- Jacob Mendel, Moshe Zviran, "BoardTech – Information Technologies and Technological Innovation in the Boardroom", Issue 9, July 2021 https://coller.tau.ac.il/sites/coller.tau.ac.il/files/media_server/Recanati/management/newsletter/august2021/Zviran.pdf
- Jacob Mendel, Smart Grid Cyber Security Challenges: Overview and Classification, e-mentor, 2017 (p55-66), ISSN 1731-6758. DOI: 10.15219/em68.1282
- Lis, Piotr, and Jacob Mendel. "Cyberattacks on critical infrastructure: An economic perspective." Economics and Business Review EBR 19.2 (2019): 24-47. DOI: 10.18559/ebr.2019.2.2
- Jacob Mendel "Blockchain as a Solution to Cyber Threats in the Smart Grid of the Future", Coller Venture Review, (2019): p.50-55, ISSN
- 1241-5542
-
- Hardware isolated secure processing system within a secure element
Patent number: 10552604
Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.
Type: Grant
Filed: May 16, 2018
Date of Patent: February 4, 2020
Assignee: NXP B.V.
Inventors: Mark Buer, Theodore Trost, Jacob Mendel
- MOVEMENT-BASED EVENT DETECTION IN A MOBILE DEVICE
Publication number: 20190104133
Abstract: Systems and methods are provided for enhancing security by providing additional authentication factors. Prior to authentication, a user may enroll a device from which access to a service or application is authorized. During authentication, the authentication system may retrieve the location of the enrolled device and generate one or more questions that only a user in that location can answer. The user may additionally or alternatively enroll a movement signature with an authentication server as an authentication factor. The user may set a pattern for device movement. During authentication, the user moves the device in the pattern. The device then transmits the movement signature for authentication.
Type: Application
Filed: December 3, 2018
Publication date: April 4, 2019
Applicant: Avago Technologies International Sales Pte. Limited
Inventors: Shlomo MARKEL, Jacob MENDEL
Movement-based event detection in a mobile device
Patent number: 10148670
Abstract: Systems and methods are provided for enhancing security by providing additional authentication factors. Prior to authentication, a user may enroll a device from which access to a service or application is authorized. During authentication, the authentication system may retrieve the location of the enrolled device and generate one or more questions that only a user in that location can answer. The user may additionally or alternatively enroll a movement signature with an authentication server as an authentication factor. The user may set a pattern for device movement. During authentication, the user moves the device in the pattern. The device then transmits the movement signature for authentication.
Type: Grant
Filed: December 28, 2012
Date of Patent: December 4, 2018
Assignee: Avago Technologies International Sales Pte. Limited.
Inventors: Shlomo Markel, Jacob Mendel
HARDWARE ISOLATED SECURE PROCESSING SYSTEM WITHIN A SECURE ELEMENT
Publication number: 20180268132
Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and reused in other host devices without necessitating re-certification.
Type: Application
Filed: May 16, 2018
Publication date: September 20, 2018
Inventors: Mark Buer, Theodore Trost, Jacob Mendel
Methods and systems for secured authentication of applications on a network
Patent number: 10079836
Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.
Type: Grant
Filed: February 8, 2016
Date of Patent: September 18, 2018
Assignee: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Inventors: Philippe Klein, Jacob Mendel, Shlomo Markel
Hardware isolated secure processing system within a secure element
Patent number: 10002246
Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.
Type: Grant
Filed: November 23, 2015
Date of Patent: June 19, 2018
Assignee: NXP B.V.
Inventors: Mark Buer, Theodore Trost, Jacob Mendel
Security controlled multi-processor system
Patent number: 9910990
Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.
Type: Grant
Filed: December 31, 2015
Date of Patent: March 6, 2018
Assignee: NXP B.V.
Inventors: Mark L. Buer, Jacob Mendel
System, method and computer program product for detecting tampering in a product
Patent number: 9798294
Abstract: A system for detecting tampering in a product having a tamper-detector seal, including a secure element configured to store a digital signature and a data associated with the digital signature, transmit the digital signature and the data associated with the digital signature in response to a request, detect tampering of the tamper-detector seal, and modify the data associated with the digital signature if tampering is detected. The system further includes a seal validation device configured to receive a public key associated with the product, request the digital signature and the data associated with the digital signature from the secure element, and validate the digital signature utilizing the data associated with the digital signature and the public key associated with the product.
Type: Grant
Filed: December 26, 2012
Date of Patent: October 24, 2017
Assignee: NXP B.V.
