Cryptocurrency transactions are increasing in prevalence. An important security practice for cryptocurrency transactions includes maintaining a crypto wallet with a private key for signing cryptocurrency transactions. Hardware based crypto wallets with a secure element retaining the private key are highly secure. This disclosure provides a hardware based crypto wallet with a small form factor and a display screen for entering recovery seed phrases. The security of the display screen is enhanced via a novel data entry mechanism that does not require a separate processor but can be handled directly by a processor of a secure element.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A cryptocurrency payment system facilitates electronic transactions at point of sale terminals using cryptocurrency. A payment card may include a secure element to sign a cryptocurrency transaction at a point of sale device. A server may interact with the point of sale terminal and a blockchain to initiate a smart contract or other mechanism for transferring control of cryptocurrency from a buyer cryptocurrency wallet to a seller cryptocurrency wallet. Upon successful transfer, the server may provide an indication of transaction approval to the point of sale terminal. In this manner, cryptocurrency may be utilized for transactions at point of sale devices in a manner similar to conventional payment cards.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
Systems, methods and devices for generating a device certificate for determining control privileges for a primary controller and a secondary controller. The system may also include an embedded device. The primary controller may include a first memory configured to store a root certificate that includes a first set of device control privileges, and a first processor coupled to the first memory. The first processor may be configured to determine that the first set of device control privileges allow the primary controller to generate a device certificate for the secondary controller, generate the device certificate with a second set of device control privileges, and assign the device certificate to the secondary controller. The first processor may be configured to issue or send the device certificate to the secondary controller and send a public key of the root certificate to the embedded device to verify the device certificate.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/33 - User authentication using certificates
Systems, methods, and devices for backup and recovery of crypto wallets. A crypto wallet may interoperate with multiple removable authentication devices which may operate in concert to restore access to the crypto wallet in the event that a PIN and/or a seed value of the crypto wallet is lost or forgotten. By implementing multiple removable authentication devices, two-person (or greater) integrity (TPI) is implemented to ameliorate theft risk by requiring multiple devices to be operated in concert by different users who know the different PINs of the different removable authentication devices in order to recover access to the crypto wallet.
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
5.
ACCESS CONTROL SYSTEMS AND METHODS FOR CRYPTOWALLETS
Systems, methods, and devices for access control of crypto wallets. A crypto wallet may interoperate with multiple wallet controller devices. By implementing various key exchange mechanisms, instructions from the wallet controller devices may be securely provided to the crypto wallets, and the crypto wallets may verify the source of the instructions. By implementing these mechanisms, a risk of theft or unauthorized transfer of cryptocurrency associated with the hardware wallet is ameliorated.
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
Regulated embedded devices, such as electronic nicotine delivery system (ENDS) products are often targeted by unauthorized users. For instance, minors may attempt to gain access to ENDS products. The disclosure herein provides an authentication and control mechanism for (1) tracking and controlling a regulated embedded device beyond initial activation and throughout the lifetime of the device and (2) limiting sharing of credentials or active login sessions of authorized users with unauthorized users. The embedded device may establish an operative electronic communication connection to a computing device such as a smartphone of a user that runs an application or browser-based application. Via this connection, the custody of the embedded device in the possession of an authorized user may be verified. Moreover, a location of the embedded device may be determined for devices that are selectively inhibited in certain locations, and the device may be selectively inhibited.
Regulated embedded devices, such as electronic nicotine delivery system (ENDS) products are often targeted by unauthorized users. For instance, minors may attempt to gain access to ENDS products. The disclosure herein provides an authentication and control mechanism for checking the identity of an attempted user. For instance, the mechanism may collect images or other sensor data from an attempted user and compare sensed data such as a photograph of the user to other data such as a photograph of a government-issued identification document, in order to determine whether the attempted user should be granted access to the device. The device may be selectively activated or inhibited in response to the determining.
09 - Scientific and electric apparatus and instruments
36 - Financial, insurance and real estate services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Downloadable computer software for use as a digital wallet Prepaid services in the nature of making advance payments to add value to prepaid or pay-as-you-go cards for the purchase of consumer merchandise in segments such as retail and hospitality as well as retail services; Financial exchange of cryptocurrency via crypto swapping Providing temporary use of on-line non-downloadable computer software for use as a digital wallet; Electronic storage of crypto tokens for others
9.
