Abstract: A method for sketch computation is provided. The method may comprise receiving an input data stream from one or more client applications. The method may also comprise generating at least one segment from the input data stream. At least one segment may comprise a plurality of chunks. The method may further comprise computing a sketch of the at least one segment. The sketch may comprise a set of features that are representative of or unique to the at least one segment, such that the set of features corresponds to the at least one segment. The sketch may be useable for inline deduplication of at least one other input data stream received from the one or more client applications without (i) generation of a full index of the plurality of chunks or (ii) comparison of the at least one other input data stream to the full index.

Abstract: Devices, systems, and methods are provided for enhanced parsing of manifest files for streaming media. A method may include receiving, by a media player, a first media manifest including tags indicative of first temporal segments for media content; identifying, using a parser, a first tag indicative of a first temporal segment; identifying, using the parser, a second tag indicative of a second temporal segment; parsing, using the parser, the first tag; based on at least one of the parsing or a user preference indicative of a starting location for playback of first media content of the media content or a preferred bandwidth, refraining from parsing the second tag; retrieving, by the at least one processor, based on a time associated with the first temporal segment, an address of the first video content; and presenting, by the at least one processor, the first media content based on the address.

Abstract: A device for a website building system (WBS) includes a communication hub embedded in a page of a website built by the WBS to implement 2-way cross domain communication with direct addressing between at least two third party applications from different vendors, the at least two third party applications each having an instance within the page. The communication hub includes a smart identifier and addresser to identify and provide the direct addressing of source or target third party applications between the at least two third party applications and to maintain a table of all absolute addresses for the 2-way cross domain communication; and a communication policy enforcer to enforce a communication policy between the WBS and the at least two third party applications to filter non-conforming communication according to the communication policy; and a protocol translator to provide 2-way interface translation between the at least two third party applications.

Abstract: A permission management method and a terminal device are provided, where the permission management method is applied to the terminal device including a first display area and a second display area. The permission management method includes: determining a target permission management policy corresponding to a first application based on a display area in which the first application is located (101); and controlling permission management for the first application according to the target permission management policy (102); where the target permission management policy includes a first permission management policy corresponding to the first display area and/or a second permission management policy corresponding to the second display area.

Abstract: Embodiments of the present invention provide computer-implemented methods, computer program products and computer systems. Embodiments of the present invention can monitor user activity for one or more user interactions performed while connected to a Virtual Private Network. Embodiments of the present invention can then identify potential risks associated with a user and respective user interactions. Embodiments of the present invention can then, in response to determining a respective user interaction of the one or more interactions is suspicious, generate a real time risk score for the respective user interaction. Embodiments of the present invention can then, in response to the generate real time risk score exceeding a threshold level of risk for the respective user interaction, initiate a secondary authentication protocol.

Abstract: The present disclosure includes secure device coupling. An embodiment includes a processing resource, memory, and a network management device communication component configured to, identifying a network attached device within a first domain. Generating a domain device secret corresponding to the first domain. Each network attached device within the first domain can share the same domain device secret. Coupling iterations may be performed for each device within the first domain can include: generating a network management device private key and public key. Providing, via short-range communication, the network management device public key and the domain device secret to a network attached device communication component included in each network attached device of the first domain.

Abstract: A server is configured to perform obtaining a first request for information associated with an administrator of a communication device from an administrator's device, transmitting management information associated with the administrator to a management device in response to the first request, obtaining an information request for information to be used by the communication device therefrom, transmitting authentication information to use the communication device thereto, obtaining the authentication information and the management information from the terminal device, the authentication information obtained from the terminal device being information transmitted by the terminal device based on the authentication information received by the communication device, the management information obtained from the terminal device being information to be transmitted by the terminal device based on the management information received by the management device, and associating the management information obtained from the term

Abstract: Examples of techniques for threat detection in an industrial process system are described herein. An aspect includes determining a plurality of subsystems of an industrial process system. Another aspect includes, for each of the plurality of subsystems, constructing and training a respective deep autoencoder (DAE) model of the subsystem based on data corresponding to the industrial process system. Another aspect includes monitoring the industrial process system using the plurality of DAE models corresponding to the plurality of subsystems. Another aspect includes, based on the plurality of DAE models, determining a cyberattack in a subsystem of the plurality of subsystems.