Inventors: Shlomo Markel, Jacob Mendel
System utilizing a secure element
Patent number: 9674196
Abstract: A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode.
Type: Grant
Filed: June 5, 2015
Date of Patent: June 6, 2017
Assignee: NXP B.V.
Inventors: Jacob Mendel, Alexander Potievsky, Eyal Webber-Zvik
Apparatus and method to secure an electronic storage using a secure element
Patent number: 9400892
Abstract: A secure integrated circuit (IC) to provide access to an electronic storage, the secure IC including a memory and a processor. The processor may generate a first key and a second key, and enable storing the first key in the memory and storing the second key in a device memory of a device. The processor may then receive the second key from the device when the device wants to access the electronic storage, and grant the device access to the electronic storage by using the first key and the second key received from the device.
Type: Grant
Filed: June 28, 2013
Date of Patent: July 26, 2016
Assignee: Broadcom Corporation
Inventors: Yasantha Rajakarunanayake, William Bunch, Jacob Mendel
Methods and Systems for Secured Authentication of Applications on a Network
Publication number: 20160156637
Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.
Type: Application
Filed: February 8, 2016
Publication date: June 2, 2016
Inventors: Philippe Klein, Jacob Mendel, Shlomo Markel
Mobile payTV DRM architecture
Patent number: 9344747
Abstract: A secure element operating in conjunction with a secure partition of a system-on-a-chip (SoC) having set top box (STB) functionality allows for digital rights management (DRM) key handling in a mobile platform. The secure element can include a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The secure element and the secure partition of the SoC may be operatively connected by a secure cryptographic channel.
Type: Grant
Filed: April 9, 2013
Date of Patent: May 17, 2016
Assignee: Broadcom Corporation
Inventors: Mark Leonard Buer, Andrew Dellow, Jacob Mendel
Secure data transfer using random ordering and random block sizing
Patent number: 9344278
Abstract: Encrypted information is conventionally broken into blocks which are transmitted sequentially. Because the order and the size of such blocks can be easily determined, an eavesdropper can gain valuable information regarding the content of the communication. More specifically, if known types of information exist within a block, the encryption key may be determined allowing the content of other encrypted blocks to be obtained. Embodiments of a system, method and computer program product described herein can overcome this deficiency by securely transferring information through random ordering and random block sizing. An original data set to be transferred is divided into a plurality of blocks, where at least two blocks have different sizes. The blocks are encrypted and inserted into a sequence of data transfer slots. The blocks are then selected for transfer in random order by selecting a slot to transfer based on a generated random number.
Type: Grant
Filed: May 14, 2012
Date of Patent: May 17, 2016
Assignee: Broadcom Corporation
Inventor: Jacob Mendel
Security Controlled Multi-Processor System
Publication number: 20160117506
Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.
Type: Application
Filed: December 31, 2015
Publication date: April 28, 2016
Applicant: Broadcom Corporation
Inventors: Mark L. BUER, Jacob MENDEL
Hardware Isolated Secure Processing System Within A Secure Element
Publication number: 20160078223
Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.
Type: Application
Filed: November 23, 2015
Publication date: March 17, 2016
Applicant: Broadcom Corporation
Inventors: Mark BUER, Theodore Trost, Jacob Mendel
Methods and systems for secured authentication of applications on a network
Patent number: 9282086
Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.
Type: Grant
Filed: May 29, 2013
Date of Patent: March 8, 2016
Assignee: Broadcom Corporation
Inventors: Philippe Klein, Jacob Mendel, Shlomo Markel
Secure electronic element network
Patent number: 9276830
Abstract: A secure network of electronic elements (“network”) ensures the electronic elements that implement an electronic device are functioning properly. The network selects at least one master electronic element to consistently check that each of the electronic elements are functioning properly. When the master electronic element identifies that an electronic element is not functioning properly, the network executes a predefined response, such as a counter measure that limits the functional capability of the improperly functioning electronic element or other electronic elements. Electronic elements can identify when a master electronic element is improperly functioning by observing that the master electronic element has ceased checking on the electronic elements. The secure network can then execute a response that includes the counter measure of limiting the functional capability of the improperly functioning master electronic element and assigning a new master electronic element.
Type: Grant
Filed: May 23, 2012
Date of Patent: March 1, 2016
Assignee: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky
Security controlled multi-processor system
Patent number: 9256734
Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.
