Abstract: A file recovery method executed by a storage device among a plurality of storage devices is provided. The file recovery method includes: detecting that the storage device is compromised and deleting file slices and an original encryption key from the storage of the storage device; after the deleting, generating a new encryption key different from the original encryption key; and instantiating a file recovery method to obtain the previously stored file slices on the compromised storage device from other non-compromised storage devices and to distribute new file slices encrypted using the new encryption key to non-compromised storage devices storing file slices encrypted using the old encryption key of the comprised storage device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for jointly training an encoder that generates a watermark and a decoder that decodes a data item encoded within the watermark. The training comprises obtaining a plurality of training images and data items. For each training image, a first watermark is generated using an encoder and a subsequent second watermark is generated by tiling two or more first watermarks. The training image is watermarked using the second watermark to generate a first error value and distortions are added to the watermarked image. A distortion detector predicts the distortions based on which the distorted image is modified. The modified image is decoded by the decoder to generate a predicted data item and a second error value. The training parameters of the encoder and decoder are adjusted based on the first and the second error value.

Abstract: The present invention is a data protocol providing notarization of a data between two or more nodes on a content-addressable peer-to-peer storage network. A node generates a new data block, which is witnessed by peer nodes to increase the integrity of the data. Each peer node responds to the node's signature request with an encoded digital signature of the data using a private key. The node appends the signature from each witness node to the data block and then generates a cryptographic hash of the entire data block, which is used as the identity of the block.

Abstract: Methods and systems described in this disclosure electronically notarize a document. The system can receive biometric information from a user, extract characteristics from the biometric information, and compare the characteristics of the biometric information with previously stored characteristics of the user's biometric information. When the characteristics of the biometric information match the previously stored characteristics to a threshold, the system can create an identity of the user using the characteristics of the biometric information. The system can send a document to the user for cryptographic signature and receive an indication that the document has been signed. The cryptographic signature can be generated with a digest of the document, the identity, and a cryptographic key associated with the user. The system can inspect the digest of the document, the cryptographic key, and the identity associated with the document to verify authenticity of the document and the identity of the user.

Abstract: Embodiments of this application provide an information verification method, apparatus, and device. The method includes: sending a first message to a server that includes a target domain name and first indication information, which indicates a status of first verification information stored in a client, the first verification information is verification information generated based on multiple domain names and owner information of the multiple domain names, the first verification information verifies the owner information of the multiple domain names, and the multiple domain names include a target domain name; receiving a second message sent by the server based on the first message, where the second message indicates target first verification information, which is used by the client to verify owner information of the target domain name; and verifying the obtained owner information of the target domain name based on the second message.

Abstract: A memory system includes a nonvolatile memory and a controller. In a case where first encrypted data obtained by encrypting first data with a first DEK is stored in the nonvolatile memory, in response to determining that second data received based on a first write request from a host is the same as the first data and a first user uses the host, the controller encrypts the first DEK with a first KEK associated with the first user to acquire a first encrypted DEK, and stores the first encrypted DEK.

Abstract: Devices, systems, and methods enabling parties with little trust or no trust in each other to enter into and enforce value transfer agreements conditioned on input from or participation of a third party, over arbitrary distances, without special technical knowledge of the underlying transfer mechanism(s), optionally affording participation of third-party mediators, substitution of transferors and transferees, term substitution, revision, or reformation, etc. Such value transfers can occur reliably without involving costly third-party intermediaries who traditionally may otherwise be required, and without traditional exposure to counterparty risk.

Abstract: A method of creating secure endpoints on a network includes registering by a node using a random selection algorithm to choose which server to register to; receiving by the node a property set ID of a property set that the node is a member of; and authorizing by the node using the property set ID to look up its authorization details in the property set. A method of creating secure endpoints on a secure network having at least one community of interest, includes registering by a node using a random selection algorithm to choose which server to register to; receiving by the node a property set ID of a property set that the node is a member of; and authorizing by the node through an authorization server using the property set ID to look up its authorization details in the property set; wherein the node and the authorization server are a member of the at least one community of interest.