Abstract: Systems and methods are presented herein for generating an augmented reality (“AR”) display with user interface (“UI”) elements that respond to changes in pupil characteristics in response to detecting device streaming content. A media stream playing on a device that is within a threshold distance of the AR device is detected. The source of the media stream is identified. The AR device queries the source of the media stream for a consumption option. An AR overlay is generated and comprises selectable UI elements corresponding to the consumption options. In response to receiving an input at a UI element, the AR overlay is generated based on the consumption option.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for providing an embedded web view of a folder in a content management system on a web page. For example, a user can request from a content management system code for embedding a web view of a content item or group of content items (e.g., folder) into a web page. After the code is embedded into the webpage, the web page can present a web view of the content item or group of content items that is dynamically updated when the content item or group of content items is updated. Thus, the user is relieved of the burden of updating the web page with new links to reflect changes in content items stored in the online content management system.

Abstract: Systems and techniques for an adaptive authentication system are described herein. In an example, an adaptive authentication system is adapted to receive a request at a first entity from a second entity for secure data of a user, where the second entity is remote from the first entity. The adaptive authentication system may be further adapted to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. The adaptive authentication system may be further adapted to receive a response to the prompt and authenticate the user and the request based on the response. The adaptive authentication system may be further adapted to transmit the secure data of the user to the second entity.

Abstract: A system for providing network services is provided. The system includes a device configured to interface with the network to receive a container, where the container is configured to interface with an operating system of the device and a plurality of applications operating on the device. The container is further configured to interface with a network services provider of one or more network services and one or more third party service providers.

Abstract: A method of ending a subscription performed in a network entity is disclosed. The method comprises receiving, from a device comprising an Embedded Universal Integrated Circuit Card, eUICC, a signed confirmation of a profile having been deleted in the device, the profile being associated with a subscription for the device; sending, to a Subscription Manager Data Preparation entity, a command for deletion of the profile; and deleting the user subscription and related profile in case an acknowledgement of the deletion of the profile is received from the Subscription Manager Data Preparation entity. Method in a device, method in a Subscription Manager Data Preparation entity, devices and entities, computer programs and computer program products are also provided.

Abstract: Methods and apparatuses are described for automatic validation of a hybrid digital document. A server computing device downloads a hybrid digital document from a remote computing device, the hybrid digital document comprising an image content file and a hypertext content file. The server computing device determines content validation rules based upon one or more attributes associated with the hybrid digital document. The server computing device converts the image content file to a text content file. The server computing device validates one or more data elements in the text content file using the content validation rules. The server computing device validates one or more data elements in the hypertext content file using the content validation rules. The server computing device transmits a notification to the remote computing device indicating an outcome of the data elements validation.

Abstract: The present invention comprises a computer-implemented zero-trust authentication method that utilizes the Bitcoin Lightning Network, which is the sole protocol offering immediate, immutable, and cost-free Bitcoin settlement. A user requests access to the resource of a service provider and the user provides authentication material necessary to securely access the service provider. The service provider initiates a Hold Invoice via a cryptographic function to generate a pre-image hash, instructing the user to authorize release of Bitcoin in an amount stipulated by the Hold Invoice. Bitcoin is held in the Hold Invoice until an authentication attempt is either successful or unsuccessful. If successful, the user is issued an access token to login into the resource, the Hold Invoice is canceled and Bitcoin is released to the user. If unsuccessful, the pre-image is revealed, the user is denied access, and Bitcoin is transferred to the service provider as a settled payment transaction.

Abstract: An overlay to existing infrastructure that establishes trusted paths in a communication network to fulfill a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis is described. Establishing trusted paths operationally fulfills a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis as an overlay to the existing relatively unsecured network.