Type: Grant
Filed: June 7, 2012
Date of Patent: February 9, 2016
Assignee: Broadcom Corporation
Inventors: Mark L. Buer, Jacob Mendel
Secure active networks
Patent number: 9258287
Abstract: A secure active network includes a plurality of secure elements which communicate with one another to share and log information such as identification, location, and user activity associated with each secure element. Secure elements exchange data with one another, and log data received. The periodicity of communication between secure elements, encryption of the information, and the operating frequency in which the information is transmitted and received may be changed if communication is lost between any of the secure elements or if a determination is made that a secure element has traveled outside a predetermined zone. The integrity of the secure network may be verified at any time by comparing the logged information to a reference network.
Type: Grant
Filed: December 20, 2012
Date of Patent: February 9, 2016
Assignee: Broadcom Corporation
Inventors: Shlomo Markel, Jacob Mendel
Secure processing sub-system that is hardware isolated from a peripheral processing sub-system
Patent number: 9224013
Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.
Type: Grant
Filed: December 27, 2012
Date of Patent: December 29, 2015
Assignee: BROADCOM CORPORATION
Inventors: Mark Buer, Theodore Trost, Jacob Mendel
Input/output gatekeeping
Patent number: 9202070
Abstract: Disclosed are various embodiments providing a portable wireless communication device that includes a secure element configured to route a set of input/output (I/O) channels to host processing circuitry of a mobile communication device. The secure element includes an application executable by the secure element, the application being configured to obtain a policy via an I/O channel of the set of I/O channels. The application is further configured to prevent the host processing circuitry from accessing data corresponding to at least a portion of the set of I/O channels according to the policy.
Type: Grant
Filed: December 7, 2012
Date of Patent: December 1, 2015
Assignee: BROADCOM CORPORATION
Inventors: Yasantha Rajakarunanayake, William Bunch, Jacob Mendel
Secure delivery of processing code
Patent number: 9165163
Abstract: An apparatus may comprise a secure portion of a chip and an external memory device. The secure portion of the chip may be configured to receive an encryption key, and the memory device may be configured to receive an encrypted processing code. The secure portion of the chip may be configured to verify the encrypted processing code by decrypting the encrypted processing code using the encryption key. A non-secure portion of the chip may be configured to write the encrypted processing code on the memory device while the memory device is coupled to the chip. The encryption key may be associated with an identifier of the chip.
Type: Grant
Filed: December 28, 2012
Date of Patent: October 20, 2015
Assignee: Broadcom Corporation
Inventors: Mark Buer, Jacob Mendel
System Utilizing a Secure Element
Publication number: 20150271181
Abstract: A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode.
Type: Application
Filed: June 5, 2015
Publication date: September 24, 2015
Inventors: Jacob Mendel, Alexander Potievsky, Eyal Webber-Zvik
Method and system for authentication of device using hardware DNA
Patent number: 9069946
Abstract: Methods and systems for authentication of a device are disclosed. An exemplary method includes transmitting an energy towards the device including a material, monitoring a response of the device to the transmitted energy, generating a signature of the device based on the response of the device to the transmitted energy, comparing the device signature to an enrolled signature for the device, and indicating that authentication of the device is successful when the generated signature matches the enrolled signature. An exemplary system includes a transmitter configured to transmit an energy towards the device, a receiver configured to monitor a response of the device, and a processor configured to generate a signature of the device based on the response of the device, compare the device signature to an enrolled signature for the device, and indicate that authentication of the device is successful when the generated signature matches the enrolled signature.
Type: Grant
Filed: April 17, 2013
Date of Patent: June 30, 2015
Assignee: Broadcom Corporation
Inventors: Shlomo Markel, Jacob Mendel
System utilizing a secure element
Patent number: 9059994
Abstract: A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode.
Type: Grant
Filed: August 20, 2013
Date of Patent: June 16, 2015
Assignee: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky, Eyal Webber-Zvik
System for monitoring an operation of a device
Patent number: 9027124
Abstract: A system monitors an application. The system includes a state table with state table nodes corresponding to application checkpoints. The state table nodes include an authorized time interval and application path. The system also includes a time counter that tracks an operation time between successive application checkpoints, and a program counter that tracks and stores an operation path for the application. A checkpoint module verifies an operation of the application at a checkpoint by comparing the authorized time interval for the checkpoint state table node and the operation time tracked by the time counter, as well as the authorized application path for the checkpoint state table node and the operation path tracked by the program counter. A security action is performed when the tracked operation time is not within the authorized time interval, or when the tracked operation path does not match the authorized application path.
