US Patent no 10,268,528 B2 was granted to IBM on April 23, 2019 that describes a method which uses distributed ledger technology (DLT) to verify information shared between multiple devices in real time. The method talks about collecting specific information from every device and sending it to the nearest computer node. The verified information is then stored in a distributed database and is used to update the entries in the blockchain. The devices connected between the proposed system would be able to share information with other mobile devices, while eliminating the need of any central authority. Connected objects can be sensed and / or controlled remotely across existing network infrastructure, integrating connected physical objects into computer - based systems. #ibm #blockchain #patents #technology #emergingtech #electronics

A new patent application from Tesla US20190106055A1 suggests an advanced sunroof lighting system that allows you to manipulate the incoming light according to requirement. A tint layer is sandwiched between two transparent layers and is electrically controllable to allow none, some, or all of the sunlight incident to the sunroof. A ‘transparent lighting layer’ is added between the tint layer and the second transparent and has LEDs embedded in it. This layer also contains multiple scattering centers which redirects light from the side of the layer to the vehicle cabin. The transparent lighting layer is configured to provide uniform distribution of light in the car. #patents #Tesla #automobiles #technology #emergingtech #electronics

A refrigerator can slow down the spoilage of food and drinks stored within the refrigerator, although the process is not completely halted. Food or drinks in the refrigerator will eventually spoil. But how about a refrigerator that sniffs out a spoiled food using cameras and chemical sensors and even sends a notification to the user’s smartphone? US patent US10373472 granted to Amazon, on August 6, 2019, discloses a system for determining whether food in a refrigerator has spoiled. The system includes a camera and a chemical sensor (such as potentiometric sensors, chemical field-effect transistor (ChemFET) sensors, chemiresistors, chemoreceptors, or other sensors) to detect the presence and quantity of chemical compounds (such as ethylene gas) released as a result of decomposition of food in the refrigerator. The chemical sensor reading from the refrigerator is compared with the threshold value and a corresponding alert (an indication that the food item is spoiled) is sent on the user’s smartphone using a mobile application (such as spoilage identification application). The mobile application can also track changes to a food item by comparing two or more captured images of the food items with each other. #patents #technology #emergingtech #electronics

Would you mind wearing a smart wearable product (such as Smart Bandages, Diapers, and/or Socks) having a sensor and a dispensing unit to release a predetermined amount of medicament controlled through a Smartphone? US patent US10376423 granted to Newtonoid Technologies, LLC – WINDGO’s Intellectual Property holding company, discloses a system for monitoring characteristic of biological material of the user using smart wearable product (Smart bandages, Diapers, and/or Socks). The system includes an analysis portal and a pad. The analysis portal includes a sensing portion comprising a sensor (temperature sensors, optical (e.g., blood oxygen, spectroscopy), blood alcohol sensors, bacteria sensor, olfactory sensors (e.g., conducting polymer sensor), other biosensors and/or any other sensors), and an investigation portion comprising a computing device having a health screener. The pad has a vibrating motor, and the vibrating motor is selectively activated to provide vibrations to the user when the wearable product is within a predetermined distance from the pad. The sensing portion of the analysis portal comes into contact with a biological material of the user. The health screener is configured to determine at least one characteristic of the biological material (biological fluid and/or sample). The analysis portal further comprises a dispensing unit, the dispensing unit comprising a bladder for holding a medicament, wherein the dispensing unit is configured to release a predetermined amount of medicament based on an evaluation of the at least one characteristic of the biological material. The computing device initiates an alert based on the at least one characteristic of the biological material and the alert is sent on the user’s smartphone. #patents #technology #emergingtech #electronics