Abstract: Described implementations obtain credential information including an encrypted digital identity (ID). The encrypted digital ID may include a public component of a credential and identity data. Furthermore, the credential information may include cryptographically obfuscated data based on the identity data and a private component of the credential. A proof is obtained that includes proof data. The proof data may confirm that the credential information was correctly generated. Verification of the proof data, and confirmation that the cryptographically obfuscated data is not associated in a collection of cryptographically obfuscated data, cause a computer-implemented service to issue a pseudonym. The pseudonym is usable to generate a relationship associated with a computer-implemented service.

Abstract: Provided is a process including: obtaining criteria to select plain-text values in a lower-trust database; selecting, based on the criteria, a first plain-text value; in response, determining a first reference value; storing the first plain-text value in a higher-trust database in a second entry identified by the first reference value; storing the first reference value in the first entry of the lower-trust database; selecting another instance of the first plain-text value stored requested to be stored in a third entry in the lower-trust database; and in response, storing the first reference value in the third entry.

Abstract: A management apparatus that manages a plurality of image forming apparatuses, the management apparatus includes: a storage that stores histories of user operations on the image forming apparatuses for the plurality of image forming apparatuses, respectively; and a hardware processor that determines an image forming apparatus recommended to be operated from among the plurality of image forming apparatuses based on the histories of the user operations of the image forming apparatuses and outputs a notification indicating the determined recommended image forming apparatus.

Abstract: Provided are an information processing apparatus, an information processing method, and an electronic device capable of appropriately perform update of a license provided by an information processing apparatus and used in an electronic device. The electronic device includes a key generation unit that generates a device unique key that is a key unique to every device, and a license management unit that updates a license in a case where an extension code generated by a predetermined method on the basis of the device unique key, first data different for every installation of the license provided by an information processing apparatus, and second data different depending on the number of times of update of the license coincides with an input extension code.

Abstract: Techniques and systems for optimizing and cleaning rules for network-based authentication transactions are provided herein. A network-based authentication system may determine a plurality of rules that were previously used to evaluate a plurality of transactions. The network-based authentication system may also generate a false positive rate for one or more of the plurality of rules, A cleaning coefficient for a first rule of the plurality of rules may be generated by the network-based authentication system. Based on the cleaning coefficient and the false positive rate, the network-based authentication system may identify one or more rules from the plurality of rules to eliminate from the plurality of rules. The network-based authentication system may eliminate the one or more rules to generate a modified set of rules. Using the modified set of rules, the network-based authentication system may authenticate a network transaction.

Abstract: According to an embodiment, a method receives one or more messages associated with connecting a client and a first host. At least one of the messages comprises an encrypted portion indicating the first host and at least one of the messages comprises a cleartext portion indicating a second host. The method determines first and second sets of links associated with the first and second host, respectively. The first set is determined based on monitoring a result of connecting the client and the first host. The second set is determined based on observing behavior associated with connecting to the second host. The method detects domain fronting in response to determining, based on comparing the first set of links and the second set of links, that the first host differs from the second host.

Abstract: A method including pre-authenticating, by an infrastructure device, a user device for obtaining communication services from a server, the pre-authenticating including determining a given duration of time and a communication parameter associated with a pre-authentication request received from the user device; and operating, by the infrastructure device, a port associated with the server in an activated mode for the given duration of time to enable the user device to transmit an authentication request indicating the communication parameter prior to an expiration of the given duration of time. Various other aspects are contemplated.

Abstract: The disclosure provides for analyzing upgrade and migration readiness. Embodiments include receiving an indication to upgrade a software product and a selected upgrade path identifying a target-upgrade version. Embodiments include accessing an array of pre-upgrade procedures comprising code for identifying one or more conditions that must be met before the software product can be upgraded based on the accessed array being associated with the software product. Embodiments include executing one or more of the pre-upgrade procedures in advance of upgrading the software product. Embodiments include accessing one or more autonomous remediation scripts from the repository based on identification of one or more failed pre-upgrade procedures. Embodiments include executing the one or more autonomous remediation scripts to cure the one or more failed pre-upgrade procedures and initiating an upgrade of the software product based on identifying that the array of pre-upgrade procedures successfully completed execution.

Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and a processing module operably coupled to the interface and memory such that the processing module, when operable within the computing device based on the operational instructions, is configured to perform various operations. The computing device is operable to receive a memory access request for a data object stored within the DSN, determine a realm for the memory access request, determine an authorization service for the realm and generate an authorization request for the memory access request. The computing device is further operable to transmit the authorization request to an authorization service, receive an authorization request response from the authorization service, determine whether the memory access request is authorized and process the memory access request.

Abstract: A method for managing a virtual electronic card is applicable to a secure chip installed in a first terminal, and the method includes: receiving a management request from a trusted mobile application on the first terminal, the management request being used to manage a target virtual electronic card on the secure chip, and permissions of the virtual electronic card being configured by a chip operating system of the secure chip; determining, from the secure chip, a target card management program corresponding to the target virtual electronic card, the different virtual electronic cards corresponding to the different card management programs; sending the management request to the target card management program; and calling, through the target card management program, a card management command corresponding to the management request in a card management system on the secure chip, to manage the target virtual electronic card.

Abstract: An approach for monitoring a data transmission system that uses a data transmission means such as a vehicle bus or a vehicle network of a motor vehicle. This system includes a monitoring device that transmits a request message to a transmitting device and to a receiving device. The transmitting device generates a particular transmitter response on the basis of the request message, where the transmitter response is transmitted to the monitoring device. The receiving device generates a particular receiver response on the basis of the request message, where the receiver response is transmitted to the monitoring device. The monitoring device receives the transmitter response and the receiver response and checks compliance with a trigger condition which depends on the transmitter response and the receiver response, the compliance of which indicates an event relevant to monitoring.

Abstract: A device may receive data identifying malicious behavior by a compromised endpoint device associated with a network and may receive user identity data identifying a user of the compromised endpoint device associated with the network. The device may receive endpoint device data identifying the compromised endpoint device and other endpoint devices associated with the network and may receive network device data identifying network devices associated with the network. The device may utilize the data identifying malicious behavior, the user identity data, and the endpoint device data to generate, based on an identity of the user, a security policy to isolate the malicious behavior. The device may cause the security policy to be provided to the network devices and the other endpoint devices based on the network device data and the endpoint device data.

Abstract: A method (30) and system (10) for controlling wireless local area network (WLAN) user quality in a multi-access point environment is provided. In order to ensure good quality of service/user experience in a multi-access point Wi-Fi™ setup in which a user roams with a station (14), the access points (11, 12) continuously or at intervals assess the wireless environment's quality and report to a control entity (13). The control entity (13) determines, from the assessment data, alternative target access points (11, 12) that could be used in case the link quality of a current connection between an access point (11) and the station (14) falls below a pre-defined value. The control entity (13) then instructs the access point (11) to actively disconnect the station (14) and selects a new target access point (12) to accept the stations (14) connection request.

Abstract: Access to a first instant messaging service using an online identity that is associated with a second instant messaging service is enabled. A profile is accessed. The profile indicates that another instant messaging service is to be provided with presence information regarding the use of the online identity to access the first instant messaging service. The other instant messaging service is provided with the presence information regarding the use of the online identity to access the first instant messaging service.

Abstract: A system and method for remotely generating an original signature provided by a signatory as a user of a first mobile device are disclosed. According to one embodiment, the system comprises a cloud server having a signature transmission API, and a video stream module configured to facilitate a live video stream. The system further includes a pen plotter having a plotter controller communicatively coupled to the cloud server by the signature transmission API. The pen plotter has a mechanical arm configured to receive an ink pen, and a video capture device communicatively coupled to the video stream module of the cloud server and configured to capture video of the pen plotter and transmit to the video stream module.

Abstract: Examples of renewal of security certificates of supplicant devices are described. In an example, a request to authenticate a supplicant device based on a security certificate is received by an authenticator device and from a supplicant device. The request comprises information relating to the security certificate which is expired. A login history of the supplicant device and presence of a valid account associated with the supplicant device in a directory database is determined. An authentication successful message is sent to the supplicant device based on the login history and presence of the valid account in the directory database. The supplicant device is redirected to a captive web portal for authentication of the supplicant device based on the login credential. In response to a successful authentication of the supplicant device in the captive web portal, a renewed security certificate for the supplicant device is provided.

