Abstract: A device (100) for measuring pose and/or motion of an operator's hand (1) comprising: a first link (10) being adapted to be fixedly held and the distal end (12) being coupled to a second link (20) so as to allow a rotation motion there between about a first axis (15); the second link (20) being coupled to a third link (30) so as to allow a rotation motion there between about a second axis (25), the second axis (25) being substantially perpendicular to the first axis (15); the first edge (41) of the parallelogram linkage (40) being coupled to the third link (30); the second edge (42) of the parallelogram linkage (40) being coupled to a fourth link (50); the fourth link (50) being coupled to a fifth link (60), a distal end (62) thereof being coupled to a sixth link (70); and a grasper (80) being operably coupled to the sixth link (70).

Abstract: A computer-implemented time-series data processing method comprises receiving high volume-velocity time-series information from one or more data emission devices concerning the occurrences of events and a desired output to be generated. A data identification and structure scheme comprised of a set of identifiers, of a set of record keys and of a set of database tables is analyzed. The information concerning the occurrences of events and associated to the set of identifiers is received at a host computer that is one of one or more host computers configured to ingest and analyze the data. The computer-implemented method processes and stores the received data using the data identification and structure scheme. The computer-implemented method further processes the stored data to generate the desired output.

Abstract: A system and method for secure access to IoT devices using a mobile device. The mobile device includes a memory configured to store a private value thereon. The mobile device also includes a processor. The processor is configured establish a secure connection with the between the mobile device and a trusted server using the private value, receive a token from the a third party server via the trusted server, transmit the token to a provisioning server via the trusted server, receive an Internet of Things (IoT) profile from the provisioning server via the trusted server, and configure an IOT gateway based on the IoT profile.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: A system and method for secure access to IoT devices using a mobile device. The mobile device includes a memory configured to store a private value thereon. The mobile device also includes a processor. The processor is configured establish a secure connection with the between the mobile device and a trusted server using the private value, receive a token from the a third party server via the trusted server, transmit the token to a provisioning server via the trusted server, receive an Internet of Things (IoT) profile from the provisioning server via the trusted server, and configure an IOT gateway based on the IoT profile.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: A gateway device, system, and method are presented for securely obtaining health information from a personal medical device. The system installs a gateway application in a gateway device. The gateway application executes in a secure area of the gateway device. The system establishes first secure communications with the gateway application and receives aggregated personal medical device information from the gateway application. The gateway application establishes second secure communications with a personal medical device and receives information from the personal medical device via the second secure communications. The gateway application aggregates information from the personal medical device and send the aggregated information to the system via the first secure communications.

Abstract: A gateway device, system, and method are presented for securely obtaining health information from a personal medical device. The system installs a gateway application in a gateway device. The gateway application executes in a secure area of the gateway device. The system establishes first secure communications with the gateway application and receives aggregated personal medical device information from the gateway application. The gateway application establishes second secure communications with a personal medical device and receives information from the personal medical device via the second secure communications. The gateway application aggregates information from the personal medical device and send the aggregated information to the system via the first secure communications.

Abstract: An apparatus, system, and method to support downloadable DRM in a trusted execution environment is disclosed. A determination is made whether a platform supports the DRM requirements for protected content and an appropriate DRM module is downloaded if it is required. A DRM coordination agent in the trusted execution environment supports downloading a DRM module. A browser may include features to support utilizing the downloadable DRM module.

Abstract: A Digital Rights Management (DRM) service system providing digital content to which DRM technology is applied, when one or more DRM content is provided to a client device, download information for a DRM module capable of installing a DRM agent corresponding to a DRM system applied to the DRM content is provided together, making it possible for the client device to download the DRM module based on the download information, install the DRM agent, and use the DRM content.

Abstract: A method registers one or more electronic devices for a client account for a relying party with an authenticator. A request for access to one or more services for the client account is sent by a particular electronic device to the relying party. A request for authentication is sent from the relying party to the particular electronic device. The request for authentication is redirected to the authenticator. A signed response corresponding to the relying party is generated by the authenticator in response to the request for authentication. The signed response is forwarded to the relying party. Access to one or more requested services is granted.