Foldable Smartphone…!! How about an “Electronic Scroll” with a flexible display?? Scrolls were the first form of editable record keeping texts, used in ancient Egyptian civilizations. These rolls were made from papyrus, parchment, and/or paper containing writing. In an era of flexible displays, Samsung has won a patent for an “Electronic Scroll” with a flexible display, which might change the aesthetic of smartphones, tablets and/or smart TVs. A US patent US10416722 is granted to Samsung, on September 17, 2019. The patent makes it possible for a user to carry a Smart TV, roll it up, watch his favorite content and then roll it back in his bag. The patent discloses an electronic device comprising a rotating roll installed between a housing/outer box/casing. A flexible display is wound on the roll which can be withdrawn through the opening by following the rotating direction of the roll. Further, a housing guide is configured to guide a part of the housing so that the height, width and/or overall size of the housing is reduced. The housing guide can be made using the following arrangements: Housing guide (shaft gear and rail arrangement) may include a center shaft gear connected to a center shaft of the roll, and a rail fixed to the part of the housing to move. The height, width and/or overall size of the housing is reduced in accordance with power that is transferred from the center shaft gear as the flexible display is withdrawn. 2. Housing guide may include a pressure bar or piston, and a joint lever connected to the pressure bar. The height, width, and/or overall size of the housing is reduced in accordance with the change in length of the pressure bar as the flexible display is withdrawn. #patents #technology #emergingtech #electronics

A smart wearable device (such as smartwatch) with a tiny screen is simply way too small to perform common multi-touch commands like pinching, rotation, and other gestures. Placing two fingers on the screen will block most of the display area. Typing data on the small screen is also close to impossible on wearable devices. A US patent granted on October 15, 2019, to INNOVENTIONS, Inc., a private Houston-based company perhaps offers a solution. The patent teaches about systems and methods to improve the user interface with wearable devices like a smartwatch. It assigns one or more virtual passive touch pads on the surface (back hand) adjacent to the smartwatch, where the user can tap, drag, draw characters or perform multi-finger gesture commands which are captured by the smartwatch. Thus, generic tactile touchpad inputs to the device are simulated by the assigned virtual passive touchpad without the need of placing an actual tactile touch pad device on that area. The touch locations on the assigned virtual touchpad area are captured by one or more side looking cameras. The cameras detect one or more finger touch points relative to the captured image of the back hand surface. They can also detect complex gestures including hovering, touching (or tapping), and dragging. The side looking cameras are also assisted with sound/finger tap sensors and movement sensors. The data from the sound/finger tap sensors is compared with the gesture analysis of the cameras to better pinpoint the position of the user's fingers over the virtual touchpad. The sound/finger tap sensors comprise a microphone and digital signal processing (DSP) interface to filter legitimate finger tap sounds and notify the processor. DSP action may be performed by the processor, or may be performed by a built in microcontroller of a "smart" sound sensor. #patents #technology #emergingtech #electronics

To Customers, Advisors and Friends With COVID-19 becoming a pandemic and affecting daily lives across the world, I would like to apprise you personally on how Copperpod is fulfilling its responsibility for keeping our customers, consultants and partners safe and productive. Copperpod's consultants are distributed across US, India and Asia-Pacific. In addition to our follow-the-sun approve to project delivery, this helps us ensure business continuity in times of disaster. Being a majorly remote workplace, we have deeply leveraged IT infrastructure that enables us to work from home, on the move, or at customer locations seamlessly. We are following the spread of COVID-19 closely and have initiated a number of steps in this regard: 1. Ceasing all business travel for 3 weeks until greater visibility on control and cure for COVID-19. 2. Daily health monitoring for all employees, through contact-less thermometers. 3. Direct reporting to the CEO of daily health status of consultants, partners and other employees. 4. Shifting non-critical work to our delivery center in India, where there is as yet minimal exposure to the virus. 5. Provision of work from home for all employees, should the need arise. 6. Hourly sterilization of door handles, building amenities and public areas. 7. Coordinating activities and monitoring with other companies in our premises to ensure prompt notification of any exposure. We are committed to your safety and good health, and thank you for your confidence in our analyses, advice and ability to strengthen intellectual property campaigns. Rahul Vijh Chief Executive Officer #coronavirus

