Abstract: The systems, methods and apparatuses described herein provide a computing device that is configured to attest itself to a communication partner. In one aspect, the computing device may comprise a communication port configured to receive an attestation request from the communication partner, and an application-specific integrated circuit (ASIC). The ASIC may be configured to receive the attestation request from the communication port. The attestation request may include a nonce generated at the communication partner. The ASIC may be further generate a verification value and send the verification value to the communication port to be transmitted back to the communication partner. The verification value may be a computation result of a predefined function taking the nonce as an initial value. In another aspect, the communication partner is configured to attest the computing device using speed of computation attestation.

Abstract: The systems, methods and apparatuses described herein provide a system for accessing data stored securely external of a computer processor. In one aspect, the computer processor may comprise a central processing unit (CPU) and a memory controller. The memory controller may comprise a storage to store a key, a first set of circuitry and a security module. The first set of circuitry may be configured to receive a request for a piece of data from the CPU, determine that the requested piece of data needs to be read from an external storage stored in a secured format and read the piece of data from the external storage in the secured format. The security module may be configured to perform at least one of authentication and decryption on the piece of data in the secured format using the key stored in the storage.

Abstract: The systems, methods and apparatuses described herein provide a computing device configured for ensuring its proximity to a communication partner. In one aspect, the computing device may comprise a communication port and a processor. The processor may be configured to receive a message from the communication partner via the communication port, send a response to the message to the communication partner, generate a secondary value that includes a selected portion of the message and a selected portion of the response, generate authenticating data to authenticate the secondary value and send the generated secondary value and authenticating data to the communication partner via the communication port. In another aspect, the communication partner is configured to ensure proximity of the computing device.

Abstract: A system including a source display, externally updatable, an image compression algorithm database, a network connection, and a frame transfer engine. The algorithm database comprises a plurality of image compression algorithms. The frame transfer engine is configured to receive a plurality of updates made to the source display, store at least some of the updates in a queue, and select, based on a bandwidth of the network connection, a size of the update, and sizes and times of updates currently present in the queue, an image compression algorithm in the algorithm database for current transfer over the network connection.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: The systems, methods and apparatuses described herein provide a footwear hydraulic system for harvesting power generated by pressing a foot on a surface and providing a cushion for the impact. In certain aspects, a hydraulic system for a footwear may comprise at least one chamber with a first and second compartments separated by an elastic membrane. The first compartment may be filled with gas and the second compartment may be filled with liquid. The gas may provide impact cushion and transient energy storage, and the liquid may pressured to push a generator to produce energy. The pressure may be generated by pressing the footwear on a surface and/or the elastic membrane of the chamber trying to restore its shape.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that manages private key storage. An apparatus according to the present disclosure may comprise a first non-volatile storage for storing a private root key for signing digital certificates, an input device for receiving manual input from an operator, a communication interface consisting of a one-way transmitter for transmitting information from the apparatus, and a processor. The processor may be configured to retrieve the private root key from the first non-volatile storage, receive information for a new digital certificate through the input device, generate the new digital certificate according to the received information, sign the new digital certificate using the private root key and transmit the new digital certificate from the apparatus using the transmitter.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that manages root certificates. An apparatus according to the present disclosure may comprise a non-volatile storage storing a plurality of root certificates and a supervisor. The supervisor may be configured to receive a message identifying one of the plurality of root certificates stored in the non-volatile storage to be revoked, verify the message being signed by at least two private keys corresponding to two root certificates stored in the non-volatile storage and revoke the root certificate identified in the message.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that manages application specific identification of devices. An apparatus according to the present disclosure may comprise a non-volatile storage storing identifier (ID) base data and a processor. The processor may be configured to validate a certificate of an application being executed on the apparatus. The certificate may contain a code signer ID for a code signer of the application. The processor may further be configured to receive a request for a unique ID of the application, generate the unique ID from the code signer ID and the ID base data and return the generated unique ID.