Abstract: Inline package name based supply chain attack detection and prevention is disclosed. An indication that a client device has made a request to a remote server for a package is received. A data appliance then performs an action responsive to the received indication. In an example implementation, the data appliance makes a determination of whether the request for the package is associated with a nonexisting package.

Abstract: The present specification describes computer-implemented methods and systems for secure storage and transmission of data in a distributed network environment. In embodiments, each piece of data is transformed in to multiple pieces of metadata. Each piece of metadata is transmitted and stored on a different server, which is selected from separate pools of servers.

Abstract: Systems and method are provided for a temporary network slice usage barring service within a core network. A network device in the core network receives a slice barring information message for an application function (AF). The slice barring information message includes a unique subscriber identifier associated with a user equipment (UE) device to be barred from a network slice and indicates a barring expiration time. The network device stores barring parameters based on the slice barring information message. The barring parameters include a slice identifier associated with the AF, the unique subscriber identifier, and the barring expiration time. The network device sends a barring instruction message to another network device associated with the network slice. The barring instruction message includes the unique subscriber identifier and the barring expiration time. The other network device enforces temporary barring of the UE device from the network slice based on the barring instruction message.

Abstract: A method of authenticating a device subscribed to a first wireless communication network on a second wireless communication network, the method including: deriving at a node within the first wireless communication network a set of one or more network keys for the second wireless communication network from one or more network keys of the first wireless communication network that uniquely identify the device within the first wireless communication network; communicating the derived set of one or more network keys to the device; storing a first copy of the derived set of one or more network keys within an identification module at the device and a second copy of the derived set of one or more network keys within a secure area of the device; and authenticating the device on the second wireless communication network using the second copy of the derived set of one or more network keys stored in the secure area of the device.

Abstract: The present disclosure relates to systems and methods for live streaming. The system may receive a play request associated with a live stream from a terminal device. The system may determine whether there are one or more cached fragments associated with the live stream, wherein the one or more cached fragments are cached from a stream source via a first protocol. In response to determining that there are one or more cached fragments associated with the live stream, the system may determine whether the play request is a request that the terminal device requests the live stream for the first time. In response to determining that the play request is the request that the terminal device requests the live stream for the first time, after a caching of a current fragment is completed, the system may transmit an index file corresponding to the current fragment and at least one of the one or more cached fragments to the terminal device via a second protocol.

Abstract: A method in a conferencing system terminal device includes detecting, with one or more processors during a videoconference, a communication device electronically in communication with both a content presentation companion device having a display and one or more remote electronic devices engaged in the videoconference. User input requesting for content to be shared from the conferencing system terminal device with the one or more remote electronic devices engaged in the videoconference is received. Prior to causing the communication device to share the content with the one or more remote electronic devices during the videoconference the one or more processors present, on the display of the content presentation companion device, a content verification presentation and receive a content share confirmation in response to the content verification presentation.

Abstract: An endpoint in an enterprise network is monitored, and when a potential trigger for a distributed denial of service (DDoS) attack is followed by an increase in network traffic from the endpoint to a high reputation network address, the endpoint is treated as a DDoS service bot and isolated from the network until remediation can be performed.

Abstract: The technology disclosed relates to a steering logic for policy enforcement on IoT devices. In particular, the technology disclosed provides a system. The system comprises an in-network intermediary. The in-network intermediary is configured to receive outbound network traffic from a plurality of special-purpose devices on a network segment of a network. The outbound network traffic is directed at one or more out-of-network servers. The in-network intermediary is further configured to determine, from the outbound network traffic, metadata required for policy enforcement. The in-network intermediary is further configured to append the metadata to the outbound network traffic, and send the outbound network traffic appended with the metadata to a policy enforcement point for policy enforcement.

Abstract: This disclosure describes techniques for providing multiple namespace support to application(s) in containers under Kubernetes without breaking containment boundaries or escalating privileges of the application(s). A namespace service executing on a physical server may communicate with contained processes executing on the physical server by utilizing a Unix Domain Socket (UDS) endpoint in the filesystem of each of the containers. the namespace service may execute on the physical server with escalated privileges, allowing the namespace service to create a socket in a namespace and provide access and rights to utilize the socket to process(es) in a separate namespace.