Open-source software today has not only allowed programmers to write increasingly complex software – but also democratized the software industry where off-the-shelf modules are available for even small programming teams to build larger-than-life software platforms and applications. The whole idea behind publishing software with an open source license is to make it available for everyone to understand its internal functioning, which they may use to build over it, and make it better. The open source initiative was founded in February 1998 and defined what open source meant, ultimately determining which software license fit under open-source certification. Open-source however does not always mean that the source code is available for use without conditions or associated costs, contrary to popular opinion among developers. For instance, the GNU General Public License (GPL) is a widely used free software license that allows free distribution, but with the condition that any modifications made to the software should also be distributed under the parent license for free (barring minimal cost for shipping and handling). In order to label software as open-source, it must satisfy the following conditions: FREE DISTRIBUTION: The license cannot hold back a party or an individual from selling or giving away the software as a constituent of corporate software which may contain various other open-source licenses. The license holder is not obliged to pay any kind of royalty or other fee as a condition for sale. SOURCE CODE: It is mandatory that the program includes the source code, and must grant permission for distribution in both compiled and source code forms. During exceptional cases when a form of a product is not distributed with source code, there must be a widely known way to obtain the source code, in exchange for a reasonable reproduction cost, or should be available for download via the internet without any charge. The source code must be produced to the licensee according to his requirement of use. Any deliberate attempt to confuse the users by providing obscure or unintelligible source is prohibited. The user should be provided with a complete source code and not any intermediaries such as the output of a preprocessor or a translator. DERIVED WORKS: The license must allow modifications and derived works, and allow them to be distributed under the same terms as the license of the original software. INTEGRITY OF THE AUTHOR’S SOURCE CODE: The license may limit the distribution of modified source code by only allowing it if it contains patch files. A patch is a text file with the help of which you can change a set of source files from one version to another. By using a patch, you can create a new version of source code from the original source code by applying the patch to a copy of the original source code. This helps you modify the source code, while keeping all the versions intact - most importantly the original source code. Random changes made to the source code may give rise to vulnerabilities, and grouping these differences may help monitor them. NO DISCRIMINATION AGAINST PERSONS OR GROUPS: The license must not discriminate against any person or group of persons. NO DISCRIMINATION AGAINST FIELDS OF ENDEAVOR: The license must not pose any restrictions from making use of the program in a specific field, like business or genetic research. DISTRIBUTION OF LICENSE: The rights attached to the parent program shall be applied to whomsoever the program is being distributed to. There is no requirement to execute an additional license by those parties. LICENSE MUST NOT BE SPECIFIC TO A PRODUCT: The rights attached to a program do not change if it is being used as a part of a particular software distribution. The distribution is obliged to enforce the same rights as the original software in case any party decides to use the program from the distribution. LICENSE MUST NOT RESTRICT OTHER SOFTWARE: Other software that are distributed along with the licensed software are not subject to any kind of restrictions. For example, a license cannot state that all programs distributed on the same medium should be open source. LICENSE MUST BE TECHNOLOGY-NEUTRAL: The provision of license is not biased on individual technology, specific part, or component, material, or style of interface. Open source licenses can be broadly divided into two categories - Copyleft and Permissive. While both these licenses allow users to freely copy, distribute, and change the software that use them, the conditions under which they can do so is where they differ. 