Abstract: This disclosure relates to field of cryptography and digital signatures. The constant theft of cryptocurrencies is due to compromise of the secret signing key inherently stored in a single location. Also, one of challenges in the existing ECDSA signature is single point failure, wherein the signing key (private key) is prone to theft. The disclosed technique overcomes the challenging in the existing techniques by party distributed signature that ensures the safety of the private key. The disclosed techniques slits the key in two parts and saves at two different locations/machines. Further based on a ECDSA based technique, the digital signature is obtained securely using several steps that includes generation of first two parts of digital signature at one party, generation of the second two parts of digital signature at second party, finally decrypting a complete digital signature at the first party.

Abstract: Cross-channel user authentication is provided, to increase resilience of a computerized system to cyber-attacks and to fraudulent transactions. In a demonstrative scenario, a user utilizes his web browser on his laptop computer to log-in to a web server; which in turn extracts the IP address of the laptop computer. The web server triggers an application server to send a Push Notification to a Mobile App that had been installed on a smartphone of that user who just logged in; and that Push Notification causes that smartphone to respond to the application server with the IP address of the smartphone. If the IP address of the computer is not identical to the IP address of the smartphone, then the servers determine that the log-in attempt on the computer was possibly fraudulent, and fraud mitigation operations are initiated. Optionally, geo-location data, device orientation data, device motion data, or other parameters are used as part of the cross-channel authentication process.

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: Apparatuses, systems, and techniques to generate a trusted execution environment including multiple accelerators. In at least one embodiment, a parallel processing unit (PPU), such as a graphics processing unit (GPU), operates in a secure execution mode including a protect memory region. Furthermore, in an embodiment, a cryptographic key is utilized to protect data during transmission between the accelerators.

Abstract: The invention relates to securing of a digital file content against forgery and falsifying, and particularly of digital data relating to its belonging to a specific batch of digital files, while allowing offline or online checking of the authenticity of a secured digital file and conformity of its digital data with respect to that of a genuine original digital file.

Abstract: The methods and system allow for the generation of a signcrypted biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The signcrypted biometric electronic signature token involves simultaneous encryption and digital signature to protect the confidentiality. The system as described herein provides data integrity, origin authentication, and efficiency by performing encryption and digital signature simultaneously. The process allows a signcrypting party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signcrypting party.

Abstract: Methods and systems for installing and running an application for a terminal are described. The method may include uploading an application to an application store. The method may also include downloading, by a terminal, the application from the application store, wherein the terminal is connected to the application store by a network. Furthermore, the method may include authorizing, by a terminal management server (TMS) coupled to the terminal and the application store via the network, the terminal to install and run the downloaded application.

Abstract: An AI system and a method of preventing capture of an AI module in the AI system is disclosed. The AI system includes an input interface, a signature verification module, an AI module configured to execute multiple AI models, a hash module, and a key generation module. A signature module and the key generation module provide an output to the user in response to a received input from the user. The AI module further includes an output interface configured to transmit an output response from the signature module to the user.

Abstract: An information processing system includes an array sensor with a pixel array having a plurality of one-dimensionally or two-dimensionally arranged pixels including a light-receiving element that receives visible or non-visible light, a hash value generator that generates a hash value from captured-image data based on a photoelectric conversion performed by the pixel array, and an encryption processing section that performs processing of encrypting the hash value; an acquisition section that acquires the captured-image data and the encrypted hash value; a decryption processing section that decrypts the acquired encrypted hash value; a hash value calculator that calculates a hash value from the acquired captured-image data; a hash value comparing section that compares the hash value obtained by the decryption with the calculated hash value; and a falsification determination section that determines whether the acquired captured-image data has been falsified, based on a comparison result of the hash values.

