Abstract: System of decentralized Zero-Trust services for creating, using and analyzing securely commingled Self-Governing data sets that prevents extraction by any party and unauthorized in contradiction to the Self-Governing need-to-know policies defined by each Publisher. Such an invention enables performance of combinatorial analytics, machine learning or artificial intelligence (AI) or other permitted data usage processes applied to commingled data without exposing the Self-Governing data in any manner contravening the embedded and enforced fine-grained security and governance settings which control how and by whom and in what context each data element can be used.

Abstract: Described herein are systems and methods for controlling access to a protected resource based on various criteria. In one exemplary aspect, a method comprises designating a plurality of program data installed on a computing system as protected program data; intercepting, by a kernel mode driver, a request from an untrusted application executing on the computing system to alter at least one of the protected program data; classifying, by a self-defense service, the untrusted application as a malicious application based on the intercepted request and information related to the untrusted application; and responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data.

Abstract: In an embodiment of the present invention, users with the appropriate permission can launch a function inside a system in order to anonymize and export the currently loaded study or studies, or one or more studies identified by a search criteria. The data from the studies that were identified is then anonymized on the system. In an embodiment of the present invention, the data from selected studies is anonymized on a server, and only then transmitted to another network device. In an alternative embodiment of the present invention, the data from selected studies is anonymized on a server, and only then stored to a hard disk or other media.

Abstract: An operator for a global total order broadcast domain executing a method to send an operation out of band to nodes of participating parties in a partition, receive a certificate and a signature on the operation for each of the participating parties, generate a single party packet based on the received signatures, generate a random symmetric encryption key, send the random symmetric encryption key to the participating parties, encrypt the single party packet with the random symmetric encryption key, generate a pseudo random string for the partition, and record an operation identifier, the encrypted party packet, and the pseudo random string on the global total order broadcast domain.

Abstract: Various embodiments for sending a cryptogram to a point of sale terminal while disconnected from a network. In some embodiments, for example, a computing device that is configured to display a prompt for a selection of a transaction account. An encrypted session key is retrieved through a network in response to determining a number of session keys associated with the transaction account is below a threshold. The computing device is also configured to generate a session key based at least in part on decrypting the encrypted session key using an encryption key and establish a wireless connection with a point of sale terminal for a purchase. A cryptogram is generated from the session key based at least in part on the user device being disconnected from the network. The cryptogram is sent to the point of sale terminal.

Abstract: Disclosed is a self-deploying encrypted hard disk, a deployment method thereof, a system and a boot method thereof.

Abstract: A method for dynamically storing keys and values includes receiving a request for storing one or more keys in a key value Solid State drive (KV-SSD). The method further includes performing a storage operation for storing each key of the one or more keys in a node of a data structure of the KV-SSD. The storage operation includes allocating a first region in the node for storing the key, such that a size of the first region is equal to a size of the key. The storage operation further includes allocating a second region in the node for storing key metadata associated with the key, such that the second region is of a predetermined size. The storage operation further includes storing the key in the first region and the key metadata in the second region of the node.

Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry and integrity circuitry. The processor circuitry is to receive a first request associated with an application to perform a memory access operation for an address range in a memory allocation of memory circuitry. The integrity circuitry is to determine a location of a metadata region within a cacheline that includes at least some of the address range, identify a first portion of the cacheline based at least in part on a first data bounds value stored in the metadata region, generate a first integrity value based on the first portion of the cacheline, and prevent the memory access operation in response to determining that the first integrity value does not correspond to a second integrity value stored in the metadata region.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to share policy information. The policy information may be associated with a smart contract. Accordingly, the policy information may be encrypted using a public key for the smart contract and compiled into a block of the blockchain. In response to a request to provide access to the information to a particular node, the private key for the smart contract may be encrypted using the public key for the particular node and compiled into a block of the blockchain.

Abstract: A memory system includes a plurality of memory cells at intersections between a plurality of word lines and a plurality of bit lines, and a plurality of bit line sense amplifiers connected to the plurality of bit lines, the plurality of bit line sense amplifiers configured to write data to or read data from the plurality of memory cells through the plurality of bit lines, a redundancy bit line sense amplifier among the plurality of bit line sense amplifiers configured to generate a physically unclonable function (PUF) key including a unique random digital value.