1. COPYLEFT LICENSES A copyleft license would require users to preserve the same rights in derivative works as the original license. Under a copyleft license, the author gives permission to every recipient of the copy of his work to reproduce, adapt, or distribute it, but only under the same licensing agreement. This is in contrast to copyright, which gives exclusive rights to the creator of an original work to determine under what conditions his work is to be used by others. So copyleft is a variant of copyright in which the author surrenders part of his rights, while also giving him the privilege to impose some restrictions on those who want to engage in activities that would otherwise be prohibited under a copyright. A copyleft license for software must be provided with all the necessary information required to reproduce or modify the work. The source code files would generally include a copy of the license terms and an acknowledgement for the authors. The GNU General Public License was the first of its kind and till date remains to be the most widely used copyleft license. GNU General Public License The GPL family has dominated the market for copyleft licenses since its first launch in 1989. The original GPL was based on the concept of unifying similar licenses used for earlier versions of GNU softwares such as the GNU Emacs (1985), the GNU Debugger and the GNU C compiler. The problem it posed was that it offered specific licenses to each program. The goal was to make a single license that could be used for any project, which enabled multiple projects to share code. GPLv1 Prior to the release of GPL’s version 1, some distributors published files in binary format only. Although executable, it didn’t the help the users much as it was impossible to decipher or modify. The GPLv1 proclaimed that in order to copy or distribute copies or any portion of the program, a human readable source code should be made available. Combining two softwares that had different sets of restrictions on distribution gave rise to new complications. The combined work would require making a union of the two sets of restrictions that ultimately resulted in unacceptable license terms. The GPLv1 solved this problem by setting a standard that all modified versions, as a whole would be distributed under the terms of GPLv1. So software under the GPLv1 when combined with software that’s under a more permissive license wouldn’t call for any changes in the terms and conditions under which the integrated software will be distributed. GPLv2 With the introduction of the GPL version 2 the license terms were made more stringent, stressing on the fact that a GPL-covered work may only be distributed, if the licensee can satisfy all of the license’s obligations, regardless of whether they are bound by any other legalities. This means that even if there is a single part of the contract which is held illegal or conflicting, the program could not be distributed under the GPL license. This was mainly intended to abolish parties from using patent infringement claims or other litigation in order to limit the freedom of a user under the license. GPLv3 The GPLv3 was officially released on 29 June 2007 by the Free Software foundation. The third edition of the GPL family brought some very prominent changes particularly related to software patents, free license software compatibility, and hardware restrictions on software modification. Besides that there were several factors that justify why the upgrade from GPLv2 was necessary - As compared to the GPLv2, GPLv3 has a broader domain of licenses that it’s compatible with. In addition to that, it allows you to associate with code that have separate requirements that are not present in GPLv3 itself. Tivoization is a process in which manufacturers provide hardware with the source code under the GPLv2 license that restricted the user to perform any modification to the software. User products distributed under the GPLv3 license posed no such restriction and provided the necessary information with the help of which users could modify the software. The language used in GPLv3 was taken to be very U.S centric, giving rise to ambiguity among terminologies used outside the U.S. For instance, the word “distribute” which was used in the GPLv2 to describe distribution of software, was also used in other countries in their copyright law, but had a completely different meaning. The GPLv3 was written with an attempt to avoid this confusion by modifying it to a language that is well interpreted by the international laws as intended by the FSF (Free Software Foundation). The GPLv3 also provided developers with the privilege of adding local disclaimers, which also helped escalate its usage outside the United States. The GPLv3 protects users from laws that prohibit free software. Codes released under the GPLv3 can be used to develop DRM technology. Anyone who can break the DRM has the right to freely distribute his software as well. Laws like Digital Millennium Copyright Act and the European Union Copyright Directive that make it illegal to break DRM are deemed invalid under the GPLv3. In circumstances when a user violated the license of software that was based on GPLv2, the user automatically and permanently lost the rights. In order to get them back, the user had to appeal to the copyright holder for a formal restoration of the license which could be prove to be extremely cumbersome. The GPLv3 solved this problem by stating that if a user violates the license, the rights can be re-enforced if