Abstract: A method for cryptographic signature of a datum comprises determining: a signature point equal to the addition of elements equal to a derived first point and of number equal to a first scalar; a second scalar by subtracting, from the product of the first scalar and of a selected scalar, the product of a third and of a fourth scalar; another signature point equal to the addition of elements equal to a selected point and of number equal to the second scalar, and of elements equal to a derived second point and of number equal to the fourth scalar; and a signature portion based on a private key, on the first scalar, on a coordinate of the signature point and on the datum. The derived first and second point are respectively equal to the addition of elements equal to a generator point and of number equal to a fifth and to the third scalar.

Abstract: There is provided a computer-implemented method for a first party to control permission for access to first party information to a second party while preserving privacy, the method comprising the following steps taken by the first party at first party computing apparatus: establishing with the second party a set of information classes for first party information to be provided to the second party and establishing permitted use for the first party information in the set of information classes; providing a first party consent to the permitted use for the first party information in the set of information classes, encrypting the first party consent for inspection limited to the first party and the second party, and providing the first party consent to the second party in a first party digitally signed consent grant structure for the second party to decrypt, validate and sign the first party consent and for a consent validating party to store the first and second party digitally signed consent grant structure on a

Abstract: A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the identity-based cryptosystem includes a transmitter trusted center connected to the transmitter device and a receiver trusted center connected to the receiver device. The transmitter device is configured to: receive, from the transmitter trusted center, two public authentication keys; check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; send the ciphertext set to the receiver device.

Abstract: Exemplary embodiments can identify the toxic PI combinations and flag these combinations for evaluation. Because organization policies on toxic PI combinations can constantly evolve, the system may be continuously updated with the latest policies. Exemplary embodiments may be used as part of an automated code review for application development and for monitoring of existing applications and programs. Thus, exemplary embodiments take the guesswork out of identifying risks in applications and programs by providing an automated tool that can scan and identify toxic combinations in accordance with various policies.

Abstract: An information processing apparatus is provided. The apparatus is configured to verify a native program stored in a first storage unit with reference to a correct value stored in advance in the first storage unit; and, when an additional program is stored in a second storage unit that is different from the first storage unit, storing a correct value corresponding to the additional program in the second storage unit. The information processing apparatus is further configured to verify the additional program with reference to the correct value stored in the second storage unit, in addition to verifying the native program stored in the first storage unit.

Abstract: A system and method are disclosed for encoding and decoding QR codes using proprietary compression codebooks to increase information density and provide data security. Public data is encoded using a standard codebook while private data uses a proprietary codebook. The encoded data is combined into a single QR code. Decoding extracts the public and private portions and decompresses them using the appropriate codebooks.

Abstract: A user device generates an initiate interaction request message comprising a state commitment. The user device provides the initiate interaction request message to a first server computer, which creates a verify state request message comprising an interaction index, an interaction index commitment, and a first commitment signature formed from the state commitment and the interaction index commitment. The user device receives the verify state request message, then generates a modified verify state request message comprising a user device public key, the state commitment, the interaction index commitment, and the first commitment signature. The user device provides the modified verify state request message to a second server computer. The second server computer verifies the state commitment, verifies the first commitment signature, and creates a second commitment signature formed from the state commitment and the interaction index commitment.

Abstract: One or more computing devices, systems, and/or methods for evaluating email activity and/or controlling, based upon the email activity, transmission of instructions associated with quality are provided. A first email, transmitted by an email account associated with an entity to a plurality of email accounts, may be identified. First activity associated with the first email may be detected. A first set of activity information associated with the first activity may be stored in an entity profile associated with the entity. The entity profile may comprise a plurality of sets of activity information associated with a plurality of emails transmitted by one or more email accounts associated with the entity. A quality score corresponding to the first entity may be generated based upon the entity profile. A notification may be generated based upon the quality score. The notification may be transmitted to the first client device.