Abstract: In an authentication device, a controller executes login when a user name and a password are entered through an operation device and the entered password is identical to one of a plurality of fixed passwords previously stored in association with the entered user name on an HDD. When the entered password is identical to none of the plurality of fixed passwords and any one of the plurality of fixed passwords satisfies a predetermined condition on similarity to the entered password, the controller inhibits an authentication based on the fixed password satisfying the predetermined condition from being made for a predetermined period.

Abstract: A drive subsystem engages in data communication with a storage controller by establishing first and second communication ports, wherein the second port is configured for decryption and forwarding of decrypted communications to the first port. The drive subsystem receives and processes data communications having selective encryption and identification of target port, by (1) for a security command containing secret data (e.g. a passphrase) enabling operation of a target drive, receiving the security command at the second port, decrypting the security command and forwarding it to the first port for delivery to the target drive, and (2) for data commands by which the storage controller stores and retrieves data to/from the target drive, receiving the data commands in non-encrypted form at the first port directly from the storage controller for delivery to the target drive.

Abstract: Data protection for container storage, including: assigning, to a container storage volume of a storage system, a volume-level access policy; and determining whether to allow access to the container storage volume based on the volume-level access policy and one or more attributes of a request for the access, including allowing the access responsive to the one or more attributes meeting the volume-level access policy or denying the access responsive to the one or more attributes failing to meet the volume-level access policy.

Abstract: A method for a system for security evaluation includes working one state at a time; identifying primitives of interest and systematically applying relevant attacks for the system; starting at chip level, working through states, and then expanding a system boundary and repeating; following a sequence of: chip>circuit card>subsystem>system>platform for a product solution under analysis; determining if a system definition has sufficient detail, or is too abstract; for a chip with a native secure boot protocol, determining if all players are represented; representing attacks as vectors made up of measurements of the following attributes: Dollars, days, Probability of success, Probability of destruction, technology node, and number of samples; and representing countermeasures as vectors made up of scaling factors for each of attack attributes.

Abstract: A system and method for securely dispensing medication are described herein. The system includes a telemedicine center that communicates with medical assistant station and a medication distribution station located at a correctional facility and a physician center remote to the correctional facility. The medical assistant station transmits a request for medication to the telemedicine center. The telemedicine center verifies an identity of the medical assistant requesting the medication and transmits the request to the physician center. When the telemedicine center receives a confirmation to dispense medicine from the physician center, an identity of the physician transmitting the confirmation is verified. The telemedicine center then verifies an identity of an inmate to receive the medication, by way of the medication distribution station, and allows the medication distribution station to dispense the medication.

Abstract: A tokenization system receives a request for data anonymization, the request referencing unstructured/semi-structured content containing values of interest. The tokenization system performs a tokenization operation on the unstructured/semi-structured content, generates self-describing tokens for the values of interest, each self-describing token having a preconfigured pattern, an indication of a protection strategy, and a token value, and stores the values of interest in a secure data vault. The tokenization system may receive a request to reveal the self-describing tokens in the unstructured/semi-structured content. In response, the tokenization system searches the anonymized version of the unstructured or semi-structured content for the preconfigured pattern, identifies self-describing tokens, uses the self-describing tokens to retrieve the values of interest from the secure data vault, and produces a detokenized version of the unstructured/semi-structured content containing the values of interest.

Abstract: A method for authenticating a passive RFID tag includes acquiring a tag fingerprint of a first tag as a first tag fingerprint, the first tag being the genuine tag; acquiring a tag fingerprint of a second tag as a second tag fingerprint, the second tag being the tag to be authenticated; comparing the first tag fingerprint with the second tag fingerprint: if the first tag fingerprint is consistent with the second tag fingerprint, determining that the second tag is a genuine tag, otherwise determining the second tag is a forged tag. The tag fingerprint is the persistence time enabling the passive RFID tag to operate normally during discharge after fully charging. The beneficial effects include being high in robustness to the change of environment and high in authentication accuracy and capable of being directly deployed on an existing commercial RFID device without modifying hardware of the tag and reader.

Abstract: A method implements private categorization using shared keys. The method includes selecting an encryption key, encrypting a transaction vector, generated from a transaction record, with the encryption key to generate an encrypted transaction vector, and receiving an encrypted category vector generated by a classifier model, corresponding to the encryption key, from the encrypted transaction vector. The method further includes decrypting a category from the encrypted category vector with a decryption key corresponding to the encryption key and presenting the category.