Type: Grant
Filed: May 14, 2012
Date of Patent: May 5, 2015
Assignee: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky
Apparatus and Method to Secure an Electronic Storage Using a Secure Element
Publication number: 20150007347
Abstract: A secure integrated circuit (IC) to provide access to an electronic storage, the secure IC including a memory and a processor. The processor may generate a first key and a second key, and enable storing the first key in the memory and storing the second key in a device memory of a device. The processor may then receive the second key from the device when the device wants to access the electronic storage, and grant the device access to the electronic storage by using the first key and the second key received from the device.
Type: Application
Filed: June 28, 2013
Publication date: January 1, 2015
Applicant: Broadcom Corporation
Inventors: Yasantha Rajakarunanayake, William Bunch, Jacob Mendel
Apparatus and Method to Obtain Electronic Authentication
Publication number: 20150006897
Abstract: A host apparatus to obtain electronic authentication of a request associated with a group, the host apparatus including a processor to receive the request from an external device external to the group, to generate a digital document based on information associated with the request, to transmit the digital document to a trusted entity device for electronic authentication of the request, to receive the digital document from the trusted entity device, to determine whether the electronic authentication of the request was successful, and to process the request when it is determined that the electronic authentication of the request was successful.
Type: Application
Filed: June 28, 2013
Publication date: January 1, 2015
Inventors: Yasantha Rajakarunanayake, William Bunch, Jacob Mendel
Methods and Systems for Secured Authentication of Applications on a Network
Publication number: 20140325594
Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.
Type: Application
Filed: May 29, 2013
Publication date: October 30, 2014
Inventors: Philippe Klein, Jacob Mendel, Shlomo Markel
MOBILE PAYTV DRM ARCHITECTURE
Publication number: 20140233732
Abstract: A secure element operating in conjunction with a secure partition of a system-on-a-chip (SoC) having set top box (STB) functionality allows for digital rights management (DRM) key handling in a mobile platform. The secure element can include a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The secure element and the secure partition of the SoC may be operatively connected by a secure cryptographic channel.
Type: Application
Filed: April 9, 2013
Publication date: August 21, 2014
Applicant: Broadcom Corporation
Inventors: Mark Leonard Buer, Andrew Dellow, Jacob Mendel
Secure Active Networks
Publication number: 20140181901
Abstract: A secure active network includes a plurality of secure elements which communicate with one another to share and log information such as identification, location, and user activity associated with each secure element. Secure elements exchange data with one another, and log data received. The periodicity of communication between secure elements, encryption of the information, and the operating frequency in which the information is transmitted and received may be changed if communication is lost between any of the secure elements or if a determination is made that a secure element has travelled outside a predetermined zone. The integrity of the secure network may be verified at any time by comparing the logged information to a reference network.
Type: Application
Filed: December 20, 2012
Publication date: June 26, 2014
Applicant: Broadcom Corporation
Inventors: Shlomo MARKEL, Jacob MENDEL
SECURE DELIVERY OF PROCESSING CODE
Publication number: 20140157000
Abstract: An apparatus may comprise a secure portion of a chip and an external memory device. The secure portion of the chip may be configured to receive an encryption key, and the memory device may be configured to receive an encrypted processing code. The secure portion of the chip may be configured to verify the encrypted processing code by decrypting the encrypted processing code using the encryption key. A non-secure portion of the chip may be configured to write the encrypted processing code on the memory device while the memory device is coupled to the chip. The encryption key may be associated with an identifier of the chip.
Type: Application
Filed: December 28, 2012
Publication date: June 5, 2014
Applicant: BROADCOM CORPORATION
Inventors: Mark Buer, Jacob Mendel
SECURE ELEMENT SYSTEM INTEGRATED HARD MACRO
Publication number: 20140156872
Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.
Type: Application
Filed: December 27, 2012
Publication date: June 5, 2014
Applicant: BROADCOM CORPORATION
Inventors: Mark Buer, Theodore Trost, Jacob Mendel
Host based content security and protection
Publication number: 20140122342
Abstract: Host based content security and protection. Security is achieved via a third-party device serving as an intermediary or host (e.g., certificate authority (CA)) between two or more user device is associated with two or more users. Any number of security measures may be employed to ensure that the content and/or identity associated with a given user is protected, including on a per communication or content basis. Various authentication, authorization, and accounting (AAA) protocols may be employed to govern the respective sharing of content and/or identity between respective users within the system, and such AAA protocols may be dynamically allocated differently with respect to different pairings of users at different respective times. In addition, with respect to digital rights management (DRM) employed to govern the security of content and/or identity between users, a third-party device (e.g.