Abstract: The disclosed technology provides solutions for performing a document validation process wherein physically present witnesses are required. In some aspects, a process of the disclosed technology includes steps for receiving geolocation data for a mobile device associated with a first user, receiving a signed electronic document via the first device, determining if the signed electronic document was properly executed by the first user, and if the signed electronic document was properly executed, providing a prompt to the first user, wherein the prompt is configured to request electronic contact address for a second device associated with a second user. In some aspects, the process can further include transmitting an authentication request to the second device associated with the second user, receiving geolocation data from the second device in response to the authentication request. Systems and machine-readable media are also provided.

Abstract: Embodiments described herein provide a design architecture for co-designing a controller and a watermarking signal for a cyber-physical system. During operation, the architecture can determine, in conjunction with each other, respective values of a first set of parameters indicating operations of the controller and a second set of parameters representing the watermarking signal. Here, the watermarking signal is combinable with a control signal from the controller for monitoring an output signal of the cyber-physical system for detecting malicious data at different time instances. Subsequently, the architecture can determine a state manager for determining the states of the cyber-physical system from the monitored output signal based on the first and second sets of parameters. The architecture can also determine a detector capable of identifying presence of an attack from the states of the cyber-physical system at a plurality of time instances using the watermarking signal.

Abstract: An information handling system may include at least one processor; and a computer-readable medium having instructions thereon that are executable by the at least one processor for: communicatively coupling to an electronic pen; receiving, from the electronic pen, stroke data indicative of content drawn by the user with the electronic pen; receiving, from the electronic pen, biometric data associated with a user of the electronic pen, wherein the biometric data is collected via one or more grip pads of the electronic pen contemporaneously with the content being drawn; receiving, from the electronic pen, timestamp data indicative of a time at which the content was drawn; and creating a cryptographic hash based on the stroke data, the biometric data, and the timestamp data.

Abstract: A data transmission method includes a step in which a first device generates a first encrypted packet by encrypting a packet addressed to a second device with an associated first encryption key. A device to be a transmission destination of the first encrypted packet is determined. A second encrypted packet is generated by encrypting the first encrypted packet with an associated second encryption key, and the second encrypted packet is transmitted to the determined device. The method includes determining another device and executing the transmission step if the decrypted first encrypted packet is not addressed to the device itself in the determination regarding whether or not the decrypted first encrypted packet is addressed to the device itself and of further decrypting the first encrypted packet if the decrypted first encrypted packet is addressed to the device itself.

Abstract: A method for providing images, comprising: performing authentication of an entity (1010);obtaining identity information of the entity based on the authentication (1020); obtaining one or more images associated with the entity based at least on the identity information of the entity (1030); and providing the one or more images, wherein each image in the one or more images is attached with a privacy label (1040).

Abstract: Techniques are presented to control the performance of a process conducted via a blockchain. The method comprises the steps of deriving a public-key-private key cryptographic pair for a portion of data related to a smart contract associated with an asset, wherein the smart contract is stored in a computer-based resource that is separate to the blockchain; deriving a signature for the portion of data using the public key-private key cryptographic pair; and codifying the portion of data to generate codified metadata for the data, wherein the codified metadata is arranged to reference or provide access to the smart contract; transmitting the codified metadata to the blockchain; and receiving a signature and a script from at least one user to enable access to embedded data, wherein the script comprises a public key of a signatory.

Abstract: A technique for selectively censoring sensitive information for presentation on a display of a computing device is disclosed. In some embodiments, the disclosed techniques may transmit the sensitive information after receiving an indication that the sensitive information is permitted to be displayed. In some embodiments, the sensitive information may be transmitted to an external device for viewing or listening by an authorized user.

Abstract: A method for the reliable provision of measurement data of at least one sensor of a smart meter in a decentralized transaction database. The method includes forming a measurement data set, which comprises measurement data recorded by the at least one sensor at least at one point in time, the meter digitally signing the measurement data set using a secret key; the meter transmitting the digitally signed measurement data set to a first protocol, which is implemented as a computer protocol executed in automated fashion on the transaction database, the verification protocol verifying the digitally signed measurement data set using a public key, which corresponds to the secret key; and, if the measurement data set is successfully verified, providing the measurement data set to at least one second protocol, which is implemented as a computer protocol executed in automated fashion on the transaction database.