Abstract: A system and method for digitally signing data. A method includes generating, by a first device, at least one first secret share based on a secret key chosen by the first device, wherein the first device is offline with respect to a second device; partially signing data by the first device using the at least one secret share, wherein the data is received from the second device without establishing direct communications between the first device and the second device; and sending the partially signed data from the first device to the second device, wherein the second device generates signed data using the partially signed data, wherein the signed data corresponds to a public key generated based on the at least one first secret share and at least one second secret share generated by the second device.

Abstract: An example method for execution on a system on a chip (SoC) having a plurality of subsystems includes receiving, by a storage controller from a subsystem of the plurality of subsystems, a command to fetch, from a local memory, task descriptor data comprising access parameters for accessing a storage device, the access parameters including a storage device address; obtaining, by an encryption engine of the SoC, the command to fetch the task descriptor data; determining, by the encryption engine based on an access rule, whether the subsystem has sufficient privilege to access the storage device address; in response to determining that the subsystem has sufficient privilege to access the storage device, encrypting, source data in the local memory according to an encryption key associated with the subsystem; and providing the encrypted source data to the storage controller for writing to the storage device at the storage device address.

Abstract: In some examples, for process-to-process communication, such as in function linking, a virtual channel can be provisioned to provide virtual machine to virtual machine communications. In response to a transmit request from a source virtual machine, the virtual channel can cause a data copy from a source buffer associated with the source virtual machine without decryption or encryption. The virtual channel provisions a key identifier for the copied data. The destination virtual machine can receive an indication data is available and can cause the data to be decrypted using a key accessed using the key identifier and source address of the copied data. In addition, the data can be encrypted using a second, different key for storage in a destination buffer associated with the destination virtual machine. In some examples, the key identifier and source address is managed by the virtual channel and is not visible to virtual machine or hypervisor.

Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults.

Abstract: Methods, systems, and use cases for one-touch inline cryptographic data security are discussed, including an edge computing device with a network communications circuitry (NCC), an enhanced DMA engine coupled to a memory device and including a cryptographic engine, and processing circuitry configured to perform a secure exchange with a second edge computing device to negotiate a shared symmetric encryption key, based on a request for data. An inline encryption command for communication to the enhanced DMA engine is generated. The inline encryption command includes a first address associated with a storage location storing the data, a second address associated with a memory location in the memory device, and the shared symmetric encryption key. The data is retrieved from the storage location using the first address, the data is encrypted using the shared symmetric encryption key, and the encrypted data is stored in the memory location using the second address.

Abstract: Herein disclosed are approaches for protecting sensitive information within a fingerprint authentication system that can be snooped and utilized to access the device, secured information, or a secured application. The approaches can utilize encryption keys and hash functions that are unique to the device in which the fingerprint authentication is being performed to protect the sensitive information that can be snooped.

Abstract: A method for project-oriented authentication of a device in a control system for a technical installation as part of an engineering project, wherein the control system includes at least one local registration service, at least one software inventory and a certification center, where information by the at least one local registration service with respect to what communication protocols and/or applications are supported by the device and/or are active is ascertained during authentication of the device within the control system, a project-oriented device certificate is requested from the first hierarchy of the certification center by the local registration service, and the project-oriented device certificate is deposited in an inventory element, associated with the engineering project, of the software inventory of the control system, the device certificates being issuable by the first hierarchy of the certification center have a unique project identifier.

Abstract: A method for storing application program information including segmenting the application program information into program sub-information, with an information segmentation algorithm of the application program information having undergone algorithm obfuscation processing; and storing the program sub-information. The present disclosure significantly reduces the possibility of application program information being acquired by hackers and the like, and improves the security of application program information and electronic devices.

Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting data between devices. In one example, a destination device receives a policy profile that includes an origination key and a destination key, and the origination key corresponds to a public transfer key of a source device. The destination device verifies the policy profile based on the destination key corresponding to a public transfer key of the source device. The destination device receives a signed encrypted data encryption key from the source device. The destination device receives encrypted data from the source device. The destination device verifies the signed encrypted data encryption key originated from the source device based on the signed encrypted data key being signed with a private attestation identity key that corresponds to a public attestation identity key of the source device. The destination device decrypts encrypted data using a private transfer key of the destination device.

Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.