SECURING BROWSER EXTENSION CRYPTO WALLETS USING A HARDWARE DONGLE
Cryptocurrency transactions are increasing in prevalence. An important security practice for cryptocurrency transactions includes maintaining a cryptowallet with a private key for signing cryptocurrency transactions. Hardware-based cryptowallets with a secure element retaining the private key are highly secure. However, hardware-based cryptowallets can be bulky due to the need to have a human-readable interface for verification of transaction details. An improved hardware-based cryptowallet is provided that omits the human-readable interface and utilizes a wirelessly connected authentication device, such as a smartphone, to provide a display screen for a user. In this manner, a transaction may be secured without needing a hardware wallet with a bulky or unwieldy form-factor.
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
A cryptocurrency payment system facilitates electronic transactions at point of sale terminals using cryptocurrency. A payment card may include a secure element to sign a cryptocurrency transaction at a point of sale device. A server may interact with the point of sale terminal and a blockchain to initiate a smart contract or other mechanism for transferring control of cryptocurrency from a buyer cryptocurrency wallet to a seller cryptocurrency wallet. Upon successful transfer, the server may provide an indication of transaction approval to the point of sale terminal. In this manner, cryptocurrency may be utilized for transactions at point of sale devices in a manner similar to conventional payment cards.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database systemDistributed database system architectures therefor
G06Q 20/06 - Private payment circuits, e.g. involving electronic currency used only among participants of a common payment scheme
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
G06Q 20/10 - Payment architectures specially adapted for electronic funds transfer [EFT] systemsPayment architectures specially adapted for home banking systems
G06Q 40/00 - FinanceInsuranceTax strategiesProcessing of corporate or income taxes
G07F 7/10 - Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card together with a coded signal
Cryptocurrency transactions are increasing in prevalence. An important security practice for cryptocurrency transactions includes maintaining a crypto wallet with a private key for signing cryptocurrency transactions. Hardware based crypto wallets with a secure element retaining the private key are highly secure. This disclosure provides a hardware based crypto wallet with a small form factor and a display screen for entering recovery seed phrases. The security of the display screen is enhanced via a novel data entry mechanism that does not require a separate processor but can be handled directly by a processor of a secure element.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06Q 20/10 - Payment architectures specially adapted for electronic funds transfer [EFT] systemsPayment architectures specially adapted for home banking systems
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
Cryptocurrency transactions are increasing in prevalence. An important security practice for cryptocurrency transactions includes maintaining a cryptowallet with a private key for signing cryptocurrency transactions. Hardware based cryptowallets with a secure element retaining the private key are highly secure. A cable assembly connecting a smartphone baseband processor to a display screen of a smartphone may have a hardware based cryptowallet disposed in the cable assembly. This cable assembly may have a secure element that connects to the smartphone baseband processor via a wireless connection. In this manner, the display screen may be utilized by both the smartphone baseband processor and the secure element, and private keys may be safely retained in the secure element so that cryptocurrency transactions may be performed by an application running on the smart phone but without exposing the private keys to the smartphone baseband processor.
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
G06Q 20/02 - Payment architectures, schemes or protocols involving a neutral third party, e.g. certification authority, notary or trusted third party [TTP]
G06Q 20/06 - Private payment circuits, e.g. involving electronic currency used only among participants of a common payment scheme
Systems, methods, and devices for remote control of IoT devices include a gateway device providing interconnection between a remote gateway device and an embedded device. The embedded device may be a device with short-range or peer-to-peer communication capabilities and the gateway device may provide interconnection of the embedded device to a communication network such as the internet. Commands may be provided remotely over the communication network to the gateway device for execution by the embedded device.
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
Systems, methods and devices to identify and authenticate controllers of embedded devices without direct connection to a server. The system has a plurality of controllers including a first controller and a second controller. The system has an embedded device configured to obtain a first device certificate from the first controller, obtain a second device certificate from the second controller, extract a first user identifier and a first set of device control privileges from the first device certificate, extract a second user identifier and a second set of device control privileges from the second device certificate, determine whether the second user identifier within the second device certificate is the same as to the first user identifier within the first device certificate, and allow or prevent access to the embedded device by the second controller based on the determining whether the second user identifier is the same as the first user identifier.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/33 - User authentication using certificates
Systems, methods, and devices for access control of crypto wallets. A crypto wallet may interoperate with multiple wallet controller devices. By implementing various key exchange mechanisms, instructions from the wallet controller devices may be securely provided to the crypto wallets, and the crypto wallets may verify the source of the instructions. By implementing these mechanisms, a risk of theft or unauthorized transfer of cryptocurrency associated with the hardware wallet is ameliorated.
