Abstract: The systems, methods and apparatuses described herein provide a chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a circuit with permanently and irreversibly changeable state and circuit components configured to receive and process a first message, and receive a second message. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material. The circuit components may be further configured to ignore the second command if the circuit has permanently and irreversibly changed its state to prevent responding to requests to increase the number tracking amount of dispensable material.

Abstract: A chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a key storage for storing an encryption key, a signature verification module and circuit components. The circuit components may be configured to receive and process a first message, receive and validate a second message, and update the amount of dispensable material if the validation of the second message succeeds. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material, and may be validated using the signature validation module and the encryption key.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: A chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a key storage for storing an encryption key, a signature verification module and circuit components. The circuit components may be configured to receive and process a first message, receive and validate a second message, and update the amount of dispensable material if the validation of the second message succeeds. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material, and may be validated using the signature validation module and the encryption key.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: A chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a key storage for storing an encryption key, a signature verification module and circuit components. The circuit components may be configured to receive and process a first message, receive and validate a second message, and update the amount of dispensable material if the validation of the second message succeeds. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material, and may be validated using the signature validation module and the encryption key.

Abstract: The systems, methods and apparatuses described herein permit encrypted media content to be displayed by an apparatus for a restricted time period. The apparatus may comprise a communication interface configured to couple to a controlling device to transmit a first nonce and to receive the encrypted media content and an association encryption envelope. The association encryption envelope may comprise at least a second nonce and a first time restriction expressed as a first time interval. The apparatus may further comprise a counter, a storage configured to store a value of the counter representing a time of when the first nonce is transmitted, and an engine configured to perform operations according to the first time restriction.

Abstract: The systems, methods and apparatuses described herein provide a chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a circuit with permanently and irreversibly changeable state and circuit components configured to receive and process a first message, and receive a second message. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material. The circuit components may be further configured to ignore the second command if the circuit has permanently and irreversibly changed its state to prevent responding to requests to increase the number tracking amount of dispensable material.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that manages root certificates. An apparatus according to the present disclosure may comprise a non-volatile storage storing a plurality of root certificates and a supervisor. The supervisor may be configured to receive a message identifying one of the plurality of root certificates stored in the non-volatile storage to be revoked, verify the message being signed by at least two private keys corresponding to two root certificates stored in the non-volatile storage and revoke the root certificate identified in the message.

Abstract: The systems, methods and apparatuses described herein provide a chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a circuit with permanently and irreversibly changeable state and circuit components configured to receive and process a first message, and receive a second message. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material. The circuit components may be further configured to ignore the second command if the circuit has permanently and irreversibly changed its state to prevent responding to requests to increase the number tracking amount of dispensable material.

Abstract: The systems, methods and apparatuses described herein provide an apparatus configured for preventing relay attacks on a communication link between the apparatus and a communication partner. The apparatus may comprise a communication port, a timer and a processor. The processor may be configured to generate a request, transmit the request through the communication link using the communication port and start counting time using the timer, receive a response via the communication port and stop the timer, receive authentication data via the communication port, authenticate the authentication data, compare the counted time with a predefined threshold, compare a first field within the request with a second field within the response and determine whether there is a relay attack.

Abstract: A system, an apparatus and a method for providing a secure computing environment may be provided. In one aspect, an apparatus may comprise a communication port and a computer processor coupled to the communication port. The computer processor may be configured to initialize a hypervisor, establish a first virtual machine under control of the hypervisor and execute code for a secure zone on the first virtual machine. To execute code for the secure zone, the computer processor may be further configured to verify an administrative task and execute the administrative task, which may include: establish a connection with an administrator device, ensure that the administrator device is one of a set of intended administrator devices, receive a command through the connection with the administrator device and establish a second virtual machine under control of the hypervisor. The command may relate to executing a task on the second virtual machine.

Abstract: The systems, methods and apparatuses described herein provide a computing system for executing an antivirus software program. In one aspect, a non-transitory computer-readable medium may comprise an antivirus software program to be executed in a first virtual machine by a computer processor that supports multiple virtual machines. The antivirus software program may obtain access to a memory of a second virtual machine on the computer processor that supports multiple virtual machines, and use the access to the memory of the second virtual machine to monitor the memory of the second virtual machine and take a corrective action. In a further aspect, the corrective action may be to remove any malware found on a computer operating system that is running on the second virtual machine.

Abstract: A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: The systems, methods and apparatuses described herein provide a chip for a cartridge with dispensable material may be provided. In one aspect, the chip may comprise a non-volatile memory for storing a number tracking amount of dispensable material in the cartridge, a circuit with permanently and irreversibly changeable state and circuit components configured to receive and process a first message, and receive a second message. The first message may comprise a first command and an operation input value for a print job at the cartridge, and to process the first message may comprise decreasing the amount of dispensable material. The second message may comprise a second command to increase the amount of dispensable material. The circuit components may be further configured to ignore the second command if the circuit has permanently and irreversibly changed its state to prevent responding to requests to increase the number tracking amount of dispensable material.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a message from the communication partner via the communication port, send a response to the message to the communication partner, generate a secondary value that includes a selected portion of the message and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.

Abstract: The systems, methods and apparatuses described herein provide a virtual integrated circuit card (ICC). In one aspect, a method of creating a virtual ICC may be provided. The method may comprise obtaining executable code configured to run on a user device to facilitate financial transactions, preparing a first encryption key usable by the executable code, receiving a second encryption key associated with the user device, forming a virtual ICC comprising the executable code and the first encryption key, and encrypting the virtual ICC with the second encryption key. In another aspect, a virtual ICC may be embodied on a non-transitory computer-readable medium. The virtual ICC may comprise executable code configured to run on a user device to facilitate financial transactions and a first encryption key usable by the executable code. The virtual ICC may be encrypted using a second encryption key associated with the user device.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a request from the communication partner via the communication port, send a response to the request to the communication partner, generate a secondary value that includes a selected portion of the request and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.