Provided is a process that affords out-of-band authentication based on a secure channel to a trusted execution environment on a client device. The authentication process includes one or more authentication steps in addition to verifying any credentials provided by a client device. A notification may be transmitted by a server to a device other than the client device attempting to access the asset. That device may be a mobile device with a trusted execution environment storing user credential information, and the server may store representations of those credentials. The mobile device collects user input credentials and transmits representations for matching the previously stored representations and signed data for verification by the server that received data originated from the mobile device. The access attempt by the client is granted based in part on the result of authenticating the data received from the mobile device in a response to the notification.

A computer processing device for determining whether to allow or deny access to a database associated with the device is provided. The device is configured to determine the origin of data signed with a first key by comparing the key to one or more keys stored in a further database to identify the source of the data; search the database to determine one or more access rules associated with the source of the data, wherein the access rules define whether write access to the database is allowed or denied for the data; and allow or deny write access to the database based on the determined rule or rules.

A method implemented by an image recording unit having a normal state and an error state of operation. The method includes: receiving metadata specifying information about a patient and/or an endoscopic procedure; receiving images generated by an image sensor of an endoscope, the images corresponding to optical images received by the image sensor and comprising single images and/or a stream of images; controlling a display to show the images; in response to a first user input in the normal state, storing the images and the metadata in a memory of the image recording unit, and in the error state, overwriting with new data at least some of the metadata.

Techniques for securing access to protected resources are provided. In the method and apparatus, an access key and proof of successful completion of a first authentication is obtained in connection to a request. The proof of completion of the first authentication and the access key are verified. The access key is then used to generate a determination that information in the access key indicates that a second authentication was successfully completed prior to allowing the request to be fulfilled.

Methods, systems, and devices for public key protection techniques are described. An embedded multimedia card (eMMC) may be formatted to include a permanent write protect group that is configured to prevent disabling of write protection for data stored in the permanent write protect group. The eMMC may store a public key associated with a first host device in the permanent write protect group of the eMMC. A data package may be received from the host device and authenticated by using the public key stored in the permanent write protect group. The embedded memory controller may be configured to prevent modifying or writing data to a permanent write protect group.

Systems and methods are disclosed herein for switching an application executing on an ambulatory medical device to a new application without interrupting therapy provided by the ambulatory medical device to a subject. The ambulatory medical device may receive an indication that an update to an application executing on the ambulatory insulin pump is available, establish a communication connection to a host computing system, download and install the application update, while a prior version of the application continues to run. The disclosed systems and methods can confirm successful installation of the application update on the ambulatory medical device and switch control of the ambulatory medical device from the prior version to the new version of the application without interrupting therapy provided to the subject.

A method for asynchronous side channel cipher renegotiation includes: establishing, by a first computing device, a first communication channel and a second communication channel with a second computing device, where the first communication channel is an encrypted tunnel and packages exchanged using the encrypted tunnel are encrypted using a first cipher; receiving, by a receiver of the first computing device, a renegotiation request from the second computing device using the second communication channel, where the renegotiation request includes at least a password value and a relative time; generating, by a processor of the first computing device, a second cipher using at least an encryption protocol and the password value; receiving, by the receiver of the first computing device, a new encrypted packet from the second computing device using the first communication channel; and decrypting, by the processor of the first computing device, the new encrypted packet using the second cipher.

Data of a computer system can be secured from malware. During a Primary Operating System (PrimaryOS) run-time, the system determines if the computer system has been compromised and, if so, a Trusted Operating System (TrustedOS) is launched and assumes control of the hardware resources and the software resources of the computer system. The TrustedOS obtains a cryptographic key that is inaccessible to the PrimaryOS. The TrustedOS uses the cryptographic key to disable writing to a first portion of the storage media that includes the first set of logical block addresses. The PrimaryOS can incrementally back-up files to a second set of logical block addresses on a second portion of the storage media. Control of the hardware resources and the software resources is returned to the PrimaryOS.

This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

Systems and methods for facilitating asynchronous secured point-to-point communications between a first user and a second user are disclosed. Particularly, the communications do not require centralized storage. Exemplary implementations may: store information electronically, including different types of client-specific information, hardware information, key information, and permission information; receive a communication request from a first user; transfer a response to the communication request; receive a status check request from the second user; transfer a response to the status check request; receive a transfer request from the second user; transfer a response to the transfer request; receive a status request from the first user; and transfer a response to the status request.