design, and obfuscating at least one output signal of the circuit design if a user performing the simulation is determined as not being an authorized user.