Type: Application
Filed: October 31, 2012
Publication date: May 1, 2014
Applicant: BROADCOM CORPORATION
Inventors: Yasantha N. Rajakarunanayake, William S. Bunch, Jacob Mendel
INPUT/OUTPUT GATEKEEPING
Publication number: 20140123209
Abstract: Disclosed are various embodiments providing a portable wireless communication device that includes a secure element configured to route a set of input/output (I/O) channels to host processing circuitry of a mobile communication device. The secure element includes an application executable by the secure element, the application being configured to obtain a policy via an I/O channel of the set of I/O channels. The application is further configured to prevent the host processing circuitry from accessing data corresponding to at least a portion of the set of I/O channels according to the policy.
Type: Application
Filed: December 7, 2012
Publication date: May 1, 2014
Applicant: BROADCOM CORPORATION
Inventors: Yasantha Rajakarunanayake, William Bunch, Jacob Mendel
System, Method and Computer Program Product for Detecting Tampering in a Product
Publication number: 20140077928
Abstract: A system for detecting tampering in a product having a tamper-detector seal, including a secure element configured to store a digital signature and a data associated with the digital signature, transmit the digital signature and the data associated with the digital signature in response to a request, detect tampering of the tamper-detector seal, and modify the data associated with the digital signature if tampering is detected. The system further includes a seal validation device configured to receive a public key associated with the product, request the digital signature and the data associated with the digital signature from the secure element, and validate the digital signature utilizing the data associated with the digital signature and the public key associated with the product.
Type: Application
Filed: December 26, 2012
Publication date: March 20, 2014
Applicant: Broadcom Corporation
Inventors: Shlomo Markel, Jacob Mendel
Method and System for Authentication of Device Using Hardware DNA
Publication number: 20140082720
Abstract: Methods and systems for authentication of a device are disclosed. An exemplary method includes transmitting an energy towards the device including a material, monitoring a response of the device to the transmitted energy, generating a signature of the device based on the response of the device to the transmitted energy, comparing the device signature to an enrolled signature for the device, and indicating that authentication of the device is successful when the generated signature matches the enrolled signature. An exemplary system includes a transmitter configured to transmit an energy towards the device, a receiver configured to monitor a response of the device, and a processor configured to generate a signature of the device based on the response of the device, compare the device signature to an enrolled signature for the device, and indicate that authentication of the device is successful when the generated signature matches the enrolled signature.
Type: Application
Filed: April 17, 2013
Publication date: March 20, 2014
Applicant: Broadcom Corporation
Inventors: Shlomo MARKEL, Jacob Mendel
System and Method for Location-Based Authentication
Publication number: 20140082713
Abstract: Systems and methods are provided for enhancing security by providing additional authentication factors. Prior to authentication, a user may enroll a device from which access to a service or application is authorized. During authentication, the authentication system may retrieve the location of the enrolled device and generate one or more questions that only a user in that location can answer. The user may additionally or alternatively enroll a movement signature with an authentication server as an authentication factor. The user may set a pattern for device movement. During authentication, the user moves the device in the pattern. The device then transmits the movement signature for authentication.
Type: Application
Filed: December 28, 2012
Publication date: March 20, 2014
Applicant: Broadcom Corporation
Inventors: Shlomo Markel, Jacob Mendel
System Utilizing A Secure Element
Publication number: 20130340090
Abstract: A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode.
Type: Application
Filed: August 20, 2013
Publication date: December 19, 2013
Applicant: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky, Eyal Webber-Zvik
Security Controlled Multi-Processor System
Publication number: 20130291053
Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.
Type: Application
Filed: June 7, 2012
Publication date: October 31, 2013
Applicant: Broadcom Corporation
Inventors: Mark L. BUER, Jacob Mendel
System utilizing a secure element
Patent number: 8549586
Abstract: An electronic device includes a receiver configured to receive, from an entity, a request to perform a function. The electronic device also includes a secure element to verify the request to perform the function. The secure element includes hardware programmed with instructions to verify that a security of the secure element has not been breached. The secure element also includes software including instructions to determine an access right for the entity requesting performance of the function, and to perform the function when the hardware verifies that the security of the secure element has not been breached and the access right indicates that the entity is authorized to request performance of the secure function.