Abstract: Systems and methods for creating fingerprints for devices are described herein. In various embodiments, the system includes a device management system operatively coupled to a merchant system. According to particular embodiments, the device management system: 1) receives a first payload correspond to a device from the merchant system, the first payload including data in a particular format; 2) creates a fingerprint for the device by parsing the first payload and creating a record of a section format for each of one or more distinct sections of the particular format; and 3) comparing a format of each subsequent payload that corresponds to the device to the fingerprint for the device to determine whether the device has been compromised.

Abstract: A method of sanitizing a media comprising a controller and a storage device, the method comprising executing, by the controller, a command to erase a data area and an internal area of the storage device, verifying, by the controller, that at least a portion of the data area and at least a portion of the internal area of the storage device has been erased, generating, by the server, a certificate of media sanitization (CoS) of the media, and registering, by the server, an entry representative of the CoS of the media in a distributed ledger or database. Here the storage device is configured to store data received from a host external to the storage device only in the data area, and the storage device is configured to store operational data in the internal area for the operation of the storage device.

Abstract: Implementations generally relate to a banking kit. In some implementations, a method includes creating at least one cloud account of a plurality of cloud accounts, where the at least one cloud account is associated with an end user. The method further includes storing user data associated with the end user in a database associated with the end user. The method further includes enabling a client device associated with the end user to access the cloud account. The method further includes enabling a bank server to access the cloud account.

Abstract: The system prepares PDF documents to be digitally populated or signed. The method may comprise converting a document into an image; detecting words on the document; searching the words for keywords; searching for an object on the document; determining an object field based on the keywords and the object; creating a tag with metadata about the object field; and associating the tag with the object field. The method may also comprise determining, by a processor, metadata about a document; creating, by the processor, a hash from the metadata; storing, by the processor, an association of the hash, the metadata and the document in a knowledge database; creating, by the processor, a new hash for a new document; comparing, by the processor, the hash with the new hash; and determining, by the processor, that the new document has similar characteristics as the document based on the comparing.

Abstract: A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.

Abstract: The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.

Abstract: An information processing device according to one embodiment of the present disclosure comprises a processor. The processor is configured to generate a distributed component aimed at a three dimensional printing task. The distributed component is used for controlling, independent of the information processing device, execution of the three dimensional printing task after establishing a connection with a user equipment, and comprises decryption information of three dimensional model data used for the three dimensional printing task. The processor is further configured to control the arrangement of the distributed component to the user equipment.

Abstract: A zero-watermarking method and device for BIM data, and a medium are provided, which relate to the field of watermarking information security technologies. Aiming at existing zero-watermarking method for the BIM data cannot resist primitive attacks, vertical stability of a model is used to construct a mapping relationship between primitive clusters and watermarking bits, calculate norms of primitives in each primitive cluster of the primitive clusters, take positivity and negativity of norm skewness measurement of the primitives as eigenvalues to construct a binary sequence, and performs an XOR process on the binary sequence and an original watermarking sequence to construct the zero-watermarking for the BIM data. Experimental results indicate that the zero-watermarking method has uniqueness, robustness and security.

Abstract: Systems and methods for implementing trusted clients using secure execution environments. An example method comprises: receiving, by a server, a measurement from a client application running in a secure execution environment implemented by a client computing device; responsive to validating the measurement, transmitting a first confidential data item to the client application running in the secure execution environment; receiving, from the client application running in the secure execution environment, a second confidential data item derived from a local state of the client application modified by the first confidential data item; and updating, in view of the second confidential data item, a local state of a server application.