Abstract: Methods, computer devices, and computer readable media containing instructions for executing such methods are provided for the modification of digital images having a plurality of visual elements.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: The systems, methods and apparatuses described herein provide a computing environment for authenticating a user. An apparatus according to the present disclosure may comprise a non-volatile storage, a user interface, and a password engine. The password engine is configured to retrieve two or more predetermined prompts from the non-volatile storage, present the two or more predetermined prompts on the user interface to a user in a random order, receive a first set of input(s) in response to the two or more predetermined prompts, create an encryption keyword from the received first set of input(s) according to an original order of the two or more predetermined prompts stored in the non-volatile storage, and use the encryption keyword to authenticate the user.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes a secure zone for executing tasks. An apparatus according to the present disclosure may comprise a screen, a secure zone and an indicator operatively controlled by the secure zone. The secure zone may be configured to execute a task and to assume control over an output to the screen while the apparatus is operating in a secure mode and to transfer control over the output to the screen to a non-secure zone while the apparatus is operating in a non-secure mode.

Abstract: The systems, methods and apparatuses described herein permit encrypted media content to be processed by a plurality of media processing blocks before being displayed on a screen. An apparatus according to the present disclosure may comprise a communication interface to receive an encrypted, encoded media stream, a first and second media processing blocks, and a screen for displaying decoded media stream. The first media processing block may decrypt the encrypted, encoded media stream to obtain the encoded media stream using a first key, decode the encoded media stream and encrypt the decoded media stream using a second key before transmitting it to the second media processing block. The second media processing block may decrypt the media stream using the second key and process the media stream using a screen controller before transmitting the media stream to the screen.

Abstract: The systems, methods and apparatuses described herein provide a computing environment for completing a secure transaction. An apparatus according to the present disclosure may comprise a screen, a first switching device coupled to the screen, an input device, a second switching device coupled to the input device, a non-secure processor, a secure processor and a credit card reader operatively coupled to the secure processor. The non-secure processor may generate a message containing a purchase transaction request. The secure processor may receive the message, assume control of the screen and input device while the apparatus is operating in a secure mode, establish a secure connection with a server, receive payment information to be submitted to the server, digitally sign certain transaction information and submit the digitally signed certain transaction information to the server to complete the secure transaction.

Abstract: The systems, methods and apparatuses described herein permit encrypted media content to be displayed by a display device under control of a local device. The local device may comprise a computer processor to control playing of the encrypted media content and a first communication interface to transmit an association encryption envelope and, according to the control, the encrypted media content. The display device may comprise a second communication interface coupled to the first interface to receive the encrypted media content and the association encryption envelope, a decryption engine to decrypt the association encryption envelope using a private key of the display device to recover a symmetric encryption key used to encrypt the encrypted media content and decrypt the encrypted media content using the recovered symmetric encryption key, and a decoder to decode the decrypted media content for display on a display screen according to the control.

Abstract: The systems, methods and apparatuses described herein permit encrypted media content to be displayed by an apparatus for a restricted time period. The apparatus may comprise a communication interface configured to couple to a controlling device to transmit a first nonce and to receive the encrypted media content and an association encryption envelope. The association encryption envelope may comprise at least a second nonce and a first time restriction expressed as a first time interval. The apparatus may further comprise a counter, a storage configured to store a value of the counter representing a time of when the first nonce is transmitted, and an engine configured to perform operations according to the first time restriction.

Abstract: Methods, computer devices, and computer readable media containing instructions for executing such methods are provided for the modification of digital images having a plurality of visual elements.

Abstract: The systems, methods and apparatuses described herein permit the transmittal of digital media content from a source device to a target device. A source device represents media content as discrete elements, wherein each element embodies a separate layer of the media content. The source device creates visual objects corresponding to the elements, wherein each visual object includes one or more attributes including, but not limited to, a Z-order designation designating the element's layer with respect to the other elements of the media content. Each visual object can be managed and updated independently. A target receives the visual objects, reconstructs the media content, and displays the media content on a display.