Abstract: Embodiments for enabling granular migration of data with high efficiency. A defined metadata element, a tag, is assigned to each file, and then tag filtering is used to direct the data to the proper location. Files with different tags can be selected for transfer, and such a group of tags is referred to as a tag set. Embodiments can be used with a defined backup system file migration process, such as present in the Data Domain File System. By using snapshots, incoming new data (ingested file) is allowed to continue while the migration is in process and maintaining data consistency at the same time. This is achieved by performing operations on B+ Tree snapshots in conjunction with tag filtering on keys present in the leaf pages of these structures. This method is efficient became it makes a single pass walk of a B+ Tree in contrast with previous methods that look up files one-by-one via their pathname.

Abstract: A technique is provided for creating digital memories for a particular person. A data store stores personal data derived from signals gathered from a plurality of sensors that monitor the particular person. Memories creation processing circuitry, responsive to detection of a given event associated with the particular person, performs an augmentation process to generate an augmented given event identifying multiple items of data associated with the given event, including personal data associated with the given event obtained from the data store. The memories creation processing circuitry analyses the multiple items of data identified by the augmented given event in order to generate a given digital memory for the given event. A memories data store stores digital memories generated by the memories creation processing circuitry for the particular person, and memories analysis circuitry determines and maintains associations between the digital memories in the memories data store.

Abstract: Systems, computer program products, and methods are described herein for implementing enhanced file encryption technique. The present invention is configured to receive a request from a computing device of a user to encrypt a file; encrypt the file using a local file encryption key to generate an encrypted file; transmit, via an encryption engine, a first encryption request to an encryption server to encrypt a first portion of the encrypted file; receive, from the encryption server, an encrypted first portion of the encrypted file based on at least the first encryption request, wherein the first portion of the encrypted file is encrypted by the encryption server using a first file encryption key; append the encrypted first portion of the encryption file with a remaining portion of the encrypted file to generate a final encrypted file; and store the final encrypted file in a data repository.

Abstract: Techniques for debugging a circuit including a global counter configured to continuously increment, a comparator configured to transmit a clock stop signal based on a comparison of a comparator value and a counter value of the global counter, and clock stop circuitry configured to receive the clock stop signal and stop a clock signal to one or more portions of the electronic device.

Abstract: A method for accessing cloud resources via a local application development environment on a computing device. The method includes invoking an access management client at the computing device; obtaining an account identifier associated with a user account and communicating the account identifier to an identity platform; receiving an authentication message from the identity platform in response to the identity platform validating the account identifier, the authentication message comprising a role identifier; communicating the authentication message to the cloud platform; receiving security credentials associated with the role identifier from the cloud platform in response to the cloud platform validating the authentication message and the associated role identifier; setting a variable in the local development environment based on the received security credentials for use by the local development environment to request access to one or more resources maintained by the cloud platform.

Abstract: Lease-based consistency may be implemented for databases to handle failovers. A database node may obtain a consistency lease that describes a point in time determined from a time-to-live amount added to a consistent point in time for database data. While the consistency lease is valid, Multi-version Concurrency Control (MVCC) snapshots assigned by the database node can be used to handle requests to access the database data. Once expired, the database node may have to renew the consistency lease in order to continue to handle write and read requests.

Abstract: Described are various embodiments of an integrated network appliance and system. In one embodiment, the appliance comprises: a hardware-integrated processing engine operable to implement a trusted network-related resource; an integrated digital data processor operable to execute said processing engine; an integrated data storage resource accessible to said processing engine to implement said trusted network-related resource; an integrated location sensor; and an embedded hardware security module (HSM) hardwired to interface with said hardware-integrated processing engine via a dedicated hardware-isolated communication path, and operable to execute a trusted internal cryptographic process associated with said trusted network-related resource as a function of location data output from said integrated location sensor.

Abstract: Provided is an information processing method in an information processing system including a communication apparatus and an information processing apparatus which respectively include a first communication unit and a second communication unit that perform a wireless communication. In the information processing method, the information processing apparatus reads, by using the second communication unit, key information and first information written into a storage area by the communication apparatus, and performs a registration process for registering the communication apparatus. Regardless of communication with the communication apparatus, the information processing apparatus stores in advance second information. The information processing apparatus performs the registration process if the decryption key is generated from the key information, if the first information is decrypted by using the generated decryption key, and if the decrypted first information corresponds with the second information.