Abstract: The system prepares PDF documents to be digitally populated or signed. The method may comprise converting a document into an image; detecting words on the document; searching the words for keywords; searching for an object on the document; determining an object field based on the keywords and the object; creating a tag with metadata about the object field; and associating the tag with the object field. The method may also comprise determining, by a processor, metadata about a document; creating, by the processor, a hash from the metadata; storing, by the processor, an association of the hash, the metadata and the document in a knowledge database; creating, by the processor, a new hash for a new document; comparing, by the processor, the hash with the new hash; and determining, by the processor, that the new document has similar characteristics as the document based on the comparing.

Abstract: Aspects of the disclosure relate to digital check processing. A computing platform may receive, from a first recipient, a request to transfer a first portion of funds, corresponding to the first digital check image, to a second recipient account and a second portion of the funds, corresponding to the first digital check image, to a third recipient account. The computing platform may generate second and third digital check images representative of the first and second portions of the funds respectively. Based on successful validation of the second digital check image and the third digital check image, the computing platform may embed, into the second and third digital check images, a digital chip that indicates the successful validation. The computing platform may send, to the second recipient account and the third recipient account, the second and third digital check images respectively.

Abstract: Some examples of the present disclosure relate to generating artificially intelligent entities represented on a blockchain using a non-fungible token (NFT). In one such example, a system can generate an NFT on a blockchain. The NFT can represent an artificially intelligent entity. The system can also generate a personality dataset on the blockchain, the personality dataset describing personality characteristics of the artificially intelligent entity. The system can then correlate the NFT to the personality dataset, thereby assigning the personality characteristics to the artificially intelligent entity. Once generated, the artificially intelligent entity may reside in a virtual ecosystem in which it can perform tasks and learn over time.

Abstract: The present inventive concept relates to a method for forming a Bluetooth network performing communication based on post-quantum cryptography at an application level and a Bluetooth network operating system that performs the same. A method for forming a Bluetooth network performed by a master device to perform Bluetooth communication with a slave device, according to an embodiment of the present invention, comprises the steps of: completing pairing with the slave device; receiving a certificate and an authentication message from the slave device; authenticating the slave device by using the certificate and the authentication message; generating a public key and a private key; generating a symmetric key by using the public key and the private key; and performing Bluetooth network communication by using the symmetric key.

Abstract: An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.

Abstract: A computing device in a trusted computing (TC) system and an attestation method thereof are provided. The computing device includes at least one processor configured to operate as instructed by program code, the program code including: transmission code configured to cause the at least one processor to transmit, to a master controller, a first identification (ID) for a first device selected among a plurality of devices included in the TC system, a second ID for a second device selected among the plurality of devices, and a nonce; and attestation code configured to cause the at least one processor to perform attestation for the first device and the second device based on an aggregated signature, wherein the aggregated signature is based on generation of a first signature, by the first device, by using the nonce, and generation of a second signature, by the second device, by using the first signature.

Abstract: The present disclosure provides a system and method for delegating authority to cloud IoT devices, with such delegated authority enabling the cloud IoT devices to access second cloud services outside of a core network. The IoT device uses its IoT identity to obtain a token for accessing the second service within a predefined time window. The token may be used to access the second service without further authentication by the second service. Accordingly, the IoT device can take particular actions, such as downloading files, etc., during the predefined time window. After the predefined time window, the IoT device may no longer access the second service without obtaining another token.

Abstract: A system and method are provided for conditional delivery of electronic content such as images or video stream content over a communication network. In some embodiments, a condition for receiving such content is determined, for example a verification of a biometric fact as a face recognition or a finger print. The content will then be delivered conditioned on the satisfaction of the condition. In some embodiments, facial detection technology is used continually while sent content is being displayed to ensure that content is being viewed solely by the intended recipient. In some embodiments, the recipient's reaction to sent content is recorded on video and sent to the sender as a condition of viewing the sent content. In some embodiments, two or more users interact with one another in real time in a secure video conference.