Abstract: The systems, methods and apparatuses described herein provide a virtual integrated circuit card (ICC). In one aspect, a method of creating a virtual ICC may be provided. The method may comprise obtaining executable code configured to run on a user device to facilitate financial transactions, preparing a first encryption key usable by the executable code, receiving a second encryption key associated with the user device, forming a virtual ICC comprising the executable code and the first encryption key, and encrypting the virtual ICC with the second encryption key. In another aspect, a virtual ICC may be embodied on a non-transitory computer-readable medium. The virtual ICC may comprise executable code configured to run on a user device to facilitate financial transactions and a first encryption key usable by the executable code. The virtual ICC may be encrypted using a second encryption key associated with the user device.

Abstract: The systems, methods and apparatuses described herein provide a virtual integrated circuit card (ICC). In one aspect, a method of creating a virtual ICC may be provided. The method may comprise obtaining executable code configured to run on a user device to facilitate financial transactions, preparing a first encryption key usable by the executable code, receiving a second encryption key associated with the user device, forming a virtual ICC comprising the executable code and the first encryption key, and encrypting the virtual ICC with the second encryption key. In another aspect, a virtual ICC may be embodied on a non-transitory computer-readable medium. The virtual ICC may comprise executable code configured to run on a user device to facilitate financial transactions and a first encryption key usable by the executable code. The virtual ICC may be encrypted using a second encryption key associated with the user device.

Abstract: The systems, methods and apparatuses described herein provide a virtual integrated circuit card (ICC). In one aspect, a method of creating a virtual ICC may be provided. The method may comprise obtaining executable code configured to run on a user device to facilitate financial transactions, preparing a first encryption key usable by the executable code, receiving a second encryption key associated with the user device, forming a virtual ICC comprising the executable code and the first encryption key, and encrypting the virtual ICC with the second encryption key. In another aspect, a virtual ICC may be embodied on a non-transitory computer-readable medium. The virtual ICC may comprise executable code configured to run on a user device to facilitate financial transactions and a first encryption key usable by the executable code. The virtual ICC may be encrypted using a second encryption key associated with the user device.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: The systems, methods and apparatuses described herein provide a virtual integrated circuit card (ICC). In one aspect, a method of creating a virtual ICC may be provided. The method may comprise obtaining executable code configured to run on a user device to facilitate financial transactions, preparing a first encryption key usable by the executable code, receiving a second encryption key associated with the user device, forming a virtual ICC comprising the executable code and the first encryption key, and encrypting the virtual ICC with the second encryption key. In another aspect, a virtual ICC may be embodied on a non-transitory computer-readable medium. The virtual ICC may comprise executable code configured to run on a user device to facilitate financial transactions and a first encryption key usable by the executable code. The virtual ICC may be encrypted using a second encryption key associated with the user device.

Abstract: A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.

Abstract: The systems, methods and apparatuses described herein provide an apparatus configured for preventing relay attacks on a communication link between the apparatus and a communication partner. The apparatus may comprise a communication port, a timer and a processor. The processor may be configured to generate a request, transmit the request through the communication link using the communication port and start counting time using the timer, receive a response via the communication port and stop the timer, receive authentication data via the communication port, authenticate the authentication data, compare the counted time with a predefined threshold, compare a first field within the request with a second field within the response and determine whether there is a relay attack.

Abstract: A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a request from the communication partner via the communication port, send a response to the request to the communication partner, generate a secondary value that includes a selected portion of the request and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: The systems, methods and apparatuses described herein provide a computing environment for completing a secure transaction. An apparatus according to the present disclosure may comprise a screen, a first switching device coupled to the screen, an input device, a second switching device coupled to the input device, a non-secure processor, a secure processor and a credit card reader operatively coupled to the secure processor. The non-secure processor may generate a message containing a purchase transaction request. The secure processor may receive the message, assume control of the screen and input device while the apparatus is operating in a secure mode, establish a secure connection with a server, receive payment information to be submitted to the server, digitally sign certain transaction information and submit the digitally signed certain transaction information to the server to complete the secure transaction.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: A chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a key storage for storing an encryption key, a signature verification module and circuit components. The circuit components may be configured to receive and process a first message, receive and validate a second message, and update the amount of dispensable material if the validation of the second message succeeds. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material, and may be validated using the signature validation module and the encryption key.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: The systems, methods and apparatuses described herein provide a chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a circuit with permanently and irreversibly changeable state and circuit components configured to receive and process a first message, and receive a second message. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material. The circuit components may be further configured to ignore the second command if the circuit has permanently and irreversibly changed its state to prevent responding to requests to increase the number tracking amount of dispensable material.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a request from the communication partner via the communication port, send a response to the request to the communication partner, generate a secondary value that includes a selected portion of the request and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.

Abstract: A chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a key storage for storing an encryption key, a signature verification module and circuit components. The circuit components may be configured to receive and process a first message, receive and validate a second message, and update the amount of dispensable material if the validation of the second message succeeds. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material, and may be validated using the signature validation module and the encryption key.