Abstract: A return address of a caller of a software function within an access control component is determined, the caller comprising a software component seeking access to a protected resource protected by the access control component. From the return address, a filename of the caller is determined. Responsive to determining that the filename is included in a set of filenames of components allowed to access the protected resource, the caller is allowed to access the protected resource.

Abstract: A computer-implemented method and system: (A) read, from a plurality of data sources associated with a user, a plurality of data elements; (B) identify, for each of the plurality of data elements, a corresponding security level and a corresponding access level; (C) store, for each of the plurality of data elements, the corresponding security level and the corresponding access level; and (D) store, in a data store associated with the user, each of the plurality of data elements using a storage method specified by the data element's corresponding security level.

Abstract: Systems, computer program products, and methods are described herein for implementing enhanced file encryption technique. The present invention is configured to receive a request from a computing device of a user to encrypt a file; encrypt the file using a local file encryption key to generate an encrypted file; transmit, via an encryption engine, a first encryption request to an encryption server to encrypt a first portion of the encrypted file; receive, from the encryption server, an encrypted first portion of the encrypted file based on at least the first encryption request, wherein the first portion of the encrypted file is encrypted by the encryption server using a first file encryption key; append the encrypted first portion of the encryption file with a remaining portion of the encrypted file to generate a final encrypted file; and store the final encrypted file in a data repository.

Abstract: A system and method for securing crypto-asset transactions. The method includes sharding a wallet private key such that each shard of the wallet private key is distributed to a different secure module; generating signatures by each of the different secure modules based on a respective shard of the sharded wallet private key and obtained trading platform credentials; and verifying the crypto-asset transaction when a predetermined threshold of the generated signatures are determined to match each other.

Abstract: System and methods are provided for sharding at the content level and routing content requests. Each point of presence (PoP) can initially identify the PoP that should serve content by using hashing. A PoP can encode a domain name with the identified PoP in metadata and redirect the client computing device. A client computing device transmits a DNS query for the encoded domain name. A DNS server receives the encoded domain name and decrypts and decodes the domain name label. The DNS server uses the decrypted and decoded metadata to make a further routing decision. The DNS server sends, to the client computing device, a DNS reply with the Internet Protocol (IP) address of the selected PoP. The client computing device requests content from the PoP identified by the provided IP address.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The systems and methods disclosed herein comprise computer-based platforms configured for automated early-stage application security monitoring for allowing users (e.g., application developers) to make decisions at the early stage of the application development.

Abstract: The present technology relates to an electronic device. According to the present technology, a data storage device providing an improved security function includes a memory device including a protected memory block by a security protocol and a memory controller configured to receive a command protocol component associated with the security protocol including a host side protection message requesting data from a host to be written in the protected memory block, perform an authentication operation on the protected memory block using a host message authentication code included in the host side protection message, and store data from the host according to a result of the authentication operation.

Abstract: Multiple types of tokens can be generated and utilized in a highly structured document with freeform text. For example, a tokenization system may receive a request for tokenizing a document with a first portion having structured content and a second portion having unstructured or semi-structured content. In response, the tokenization system identifies sensitive information in the first portion of the document, generates format-preserving tokens for the sensitive information in the first portion of the document, identifies sensitive information in the second portion of the document, and generates self-describing tokens for the sensitive information in the second portion of the document. The self-describing tokens reference the sensitive information in the first portion of the document. The tokenization system may then communicate the format-preserving tokens and the self-describing tokens to the first client computing system or to a second client computing system.

Abstract: A method for accessing one or more service processes of service includes executing at least one service enclave and executing an enclave sandbox that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel to the at least one service enclave interfacing with the one or more service processes, and communicate program calls to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.

Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).

Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.

Abstract: A method for execution by one or more processing modules of one or more computing devices of a storage network, the method comprises receiving a data object for processing, determining whether the data object is to be transferred to one or more remote storage location, determining whether one or more legal restrictions are associated with the data object. Based on a determination that one or more legal restrictions are associated with the data object, the method continues by determining whether the one or more legal restrictions allow transfer of the data object to a storage unit of the one or more remote storage locations. The method continues by segmenting the data object into a plurality of data segments, dispersed error encoding a data segment of the plurality of data segments in accordance with dispersed error encoding parameters to produce a set of encoded data slice and transmitting a write requests for an encoded data slice of the set of encoded data slices to the storage location for processing.

Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.