Abstract: In one example, a circuit includes a secure chip storing one of an enclave of key values linked to an update code; a memory to store an updatable data set including the update value which corresponds to and is revised with the update code; and a logic circuit. The logic circuit is to: provide a key value, based to a revision to the update code, from among the enclave of key values, generate an authentication tag as a function of the provided key value, use the authentication tag to verify that the updatable data set is valid and up to date before using the updatable data set in an application specified for the updatable data set, and update the data set by storing a replacement updatable data set in the memory circuit and including, in the replacement updatable data set, a revised update value which corresponds to a revised update code that is used to provide another key value from among the enclave of key values.

Abstract: An automotive security apparatus, comprising: a security-terminal, configured to receive security-location-information representative of a location of the automotive security apparatus or a vehicle key; and a vehicle-location-terminal, configured to receive vehicle-location-information representative of a location of a vehicle, a processor, configured to compare the security-location-information with the vehicle-location-information, and determine a security-condition-signal based on whether the location of the automotive security apparatus or the vehicle key is inside or outside of a predetermined-proximity of the location of the vehicle; and an output-terminal, configured to provide the security-condition-signal.

Abstract: In order to reduce latency of elliptical curve digital signature generation a portion of the digital signature is pre-calculated before receipt of the message hash using an unmodified ECDSA computing engine. After the message hash is received, the digital signature is completed without using the ECDSA computing engine. Applications include generating digital signatures for the safety messages in Intelligent Transport Systems.

Abstract: An automotive security apparatus, comprising: a security-terminal, configured to receive security-location-information representative of a location of the automotive security apparatus or a vehicle key; and a vehicle-location-terminal, configured to receive vehicle-location-information representative of a location of a vehicle, a processor, configured to compare the security-location-information with the vehicle-location-information, and determine a security-condition-signal based on whether the location of the automotive security apparatus or the vehicle key is inside or outside of a predetermined-proximity of the location of the vehicle; and an output-terminal, configured to provide the security-condition-signal.

Abstract: There is disclosed a portable security device for securing a data exchange between a host device and a remote device, said portable security device comprising a processing unit, a secure element and a data interface, wherein: the secure element is arranged to store an encryption key and a decryption key; the processing unit is arranged to control the encryption of data to be transmitted from the host device to the remote device, wherein said encryption is performed using said encryption key; the processing unit is further arranged to control the decryption of data transmitted from the remote device to the host device, wherein said decryption is performed using said decryption key. Furthermore, a corresponding method for securing a data exchange between a host device and a remote device using a portable security device is disclosed, as well as a corresponding computer program product.

Abstract: One example discloses a system for filtering digital certificates within a communications network, comprising: a first set of network-nodes, having a first attribute and a respective first set of digital certificates; a second set of network-nodes, having a second attribute and a respective second set of digital certificates; and a digital certificate authority, having a digital certificate validity list which includes the first and second sets of digital certificates; wherein the certificate authority filters the validity list based on the first attribute and transmits the filtered validity list to the first set of network nodes. Another example discloses a method for filtering digital certificates, comprising: maintaining a digital certificate validity list; identifying a set of network-nodes, having an attribute; filtering the validity list based on the attribute; and transmitting the filtered validity list to the set of network-nodes.

Abstract: According to an aspect of the invention, an aggregator node is conceived for use in a network, wherein said aggregator node is arranged to aggregate encrypted data, and wherein said aggregator node comprises a secure element which is arranged to perform the aggregation of the encrypted data in a secure manner.

Abstract: A method for controlling a controlled device is disclosed, wherein the controlled device has a host connection to an RFID tag, the method comprising the following steps: (s1) the controlled device writes operational parameters to the RFID tag through the host connection; (s2) a user interaction device reads the operational parameters from the RFID tag through an RFID connection; (s3) a user changes the operational parameters via a user interface comprised in the user interaction device; (s4) the user interaction device writes the operational parameters to the RFID tag through the RFID connection; (s5) the controlled device reads the operational parameters from the RFID tag through the host connection and adapts its behavior based on the operational parameters. Furthermore, a corresponding controlled device, a user interaction device and a computer program product are disclosed.

Abstract: A data processing system is conceived, which comprises at least two security levels and key material stored at a specific one of said security levels, wherein the key material is tagged with a minimum security level at which the key material may be stored.

Abstract: One example discloses a system for filtering digital certificates within a communications network, comprising: a first set of network-nodes, having a first attribute and a respective first set of digital certificates; a second set of network-nodes, having a second attribute and a respective second set of digital certificates; and a digital certificate authority, having a digital certificate validity list which includes the first and second sets of digital certificates; wherein the certificate authority filters the validity list based on the first attribute and transmits the filtered validity list to the first set of network nodes. Another example discloses a method for filtering digital certificates, comprising: maintaining a digital certificate validity list; identifying a set of network-nodes, having an attribute; filtering the validity list based on the attribute; and transmitting the filtered validity list to the set of network-nodes.

Abstract: There is disclosed a transaction execution system comprising a server, wherein: the server is arranged to receive, from a mobile device, a first barcode; the server is further arranged to provide, in response to receiving said first barcode, data for a second barcode to the mobile device; the server is further arranged to receive, from the mobile device, a second barcode corresponding to said data; the server is further arranged to validate the second barcode and to execute said transaction if it has positively validated the second barcode. Furthermore, a corresponding transaction execution method and a corresponding computer program product are disclosed.

Abstract: There is disclosed a security token for use in a transaction execution system, the security token being connectable to a user interface device and to a host device, the security token being arranged to: receive a transaction verification input from the user interface device; process the transaction verification input and generate a corresponding transaction verification result; transmit the transaction verification result to the host device, and the security token comprising a secure element which is arranged to facilitate processing of the transaction verification input. Furthermore, a method for executing a transaction using a security token is disclosed, as well as a corresponding computer program product.

Abstract: There is disclosed a portable security device for securing a data exchange between a host device and a remote device, said portable security device comprising a processing unit, a secure element and a data interface, wherein: the secure element is arranged to store an encryption key and a decryption key; the processing unit is arranged to control the encryption of data to be transmitted from the host device to the remote device, wherein said encryption is performed using said encryption key; the processing unit is further arranged to control the decryption of data transmitted from the remote device to the host device, wherein said decryption is performed using said decryption key. Furthermore, a corresponding method for securing a data exchange between a host device and a remote device using a portable security device is disclosed, as well as a corresponding computer program product.

Abstract: In order to reduce latency of elliptical curve digital signature generation a portion of the digital signature is pre-calculated before receipt of the message hash using an unmodified ECDSA computing engine. After the message hash is received, the digital signature is completed without using the ECDSA computing engine. Applications include generating digital signatures for the safety messages in Intelligent Transport Systems.

Abstract: According to an aspect of the invention, an aggregator node is conceived for use in a network, wherein said aggregator node is arranged to aggregate encrypted data, and wherein said aggregator node comprises a secure element which is arranged to perform the aggregation of the encrypted data in a secure manner.

Abstract: A method for controlling a controlled device is disclosed, wherein the controlled device has a host connection to an RFID tag, the method comprising the following steps: (s1) the controlled device writes operational parameters to the RFID tag through the host connection; (s2) a user interaction device reads the operational parameters from the RFID tag through an RFID connection; (s3) a user changes the operational parameters via a user interface comprised in the user interaction device; (s4) the user interaction device writes the operational parameters to the RFID tag through the RFID connection; (s5) the controlled device reads the operational parameters from the RFID tag through the host connection and adapts its behavior based on the operational parameters. Furthermore, a corresponding controlled device, a user interaction device and a computer program product are disclosed.