the user stops the violation. The GPLv3 is compatible with The Apache License version 2.0, a permissive free software license written by the Apache software foundation (ASF). Other than that the GPLv3 also improved compatibility with the GNU Affero General Public License, which could not be combined with the GPLv2. AGPL (Affero General Public License) A problem seen in the GPLv3 was that only the parties that are actually distributing their modified version of GPL code abide by the GPL, failure to which would render your copyright provisions inapplicable. Since sharing a piece of software over the network and letting users interact with it does not qualify as distribution, the programmer isn’t required to share his modifications to the code. The AGPL offers the same restrictions and freedoms as of the GPLv3, however it is particularly built for network software, and closes the loophole by making it mandatory to distribute the source code along with a web publication. LGPL (Lesser General Public License) The LGPL can be taken as an intermediary between a strong copyleft license like the GPL, and more permissive licenses such as the BSD and MIT licenses. It allows developers and companies to use and modify software released under the LGPL without the obligation of providing the source code of your own modification. If the user wishes to use the modified version as proprietary software, the code under the LGPL is usually used in the form of shared library, which helps distinguish the proprietary and LGPL components. The word ‘lesser’ signifies that the software only guarantees freedom of modification strictly for components licensed under the LGPL and not the ones that come under proprietary license. The use of LGPL is limited to software libraries and similar set ups. The LGPL can be upgraded to a full-fledged GPL licensed project if required, however the reverse is not possible. Microsoft Public License (Ms-PL) The Microsoft Public License is a free license released by Microsoft and was recognized as open source by the OSI on 12 October 2007. You can freely reproduce and distribute original or derivative works of any software licensed under the Microsoft Public License as long as you’re not using any contributor’s name, logo, or trademarks. The author is protected under the license in the way that it doesn’t offer any warranty concerning the functioning of the code. This means that the author shall not be held accountable if the code doesn’t work well under some instances. If you wish to distribute any portion of your software in source code form, you can only do so under the Microsoft Public License, by including a copy of the license with your distribution. However, if you distribute it under compiled or object code form, you can do it under any license that complies with the Microsoft Public License. This also explains why the Ms-PL is called a weak copyleft, making it incompatible with the GNU GPL, the latter being much more restrictive than Ms-PL- The GNU GPL requires you to release your entire source code if you’re using any GPL licensed component in your software. Other than that, softwares released under Microsoft Public license can also be easily commercialized. Eclipse Public License (EPL) The Eclipse Public License is a weak Copyleft License published by the Eclipse foundation on 24 August 2017. If you modify software licensed under EPL and distribute it in the source code form as part of your program, you’re required to disclose the modified code under EPL only. However, if you wish to distribute it in its object code form you are required to state that the source code would be made available upon request. In addition to that the EPL doesn’t require you to open source your entire code but only the parts that include the modified EPL components. This makes the EPL incompatible with the GNU GPL, as the latter requires you to release the software’s entire source code regardless of how much GPL’ed code you’re using. 2. PERMISSIVE Permissive software licenses have lesser obligations when compared to copyleft licenses pertaining to how open source softwares can be distributed. Primarily, permissive licenses differ from copyleft licenses over the fact that permissive licenses do not require copies and derivatives of the source code to be made available on terms not more restrictive than those of the original license. This however, makes it uncertain whether the future generations would be able to enjoy the same rights as they would’ve under the original license as there is no guarantee if the software will remain free and publicly available in the long run. So while permissive licenses promise maximum freedom to its first hand users, it may not be the best option for you if you’re at the further end of the chain. In most cases, if you license software under permissive license, it gives you the flexibility to use it in a closed software project without having to provide the source. A copyleft license, because it doesn’t let you instill your