| Patent application number | Description | Published |
|---|
| 20090100272 | ANTI-ROLL-BACK MECHANISM FOR COUNTER - A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorised users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium. | 04-16-2009 |
| 20090205028 | Method and System for Mobile Device Credentialing - Methods and systems taught herein allow communication device manufacturers to preconfigure communication devices to use preliminary access credentials to gain temporary network access for downloading subscription credentials, and particularly allow the network operator issuing the subscription credentials to verify that individual devices requesting credentials are trusted. In one or more embodiments, a credentialing server is owned or controlled by the network operator, and is used by the network operator to verify that subscription credentials are issued only to trusted communication devices, even though such devices may be referred to the credentialing server by an external registration server and may be provisioned by an external provisioning server. Particularly, the credentialing server interrogates requesting devices for their device certificates and submits these device certificates to an external authorization server, e.g., an independent OCSP server, for verification. A common Public Key Infrastructure (PKI) may be used for operator and device certificates. | 08-13-2009 |
| 20090239503 | System and Method for Securely Issuing Subscription Credentials to Communication Devices - According to teachings presented herein, communication devices are conveniently provisioned with network subscription credentials after purchasing, without device manufacturer or network operators having to preload temporary subscription credentials or to otherwise make provisions for supporting direct over-the-air provisioning of the devices. Such devices may be, for example, cellular telephones or other mobile devices. Broadly, a user communicatively couples a communication device to be provisioned to an intermediate data device that has existing communication capabilities, e.g., a PC or already-provisioned mobile telephone. A subscription server or other entity then uses a communication link with the intermediate data device to provide subscription credentials to the communication device, subject to trusted-device and owner identity verifications. | 09-24-2009 |
| 20090276844 | Method and Apparatus for Secure Hardware Analysis - A Hardware Analysis Module (“HAM”) embedded in an integrated circuit (IC) implements a dedicated hardware-controlled access control procedure. The secure hardware analysis features are unlocked by a key unit subject to successful completion of an access control procedure. The access control procedure prevents unlocking of the secure hardware analysis features by an unauthorized or compromised key unit by including an embedded control command in an authentication challenge sent by the HAM to the key unit during the access control procedure. | 11-05-2009 |
| 20090296922 | WATERMARKING COMPUTER CODE BY EQUIVALENT MATHEMATICAL EXPRESSIONS - A method of embedding information in a computer program code, including a plurality of program statements. The method comprises: parsing the computer program code to identify at least one program statement that includes a first mathematical expression, wherein said first mathematical expression includes at least a first algebraic expression adapted to produce at least one numeric result; generating a modified mathematical expression by performing a predetermined transformation of the first mathematical expression, wherein the modified mathematical expression includes a transformed algebraic expression instead of the first algebraic expression, such that the modified mathematical expression is adapted to produce the same result as the first mathematical expression, and wherein the modified mathematical expression is indicative of at least a part of said information; replacing said first mathematical expression in the identified program statement by the modified mathematical expression. | 12-03-2009 |
| 20100180130 | Cryptographic Protection of Usage Restrictions in Electronic Devices - An electronic device requires valid control keys to change any usage restriction setting. The device is provided control keys, a secret key, and a signed software object including a batch ID and a hash of the secret key. For each control key, the device generates a cryptographic footprint bound to the device and the secret key. A message authentication code (MAC) of each usage restriction setting is generated, the MAC bound to the device and a control key. To change a usage restriction, the device receives a control key, validates it against the stored footprint, changes the usage restriction settings, and generates a new usage restriction setting MAC. The control key footprints are bound to the secret key, but the device retains only a hash of the secret key. | 07-15-2010 |
| 20100211772 | Collaborative Reconciliation of Application Trustworthiness - A mobile terminal receives trustworthiness information for a software application by receiving a voucher that indicates the trustworthiness of that application as represented by a third party. To ensure the integrity of this information, the mobile terminal authenticates the voucher and verifies that the software application is the one having its trustworthiness indicated by the voucher. Given such indications of trustworthiness, a user of the mobile terminal may decide whether install and run it. If decided in the affirmative, the user may form his or her own basis for the trustworthiness of the software application. Accordingly, the mobile terminal may also create a new voucher that indicates the trustworthiness of the software application as represented by the user. With third parties representing the trustworthiness of software applications in this manner, their development is not hindered by the imposition of security requirements on application developers. | 08-19-2010 |
| 20110296495 | Redundant Credentialed Access to a Secured Network - A mobile communication device is configured to provide redundant credentialed access to one or more secured wireless communication networks. The mobile device obtains credentialed access to one of the secured networks by remotely using credentials stored in a credentialed communication device that is locally available (i.e., in the vicinity of the mobile device). Responsive to detecting the actual, or potential, compromise of the mobile device's credentialed access to that secured network, the mobile device switches to other credentials stored in a different credentialed device and obtains credentialed access to one of the secured networks by remotely using those other credentials. This switching occurs dynamically upon detecting the compromise of credentialed access, as well as automatically without requiring the mobile device's user to manually enter commands into the device's user interface. | 12-01-2011 |