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
Systems, methods, and devices for backup and recovery of crypto wallets. A crypto wallet may interoperate with multiple removable authentication devices which may operate in concert to restore access to the crypto wallet in the event that a PIN and/or a seed value of the crypto wallet is lost or forgotten. By implementing multiple removable authentication devices, two-person (or greater) integrity (TPI) is implemented to ameliorate theft risk by requiring multiple devices to be operated in concert by different users who know the different PINs of the different removable authentication devices in order to recover access to the crypto wallet.
G06F 21/40 - User authentication by quorum, i.e. whereby two or more security principals are required
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Methods, systems, devices, and apparatuses for securely providing an over-the-air firmware upgrade. The system includes an embedded device configured to receive the firmware upgrade. The system includes a server having a memory configured to store a first key encryption key, the firmware upgrade and a firmware key and having a processor coupled to the memory. The processor is configured to obtain the firmware upgrade, the firmware key and the first key encryption key. The processor is configured to encrypt the firmware upgrade using the firmware key. The processor is configured to encrypt the firmware key with the first key encryption key and transmit the encrypted firmware upgrade and the encrypted firmware key to the embedded device.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Systems, methods, and devices for remote control of IoT devices include a gateway device providing interconnection between a remote gateway device and an embedded device. The embedded device may be a device with short-range or peer-to-peer communication capabilities and the gateway device may provide interconnection of the embedded device to a communication network such as the internet. Commands may be provided remotely over the communication network to the gateway device for execution by the embedded device.
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Systems, methods, and devices for identifying and authenticating devices include a plurality of controllers and an embedded device. A first controller may grant or deny access of other controllers to the embedded device without a centralized intermediary such as a remote network resource. In this manner, different device control privileges may be set for different devices in the absence of a constant network connection among the devices or between the collection of devices and a network-connected resource such as an authentication server.
Methods, systems, devices and apparatuses for sterilizing and charging a wearable device. The sterilizing and charging apparatus includes one or more light sources. The one or more light sources are configured to detect or sterilize the wearable device. The sterilizing and charging apparatus includes a wireless charging device. The wireless charging device is configured to charge the wearable device. The sterilization and charging apparatus includes a controller coupled to the one or more light sources and the wireless charging device. The controller is configured to determine, using the one or more light sources, that the wearable device is within an enclosure. The controller is configured to sterilize the wearable device using the one or more light sources and/or wirelessly charge the wearable device using the wireless charging device.
A61B 5/00 - Measuring for diagnostic purposes Identification of persons
A61L 2/24 - Apparatus using programmed or automatic operation
H02J 50/80 - Circuit arrangements or systems for wireless supply or distribution of electric power involving the exchange of data, concerning supply or distribution of electric power, between transmitting devices and receiving devices
21.
SECURE LOW POWER COMMUNICATIONS FROM A WIRELESS MEDICAL DEVICE TO MULTIPLE SMARTPHONES
Methods, systems, devices and apparatuses for secure low power communication. The secure lower power communication system includes a medical device and one or more mobile devices. The medical device includes a memory, a network access device and one or more processors. The network access device has multiple hardware device addresses. The multiple hardware devices addresses include a first address and a second address. The network access device is configured to wirelessly communicate with a mobile device. The medical device includes one or more processors coupled to the memory and the network access device. The one or more processors are configured to execute instructions stored in the memory and perform operations. The operations include establishing first secure communication channel between the medical device and an application using the first address. The operations include transmitting advertising packets to remain discoverable by the application using the second address.
Methods, systems, devices and apparatuses for preventing use of fraudulent and/or counterfeit embedded devices. The anti-cloning system includes a first device configured to be coupled to or receive a first embedded device. The first embedded device has a first unique identity value. The anti-cloning system includes a controller. The controller is coupled to the first device. The controller has a controller memory. The controller memory is configured to store a public verification key. The controller has a controller processor. The controller processor is coupled to the controller memory and configured to verify the first unique identity value using the public verification key. The controller processor is configured to allow or permit the first device to operate and use the first embedded device when the first unique identity value is verified.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Methods, systems, devices and apparatuses for preventing use of fraudulent and/or counterfeit embedded devices. The anti-cloning system includes a first device configured to be coupled to or receive a first embedded device. The first embedded device has a first unique identity value. The anti-cloning system includes a controller. The controller is coupled to the first device. The controller has a controller memory. The controller memory is configured to store a public verification key. The controller has a controller processor. The controller processor is coupled to the controller memory and configured to verify the first unique identity value using the public verification key. The controller processor is configured to allow or permit the first device to operate and use the first embedded device when the first unique identity value is verified.