own set of restrictions in the software, helps preserve the freedom of the original open source software for the downstream users. Furthermore, a company that used permissive software to derive proprietary software doesn’t need to go through the hassle of conducting license audits to check whether they are in agreement with copyleft licenses. Another noteworthy point is that while using permissive licenses, it becomes nearly impossible to borrow code that uses a copyleft license, however the opposite holds true when comes the situation of a copyleft license borrowing code that uses a permissive license. This is one situation where permissive licenses are impaired. MIT License A product of the Prestigious Massachusetts Institute of Technology, the MIT license is a permissive free software license that offers excellent compatibility. As long as you include a copy of the MIT license terms and copyright notice with all copies of the licensed software, the MIT license permits reuse within proprietary software. The MIT license is compatible with the copyleft General Public License, and has an option to completely integrate into it, but not the other way round. The MIT license offers many variants due to which the Free Software foundation considers the license to be ambiguous. Some of the variants include the Expat and the X11 licenses. A modified MIT license used by Xfree86 contains an advertising clause that requires all advertising of the software to display a notice, crediting its authors. The MIT is considered to be as one of the most permissive license around. You are just required to add a copy of the original MIT license and copyright notice to your modification, and you can practically do anything with a software licensed under the MIT. In addition to that the MIT license particularly gained popularity because of its short and straightforward license agreement. BSD Licenses The original BSD license (4-clause license) was published in 1988 by the Regents of the University of California and was used for the Berkeley Software Distribution (BSD) which was a Unix-like operating system. The 4-clause license had an “advertising clause” (not seen in any of its descendants) that required authors of derivative works to include an acknowledgement of the original source in all advertising material. The clause stated – All advertising materials mentioning features or use of this software must display the following acknowledgment: This product includes software developed by the University of California, Berkeley and its contributors . It was alright till the time the remained the same; University of California, Berkeley and its contributors. However, when people started using the name of their own institutions instead, it resulted in a plethora of licenses especially when they incorporated multiple programs into an operating system. BSD License 2.0 The BSD version presently in use is the 3-clause license (BSD license 2.0), and is compatible with the GNU GPL. This version allows unlimited redistribution for any purpose as long as its copyright notices and the license's disclaimers of warranty remain intact. The license also contains a clause restricting use of the names of contributors for endorsement of a derived work without permission. 2 Clause License The main difference between the BSD license 2.0 and 2 clause license is that the non-endorsement clause is eliminated in the latter. Both the MIT and BSD licenses have no such obligation that requires the user to release the source code of your software. Unlike the more recently published permissive licenses like the Apache 2.0, the MIT and BSD licenses do not include express patent license, primarily because both these licenses were drafted prior to when patentability of software was recognized under U.S law. Apache License The Apache license is a permissive free license written by the Apache Software Foundation. The latest version 2.0 requires a copyright notice and a disclaimer to be maintained. The version 1.1 was published in 2000 removed the ‘advertising clause’ seen in version 1.0 and also the BSD license 2.0. Derived products were only required to include attribution in their documentation and not in their advertising materials. The version 2.0 was adopted by the ASF in January 2004 and promised the following improvements-license would be made simpler for non-ASF projects: Improved compatibility with GPL based software Allowing the license to be included by reference, instead of listed in every file Clarifying the License on contributions Requiring a patent license on contributions that necessarily infringe a contributor’s own patents What makes the Apache license so different is that it is the only license that explicitly grants rights to users that can be applied to both copyrights and patents, as opposed to other permissive licenses that are applicable only to copyrights and not patents. Being a permissive license, you get the benefit of releasing modified parts of the code under a license of