Type: Grant
Filed: December 6, 2011
Date of Patent: October 1, 2013
Assignee: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky, Eyal Webber-Zvik
System Utilizing a Secure Element
Publication number: 20130145429
Abstract: An electronic device includes a receiver configured to receive, from an entity, a request to perform a function. The electronic device also includes a secure element to verify the request to perform the function. The secure element includes hardware programmed with instructions to verify that a security of the secure element has not been breached. The secure element also includes software including instructions to determine an access right for the entity requesting performance of the function, and to perform the function when the hardware verifies that the security of the secure element has not been breached and the access right indicates that the entity is authorized to request performance of the secure function.
Type: Application
Filed: December 6, 2011
Publication date: June 6, 2013
Applicant: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky, Eyal Webber-Zvik
SECURE DATA TRANSFER USING RANDOM ORDERING AND RANDOM BLOCK SIZING
Publication number: 20130094650
Abstract: Encrypted information is conventionally broken into blocks which are transmitted sequentially. Because the order and the size of such blocks can be easily determined, an eavesdropper can gain valuable information regarding the content of the communication. More specifically, if known types of information exist within a block, the encryption key may be determined allowing the content of other encrypted blocks to be obtained. Embodiments of a system, method and computer program product described herein can overcome this deficiency by securely transferring information through random ordering and random block sizing. An original data set to be transferred is divided into a plurality of blocks, where at least two blocks have different sizes. The blocks are encrypted and inserted into a sequence of data transfer slots. The blocks are then selected for transfer in random order by selecting a slot to transfer based on a generated random number.
Type: Application
Filed: May 14, 2012
Publication date: April 18, 2013
Applicant: Broadcom Corporation
Inventor: Jacob Mendel
SYSTEM FOR SECURELY PERFORMING A TRANSACTION
Publication number: 20130061290
Abstract: A system and method for performing a transaction are described. A transaction request to perform a transaction is received. Authorization information necessary to perform the transaction is gathered and stored in a secure memory. The gathered authorization information is verified. A final command to perform the transaction is received. When the final command is received, the transaction is performed and the stored authorization information in the secure memory is erased.
Type: Application
Filed: May 14, 2012
Publication date: March 7, 2013
Inventors: Jacob Mendel, Alexander Potievsky
SECURE ELECTRONIC ELEMENT NETWORK
Publication number: 20130060934
Abstract: A secure network of electronic elements (“network”) ensures the electronic elements that implement an electronic device are functioning properly. The network selects at least one master electronic element to consistently check that each of the electronic elements are functioning properly. When the master electronic element identifies that an electronic element is not functioning properly, the network executes a predefined response, such as a counter measure that limits the functional capability of the improperly functioning electronic element or other electronic elements. Electronic elements can identify when a master electronic element is improperly functioning by observing that the master electronic element has ceased checking on the electronic elements. The secure network can then execute a response that includes the counter measure of limiting the functional capability of the improperly functioning master electronic element and assigning a new master electronic element.
Type: Application
Filed: May 23, 2012
Publication date: March 7, 2013
Applicant: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky
INTEGRITY CHECKING SYSTEM
Publication number: 20130061328
Abstract: An integrity checking system provides improved monitoring of an electronic device for unauthorized access and modification. The integrity checking system includes a controller with a secure memory. The secure memory stores test profile information, such as test type, test subject, test action, expected test response, test frequency, and result action. The controller reads the test profile information and executes the defined tests to monitor the integrity of the device, and either permit normal operation, or execute the result action (e.g., terminate program execution) depending on the test results.
Type: Application
Filed: May 24, 2012
Publication date: March 7, 2013
Applicant: Broadcom Corporation
Inventors: Jacob Mendel, Alexander Potievsky, Eyal Webber-Zvik
SYSTEM FOR MONITORING AN OPERATION OF A DEVICE
Publication number: 20130061097
Abstract: A system monitors an application. The system includes a state table with state table nodes corresponding to application checkpoints. The state table nodes include an authorized time interval and application path. The system also includes a time counter that tracks an operation time between successive application checkpoints, and a program counter that tracks and stores an operation path for the application. A checkpoint module verifies an operation of the application at a checkpoint by comparing the authorized time interval for the checkpoint state table node and the operation time tracked by the time counter, as well as the authorized application path for the checkpoint state table node and the operation path tracked by the program counter. A security action is performed when the tracked operation time is not within the authorized time interval, or when the tracked operation path does not match the authorized application path.
Type: Application
Filed: May 14, 2012
Publication date: March 7, 2013
Inventors: Jacob Mendel, Alexander Potievsky
