A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.

One embodiment of the invention includes a system comprising: a personal digital key and a computer readable medium that is accessible when authenticated by the personal digital key.

A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.

Systems, methods, and media for optimizing and facilitating 3D printing services in a marketplace environment are provided. In one example, a system comprises a memory and at least one module, executing on one or more computer processors, to host or participate in a 3D printing service marketplace environment including marketplace participants and a federated network of 3D printing service providers. The at least one module receives a 3D printing request from a marketplace participant to print a 3D object at a 3D printing service provider, and communicates with at least some of the federated network of 3D printer service providers within the marketplace environment. In response to the received request, the at least one module lists at least some of the 3D printing service providers based on a 3D printer identifier metric. The 3D printer identifier metric may include a digital rights authorization.

An enhanced information assurance system may comprise an improved computer including a central processing unit (CPU) emulator configured to extend the available machine instruction set. The CPU emulator may be configured to emulate machine language instructions taken from a nonnative set of secure opcodes. The CPU emulator may ensure that instructions and data in random access memory (RAM) remain encrypted at all times when in RAM, for example by storing the instructions and data in CPU registers when decrypted on an as-needed basis.

A computing system for a secure and reliable firmware update through a verification process, dynamic validation and continuous monitoring for error or failure and speedy correction of Internet of Things (IoT) device operability. The invention uses a Trusted Execution Environment (TEE) for hardware-based isolation of the firmware update, validation and continuous monitoring services. The isolation is performed by hardware System on a Chip (SoC) Security Extensions such as ARM TrustZone or similar technologies on other hardware platforms. The invention therefore comprises Firmware Update Service (FUS), System Validation Service (SMS) and Continuous Monitoring Service (CMS) running in the TEE with dedicated memory and storage, thus providing a trusted configuration management functionality for the operating system (OS) code and applications on IoT devices.

Services running in the TEE use both direct (hardware level) and indirect (software agents inside main execution environment (MEE)) methods of control of the MEE. Embodiments of the invention apply all updates to a staging (new) execution environment (SEE) without changing of the MEE.

A method provides isolated and secured execution environments on a terminal controlled by one or more processors having one or more processor cores. The processors execute a first trusted execution environment and a second legacy execution environment. At least one trusted application (4) is executed in the trusted execution environment and processes sensitive data, and a legacy application (2) is executed in the legacy execution environment. Execution environments, called sanctuary instances, are isolated from the first and second execution environments and are executed on a dedicated processor or dedicated processor core. The sanctuary instances may be present physically or virtually. Sanctuary memory areas are assigned to the respective processors or processor cores. At least one sanctuary application (10) is executed in a sanctuary instance, and a sanctuary application (10) interacts with one or more legacy applications (2) and with one or more trusted applications via at least one communication channel.

A system for rendering a content, the rendering of which is subject to conditional access security conditions. The system includes a host device and a detachable security device, the security device configured to decrypt the encrypted content, re-encrypt it under a local key and to deliver the re-encrypted content to the host device while ensuring that the host device applies or otherwise enforces any conditions associated with the rendering of the content.

A Software in the Loop (SiL) system and method is disclosed which may include a simulator operable to provide an environment to simulate dynamic systems, enable rapid development, validation of systems, and testing of complex systems. The system and method may include assembling one or more unsecured models operable to simulate the real-world system. The system and method may then encrypt and generate at least one secured model from the one or more unsecured models using a first cryptographic key. The at least one secured model may be decrypted using a sealed decryption key. The decrypted secured model may then be executed within the one or more TEEs. The at least one secured model may be operable to process incoming data and outgoing data.

A method for managing hardware resources includes obtaining, by a local virtual hardware license manager, a license request from an application instance, in response to the license request: sending a virtual hardware license request to a license management system, wherein the virtual hardware license request comprises a hardware resource list, making a first determination that a response to the virtual hardware license request validates the virtual hardware license request, and in response to the first determination: providing, based on the hardware resource list, a signed hardware resource document to a hardware resource manager managing a hardware resource, wherein the hardware resource list specifies the hardware resource, updating a hardware resource access repository to specify enabled access of the hardware resource by the application instance, and initiating access to the hardware resource by the application instance.