Abstract: A method requests authentication of an electronic device by a service provider in response to a request for service by the electronic device. An authentication element is provided to the service provider via a secure media of the electronic device. In response to the request for service, an authorization server provides proxy authorization for the service provider by receiving an authorization element from the service provider and installing the authorization element on the secure media. Upon authenticating and authorizing the electronic device using the secure media, accessing the requested service.

Abstract: Methods and systems of rendering content on a device having a native digital rights management (DRM) system are described. A device, such as an end-user device capable of executing or playing content, acquires content in a common content format file having standardized locations for specific types of data. A generic digital rights token associated with the content is obtained by utilizing one of the standardized locations in the content format file, where the rights token contains information sufficient to allow retrieval of the rights associated with the content. Utilizing data in another of the standardized locations, it is then determined whether the device is registered in a domain. A license server directory may be accessed utilizing data in another of the standardized locations in the common content format file and a domain identifier, a device identifier, or both are transmitted to the license server directory.

Abstract: A method for processing an image such as a computer wallpaper identifies a characteristic color representative of the image. Image pixels with similar colors are separated into groups, and the average value of the R,G,B color components in each group is determined, after filtering out pixels with R,G,B values representing white, black, or grey. The group with the maximum difference between the highest average color component value and the lowest average color component value is identified as the characteristic color. Groups representing a number of pixels less than a certain percentage of all of the pixels are not considered. The characteristic color can be used in other displayed images at an intensity ? determined by setting maximum and minimum values of ?, with ? being the lesser of ?max and ?min plus the average color span of all pixels in the image.

Abstract: A method for mobile payment includes generating, by a financial institution, a unique credential based on user access information and media binding information that is cryptographically bound to media using a unique media identification. The financial institution stores the credential and media binding information in the form of authentication code in a memory used by an electronic device. The stored credential and media binding information is accessed using the user access information for a payment transaction. A digital certificate is generated using the credential and media binding information. The digital certificate is presented to the financial institution for the payment transaction. The memory is authenticated and binding of the credential to the memory is verified prior to completing the payment transaction.

Abstract: A method for mobile payment selecting a payment method for a purchase request using an application, sending a request including identification information for the selected payment method to a financial entity server in a cloud computing environment, responding to an attestation request sent from the financial entity server to the application, providing mobile subscriber information to the financial entity server from a network operator, receiving a signed digital certificate for the selected payment method from the financial entity server, sending the digital certificate for payment processing from the electronic device to a payment method reader, and completing the purchase request upon verification of the digital certificate.

Abstract: A secure authentication channel (SAC) between two nodes in a communication network is created by the nodes themselves using mutual authentication. The network has two nodes, a coordinating entity, two PKI-based SACs, and one non-PKI SAC which is created by the two nodes and is for use by the nodes. The coordinating entity generates a master key which is transmitted to two nodes via a PKI-based SAC established between the coordinating entity and each of the two nodes. One node uses the master key to generate a first random number and the second node uses the key to generate a second random number. The second node also has an encrypted third random number. The network also has a third SAC, which is not solely based on PKI, between the first node and the second node and is created when the two nodes have authenticated each other. The mutual authentication process occurs without the intervention of the coordinating entity.

Abstract: A secure platform is enabled in which DRM modules can be downloaded and securely installed onto a consumer electronic device, such as a TV. Downloadable DRM solutions are supported for CE manufacturers. The problem of making downloadable DRM modules operate securely on a trusted generic hardware platform without compromising the security of DRM systems is addressed. The downloadable DRM solution uses secure trusted computing-based mechanisms thereby enabling a service provider to perform remote static and dynamic (run-time) attestation of the downloaded DRM module and DRM license in the media device and of content protection application (CPA).

Abstract: A system and method of providing content protection for OMA Broadcast smartcard profiles. When an electronic device has a content item for encryption, the device generates a random number. The electronic device then transmits a content encryption key request message, including the random number and a service encryption key identifier, to a smartcard, which then responds with a a content encryption key response message. The content encryption key response message includes the random number and a content encryption key. The electronic device can then use the content encryption key to manage the encryption of the content item. The electronic device stores random number, service key identifier and encrypted content item into a certain file format. The electronic device sends again content encryption key request at the time of rendering. The content encryption key returned by the content encryption key response message is used for the decryption of the stored content item.