Abstract: The systems, methods and apparatuses described herein provide a computing environment for completing a secure transaction. An apparatus according to the present disclosure may comprise a screen, a first switching device coupled to the screen, an input device, a second switching device coupled to the input device, a non-secure processor, a secure processor and a credit card reader operatively coupled to the secure processor. The non-secure processor may generate a message containing a purchase transaction request. The secure processor may receive the message, assume control of the screen and input device while the apparatus is operating in a secure mode, establish a secure connection with a server, receive payment information to be submitted to the server, digitally sign certain transaction information and submit the digitally signed certain transaction information to the server to complete the secure transaction.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a request from the communication partner via the communication port, send a response to the request to the communication partner, generate a secondary value that includes a selected portion of the request and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.

Abstract: A chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a key storage for storing an encryption key, a signature verification module and circuit components. The circuit components may be configured to receive and process a first message, receive and validate a second message, and update the amount of dispensable material if the validation of the second message succeeds. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material, and may be validated using the signature validation module and the encryption key.

Abstract: The systems, methods and apparatuses described herein provide an apparatus configured for preventing relay attacks on a communication link between the apparatus and a communication partner. The apparatus may comprise a communication port, a timer and a processor. The processor may be configured to generate a request, transmit the request through the communication link using the communication port and start counting time using the timer, receive a response via the communication port and stop the timer, receive authentication data via the communication port, authenticate the authentication data, compare the counted time with a predefined threshold, compare a first field within the request with a second field within the response and determine whether there is a relay attack.

Abstract: A system, an apparatus and a method for providing a secure computing environment may be provided. In one aspect, an apparatus may comprise a communication port and a computer processor coupled to the communication port. The computer processor may be configured to initialize a hypervisor, establish a first virtual machine under control of the hypervisor and execute code for a secure zone on the first virtual machine. To execute code for the secure zone, the computer processor may be further configured to verify an administrative task and execute the administrative task, which may include: establish a connection with an administrator device, ensure that the administrator device is one of a set of intended administrator devices, receive a command through the connection with the administrator device and establish a second virtual machine under control of the hypervisor. The command may relate to executing a task on the second virtual machine.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: The systems, methods and apparatuses described herein provide an apparatus configured for preventing relay attacks on a communication link between the apparatus and a communication partner. The apparatus may comprise a communication port, a timer and a processor. The processor may be configured to generate a request, transmit the request through the communication link using the communication port and start counting time using the timer, receive a response via the communication port and stop the timer, receive authentication data via the communication port, authenticate the authentication data, compare the counted time with a predefined threshold, compare a first field within the request with a second field within the response and determine whether there is a relay attack.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: The systems, methods and apparatuses described herein provide an apparatus configured for preventing relay attacks on a communication link between the apparatus and a communication partner. The apparatus may comprise a communication port, a timer and a processor. The processor may be configured to generate a request, transmit the request through the communication link using the communication port and start counting time using the timer, receive a response via the communication port and stop the timer, receive authentication data via the communication port, authenticate the authentication data, compare the counted time with a predefined threshold, compare a first field within the request with a second field within the response and determine whether there is a relay attack.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a request from the communication partner via the communication port, send a response to the request to the communication partner, generate a secondary value that includes a selected portion of the request and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.

Abstract: The systems, methods and apparatuses described herein permit encrypted media content to be displayed by a display device under control of a local device. The local device may comprise a computer processor to control playing of the encrypted media content and a first communication interface to transmit an association encryption envelope and, according to the control, the encrypted media content. The display device may comprise a second communication interface coupled to the first interface to receive the encrypted media content and the association encryption envelope, a decryption engine to decrypt the association encryption envelope using a private key of the display device to recover a symmetric encryption key used to encrypt the encrypted media content and decrypt the encrypted media content using the recovered symmetric encryption key, and a decoder to decode the decrypted media content for display on a display screen according to the control.

Abstract: The systems, methods and apparatuses described herein provide a chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a circuit with permanently and irreversibly changeable state and circuit components configured to receive and process a first message, and receive a second message. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material. The circuit components may be further configured to ignore the second command if the circuit has permanently and irreversibly changed its state to prevent responding to requests to increase the number tracking amount of dispensable material.

Abstract: A chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a key storage for storing an encryption key, a signature verification module and circuit components. The circuit components may be configured to receive and process a first message, receive and validate a second message, and update the amount of dispensable material if the validation of the second message succeeds. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material, and may be validated using the signature validation module and the encryption key.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: The systems, methods and apparatuses described herein provide an apparatus configured for preventing relay attacks on a communication link between the apparatus and a communication partner. The apparatus may comprise a communication port, a timer and a processor. The processor may be configured to generate a request, transmit the request through the communication link using the communication port and start counting time using the timer, receive a response via the communication port and stop the timer, receive authentication data via the communication port, authenticate the authentication data, compare the counted time with a predefined threshold, compare a first field within the request with a second field within the response and determine whether there is a relay attack.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a request from the communication partner via the communication port, send a response to the request to the communication partner, generate a secondary value that includes a selected portion of the request and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.

Abstract: The systems, methods and apparatuses described herein provide a computing system for executing an antivirus software program. In one aspect, a non-transitory computer-readable medium may comprise an antivirus software program to be executed in a first virtual machine by a computer processor that supports multiple virtual machines. The antivirus software program may obtain access to a memory of a second virtual machine on the computer processor that supports multiple virtual machines, and use the access to the memory of the second virtual machine to monitor the memory of the second virtual machine and take a corrective action. In a further aspect, the corrective action may be to remove any malware found on a computer operating system that is running on the second virtual machine.