Abstract: A method, device, and computer-readable medium for provisioning a networked device with digital security credentials, including receiving a first digital certificate of a secure component associated with the networked device; extracting a public key of from the first digital certificate, the public key and a corresponding private key being stored in the secure component for asymmetric cryptography; receiving a product identifier and a vendor identifier associated with the secure component from a first user device; generating a second digital certificate based on the public key of the secure component, the product identifier, and the vendor identifier; and transmitting the second digital certificate to the networked device associated with the secure component, the networked device being configured to generate a device commissioning request based on the second digital certificate and the private key of the secure component.

Abstract: A computer-implemented method for use by a client device is provided. The client device comprises a memory and is configured to send data according to a cryptographic protocol that uses a key. The method comprises: generating a data unit and a seed related to the data unit; generating a measurement result of the client device related to the seed; generating an attestation key based on the measurement result and a key that is agreed in accordance with the cryptographic protocol; encrypting the data unit at least in part based on the attestation key; and generating an output comprising the encrypted data unit. Related methods for use by a server device and a network component, and related client device, server device and network component are also provided.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly lmv bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.

Abstract: The present disclosure proposes method and systems for establishing secure communication session(s) between a first device and a second device, where the first device operates in a user network and implements a first key exchange protocol for secure communication. The second device is capable of communicating with the first device over a wireless communication network. The second device implements a second key exchange protocol that is different to the first key exchange protocol for secure communication. A proxy entity configured for implementing the first and the second key exchange protocols for secure communication is provided. The proxy entity is configured for generating and/or provisioning one or more session keys for the first and the second devices using the key exchange protocols specific to each device for establishing secure communication between the first and second device based on the generated session key(s).

Abstract: A method for automated authorization within a restricted perimeter, comprising receiving, via processing circuitry, a digital credential of a first device, a location of the first device within the restricted perimeter, and an image of an area within the restricted perimeter; verifying the digital credential; identifying a presence of an occupant in the image; associating the occupant with the digital credential and the location of the first device based on the image; and authorizing the occupant based on the digital credential and the location of the first device.

Abstract: The disclosure relates to a method for sealing into a device (1) device information, which enable the secure functions of the device (1), managed by a RoT (2) of the device (1) by the security owner, furthermore to bootstrap the device (1) to a system (10) and to finally authenticate the combination of RoT (2) and device information in the device (1). This method has the minimum impact on the device (1) production flow.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly lmv bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: The present disclosure proposes method and systems for establishing secure communication session (s) between a first device and a second device, where the first device operates in a user network and implements a first key exchange protocol for secure communication. The second device is capable of communicating with the first device over a wireless communication network. The second device implements a second key exchange protocol that is different to the first key exchange protocol for secure communication. A proxy entity configured for implementing the first and the second key exchange protocols for secure communication is provided. The proxy entity is configured for generating and/or provisioning one or more session keys for the first and the second devices using the key exchange protocols specific to each device for establishing secure communication between the first and second device based on the generated session key(s).

Abstract: A method for notifying at least one client module implemented in a wireless device communicatively connected to a wireless communications network that respective specific data are available in a service module implemented in a server communicatively connected to the wireless communications network. According to the method, a notification client device implemented in the wireless device executes: receiving a notification, sent by a notification service device implemented in a server communicatively connected to the wireless network, including information that, for at least one client module, respective specific data are available in a server communicatively connected to the wireless communications network, and notifying the at least one client module that respective specific data are available in a server.

Abstract: A method of controlling access to sensor data includes of: generating sensor data, and protecting the sensor data to generate protected sensor data; and transmitting the protected sensor data to a device for storage; receiving, by the sensor: access control data defining one or more operations which the device is permitted to execute on the protected sensor data; determining by the sensor, based on the access control data, an operation which the device is permitted to execute on the protected sensor data; enabling the device to execute the permitted operation on the protected sensor data.

Abstract: In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly Imv bandwidth for transfer of keys for execution of the respective application on the device.

Abstract: A consumable can be used to securely send data to devices. A security platform can produce a consumable, for example an ink cartridge, with data to be uploaded onto a device, such as a printer. If the consumable and device can perform a successful authentication, broadcast data can be delivered to the device via the consumable. Such techniques can help ensure that authentic consumables are being used in authentic devise. Further, such techniques can enable a licensing model where different consumables can be configured with different data to enable or disable different features of the device.

Abstract: In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.

Abstract: The present invention relates to a system for rendering a content, the rendering of which is subject to conditional access security conditions. A system is described, comprising a host device and a detachable security device, the security device configured to decrypt the encrypted content, re-encrypt it under a local key and to deliver the re-encrypted content to the host device while ensuring that the host device applies or otherwise enforces any conditions associated with the rendering of the content.

Abstract: A secure element has a secure processor for securely processing the digital information stored in a memory external to the secure element, and a loading and pre-processing system configured to load the digital information from the external memory into the secure element, and pre-process said digital information by executing a cryptographic algorithm before processing said digital information by the secure processor. The system reads a version number of the digital information that has been loaded, from an internal memory of the secure element, and uses said version number in executing the cryptographic algorithm.

Abstract: A method is provided in which digital information is stored in a plurality of segments in an external memory. The method is performed by a processing device and comprises the steps of loading a first integrity table containing a plurality of first integrity elements respectively authenticating the plurality of segments of digital information, and an associated digital signature of the plurality of first integrity elements, from the external memory; verifying the digital signature associated with the first integrity table, and loading segments of digital information in a protected form from the external memory to the processing device.

Abstract: A method to transfer a video stream from a host device comprising a controller configured for bulk transfers to a descrambling device, comprises: forming a chain out transfer comprising a chain out header linked with multiple chain out descriptors, the first chain out descriptor pointing to an out description packet containing at least one producer ID, the second and subsequent chain out descriptor pointing to chunks from the video stream, the last chain out descriptor being configured to generate an interrupt; forming a chain in transfer comprising a chain in header linked with a plurality of chain in descriptors, each chain in descriptor pointing to a descrambled chunk; requesting the controller to process the chain; receiving the description packet by the descrambling device and using key data associated with the chunks to descramble them; receiving by the controller the descrambled chunks and triggering an interrupt on the last chunk.

Abstract: The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly Imv bandwidth for transfer of keys for execution of the respective application on the device.