Abstract: A computer program product configured to execute a method for exchanging electronic data. The method includes receiving, using an API, a request to transmit data from a source trading partner to a destination trading partner; querying a name server, using a domain name system protocol, the name server comprising a subdomain of the destination trading partner to send the data to, wherein the subdomain is mapped to a destination access point, wherein a name of the subdomain conforms to a common format, wherein an address of the subdomain conforms to another common format; determining the address of the subdomain based on the querying of the name server; addressing the data, using another API, to be sent to the address of the subdomain; and transmitting the data, using the another API, to the destination access point by virtue of the subdomain's mapping to the destination access point.

Abstract: An intelligent trust enabler system for a 5G IoT (fifth-generation Internet of Things) environment includes: an IoT trust enabler mounted on an edge and gateway on a fifth-generation (5G) IoT infrastructure, for providing trust information based on data collected from IoT devices and performing operation and management of connected IoT resources; and an IoT trust agent for providing a legacy environment for the IoT trust enabler.

Abstract: An intelligent wireless broadband network and content delivery management within a network includes at least one datacenter, at least one network tower and a plurality of smart nodes may be provided. Each of the plurality of smart nodes may be deployed as a micro point of presence (micro POP) at the at least one datacenter the at least one tower and at each of a plurality of hub-homes within the network. An artificial intelligence (AI) capable compute unit may be configured to provide customization of the plurality of smart nodes based on usage pattern of the plurality of homes at a neighborhood level, and thereby facilitating a dynamic edge network distribution solution for better Internet experience to the end-users.

Abstract: Networked devices in a communications network share a common firmware key. Using the common firmware key, one networked device can encrypt configuration data it uses to operate in the network for distribution to other networked devices of the same or similar type. The networked devices that receive the encrypted configuration data then use the common firmware key to decrypt the encrypted configuration data, and using the decrypted configuration data, self-configure to operate on the network. This allows for the secure distribution of configuration data, as well as the self-configuration of networked devices without exposing the sensitive data needed for such configuration to a human.

Abstract: A method and an apparatus for controlling user equipment (UE) context between a plurality of nodes are provided. The method includes transmitting, to a second node, a first message to request a user equipment (UE) context update, receiving, from the second node, a second message indicative of a completion of the UE context update or a third message indicative of a failure of the UE context update in response to the transmission of the first message, and determining whether to retransmit the first message to the second node based on the reception of the second message or the third message. The procedure of the UE context update may be initiated by the transmission of a message to request an operation of the UE context update to be performed between a UE and a third node from the second node to the third node.

Abstract: A secure private network connectivity system (SNCS) within a cloud service provider infrastructure (CSPI) is described that provides secure private network connectivity between external resources residing in a customer's on-premise environment and the customer's resources residing in the cloud. The SNCS provides secure private bi-directional network connectivity between external resources residing in a customer's external site representation and resources and services residing in the customer's VCN in the cloud without a user (e.g., an administrator) of the enterprise having to explicitly configure the external resources, advertise routes or set up site-to-site network connectivity.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: A method including transmitting, by a user device to an infrastructure device, a first pre-authentication request associated with requesting communication services from a server, the first pre-authentication request indicating a communication parameter associated with the user device; determining, by the user device while obtaining the communication services from the server, a change in the communication parameter such that the user device is associated with a new communication parameter; and transmitting, by the user device to the infrastructure device, a second pre-authentication request associated with obtaining the communication services from the server, the second pre-authentication request indicating the new communication parameter. Various other aspects are contemplated.

Abstract: A method for managing a virtual electronic card is applicable to a secure chip installed in a first terminal, and the method includes: receiving a management request from a trusted mobile application on the first terminal, the management request being used to manage a target virtual electronic card on the secure chip, and permissions of the virtual electronic card being configured by a chip operating system of the secure chip; determining, from the secure chip, a target card management program corresponding to the target virtual electronic card, the different virtual electronic cards corresponding to the different card management programs; sending the management request to the target card management program; and calling, through the target card management program, a card management command corresponding to the management request in a card management system on the secure chip, to manage the target virtual electronic card.