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Methods, systems, devices and apparatuses for securely providing an over-the-air firmware upgrade. The system includes an embedded device configured to receive the firmware upgrade. The system includes a server having a memory configured to store a first key encryption key, the firmware upgrade and a firmware key and having a processor coupled to the memory. The processor is configured to obtain the firmware upgrade, the firmware key and the first key encryption key. The processor is configured to encrypt the firmware upgrade using the firmware key. The processor is configured to encrypt the firmware key with the first key encryption key and transmit the encrypted firmware upgrade and the encrypted firmware key to the embedded device.
Methods, systems, devices and apparatuses for securely providing an over-the-air firmware upgrade. The system includes an embedded device configured to receive the firmware upgrade. The system includes a server having a memory configured to store a first key encryption key, the firmware upgrade and a firmware key and having a processor coupled to the memory. The processor is configured to obtain the firmware upgrade, the firmware key and the first key encryption key. The processor is configured to encrypt the firmware upgrade using the firmware key. The processor is configured to encrypt the firmware key with the first key encryption key and transmit the encrypted firmware upgrade and the encrypted firmware key to the embedded device.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Methods, systems, devices and apparatuses for sterilizing and charging a wearable device. The sterilizing and charging apparatus includes one or more light sources. The one or more light sources are configured to detect or sterilize the wearable device. The sterilizing and charging apparatus includes a wireless charging device. The wireless charging device is configured to charge the wearable device. The sterilization and charging apparatus includes a controller coupled to the one or more light sources and the wireless charging device. The controller is configured to determine, using the one or more light sources, that the wearable device is within an enclosure. The controller is configured to sterilize the wearable device using the one or more light sources and/or wirelessly charge the wearable device using the wireless charging device.
Methods, systems, devices and apparatuses for secure low power communication. The secure lower power communication system includes a medical device and one or more mobile devices. The medical device includes a memory, a network access device and one or more processors. The network access device has multiple hardware device addresses. The multiple hardware devices addresses include a first address and a second address. The network access device is configured to wirelessly communicate with a mobile device. The medical device includes one or more processors coupled to the memory and the network access device. The one or more processors are configured to execute instructions stored in the memory and perform operations. The operations include establishing a first secure communication channel between the medical device and an application using the first address. The operations include transmitting advertising packets to remain discoverable by the application using the second address.
Methods, systems, and apparatus for providing secure communication. The device includes a secure element for generating application key pairs. The device includes a trusted environment that is physically or logically isolated from an untrusted environment. The trusted environment includes one or more processors configured to perform operations of an application. The operations include generating an application key pair. The application key pair includes a secure element private key and a secure element public key. The operations include sending an application authentication request including one or more device identifiers and the secure element public key to a server. The operations include obtaining a digital certificate that includes the secure element public key and the one or more device identifiers. The operations include providing the digital certificate to a second device and establishing a secure communication channel between the device and the second device using the digital certificate.
G16H 80/00 - ICT specially adapted for facilitating communication between medical practitioners or patients, e.g. for collaborative diagnosis, therapy or health monitoring
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
G16H 40/67 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
G16H 40/40 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the management of medical equipment or devices, e.g. scheduling maintenance or upgrades
G16H 40/63 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for local operation
Methods, systems, and apparatus for providing secure communication. The device includes a trusted environment having a memory that is configured to store an application. The device includes one or more processors configured to perform operations of the application that execute within the trusted environment. The operations include sending an access request to connect with a second device, receiving an authentication request from the second device that requests the application to provide a zero-knowledge password proof and obtaining the zero-knowledge password proof. The operations also include sending the zero-knowledge password proof to the second device and establishing a communication channel with the second device.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G16H 80/00 - ICT specially adapted for facilitating communication between medical practitioners or patients, e.g. for collaborative diagnosis, therapy or health monitoring
G06F 21/73 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
G16H 40/40 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the management of medical equipment or devices, e.g. scheduling maintenance or upgrades
G16H 40/67 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
G16H 40/63 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for local operation
30.
Systems and methods for providing long-range network services to short-range wireless devices
Systems and methods relating to providing long-range network service to short-range wireless devices are disclosed. The system includes a short-range wireless device, a remote server, and a long-range wireless device for establishing a data path between the short-range wireless device and the remote server. The system performs a described method by using the short-range wireless device to alternate the transmission and concealment of an incitation signal so as to allow the long-range wireless device to establish and maintain the data path without any intervention, supervision, or inputs from a human user.