your choice, however the unmodified parts need to be released under the same license (Apache). Every licensed file must also contain any original copyright, patent, trademark, and attribution notices in its redistributed code. In addition to that, every modified file must also contain a notice about all the changes made to the original file. Unlike the MIT license, the Apache license is less permissive when it comes to modifications. It requires you to specifically list the modifications you made to the original software. The Apache License also restrains you from naming your product in any way that suggests that it is being endorsed by Apache. zLIB License The zLIB license is a permissive free software license used for the zLIB library and many other open source libraries, and is also compatible with the GNU General Public License. You’re not required to make the source code available under the zLIB if you’re distributing binary code. The authors of the license are not obligated to any damages caused by its use. The license also requires you to change the name of the modified software. In addition to that, the authorship of the original software should not be misrepresented neither the license notice should be removed from source distributions. Notable Cases Arising From Open-Source Violations: [1] “CoKinetic Systems Pursues $100 Million GPL License Violation Case Against Panasonic Avionics”, https://wptavern.com/cokinetic-systems-pursues-100-million-gpl-license-violation-case-against-panasonic-avionics, https://resources.whitesourcesoftware.com/blog-whitesource/the-100-million-case-for-open-source-license-compliance [2] “Open Source Security Inc v. BRUCE PERENS”, https://regmedia.co.uk/2017/08/03/grc_lawsuit.pdf [3] ” Versata Software, Inc. et al v. Ameriprise Financial, Inc”, https://opensource.com/law/14/12/gplv2-court-decisions-versata, https://cases.justia.com/federal/district-courts/texas/txwdce/1:2014cv00012/668973/28/0.pdf?ts=1428925526 https://www.casemine.com/judgement/us/5914e7f5add7b0493491b1aa [4] “ Hellwig v. VMware” https://sfconservancy.org/news/2015/mar/05/vmware-lawsuit/ https://www.theregister.co.uk/2016/08/15/vmware_survives_gpl_breach_case_but_plaintiff_promises_appeal/ https://www.theregister.co.uk/2015/03/16/vmware_wants_amicable_end_to_meritless_linuxlifting_lawsuit/ [5] “Copyright and Software: Oracle v. Google”, https://www.iplawtrends.com/copyright-and-software-oracle-v-google/ https://spicyip.com/2018/04/oracle-v-google-us-court-of-appeals-rules-against-googles-fair-use-of-oracles-java-apis.html https://www.wired.com/story/the-case-that-never-ends-oracle-wins-latest-round-vs-google/ [6] “ARTIFEX SOFTWARE, INC v. HANCOM, INC, https://ia801909.us.archive.org/13/items/gov.uscourts.cand.305835/gov.uscourts.cand.305835.32.0.pdf https://opensource.com/article/18/2/top-10-open-source-legal-stories-shook-2017 [7] “ERIK ANDERSEN and ROB LANDLEY (principal developers of BusyBox) v. MONSOON MULTIMEDIA, INC, http://torquemag-hhvm.s3.amazonaws.com/uploads/2013/03/SFLC-BusyBox-lawsuit.pdf [8] “Jacobsen v. Katzer”, https://en.wikipedia.org/wiki/Jacobsen_v._Katzer http://www.epiclaw.net/blog/2008/10/23/jacobsen-v-katzer-significant-victory-open-source [9] “Free Software Foundation (FSF), Inc. v. Cisco Systems, Inc” https://en.wikipedia.org/wiki/Free_Software_Foundation,_Inc._v._Cisco_Systems,_Inc. https://www.networkworld.com/article/2270727/smb/cisco-sued-by-free-software-foundation-for-copyright-infringement.html [10] “gpl-violations.org v. Fortinet and others (2005)”, https://www.cnet.com/news/fortinet-settles-gpl-violation-suit/ [11] “ARTIFEX SOFTWARE INC., a California Corporation v. PALM INC., a Delaware Corporation, https://www.courtlistener.com/recap/gov.uscourts.cand.222215.1.0.pdf [12] “Artifex Software Inc. v. Premier Election Solutions (Diebold Inc.)”, https://misc.int-property.narkive.com/BOzoWOvg/artifex-v-diebold-the-gpl-is-non-commercial [13] “PROGRESS SOFTWARE, CORP., et al (Nusphere) v. MySQL AB, et al https://www.gnu.org/press/mysql-affidavit.html https://www.linux.com/news/cease-fire-between-mysql-ab-and-nusphere [14] “Jin v. IChessU (settled Israeli case)”, https://www.linux.com/news/defence-statement-released-israeli-gpl-test [15] “Computer Associates Int’l v. Quest Software, Inc. https://casetext.com/case/computer-associates-intl-v-quest-software [16] “Planetary Motion v. Techsplosion”, https://matthewminer.name/law_stuff/briefs/2L/Summer+Term/LAW+783-001+%E2%80%93+Trademark+Law+and+Practice/Planetary+Motion,+Inc.+v.+Techsplosion,+Inc. https://caselaw.findlaw.com/us-11th-circuit/1481575.html [17] “Welte v. Sitecom”, http://media.straffordpub.com/products/open-source-licenses-copyright-and-trademark-compliance-2010-07-07/presentation.pdf, page 20 https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#Welte_vs_Sitecom_.282004.29 https://www.pillsburylaw.com/images/content/1/6/v2/1655/A9A22185D029BBE6EAA4332F1A7249E2.pdf, page 4 [18] “Welte v. D-Link”, http://media.straffordpub.com/products/open-source-licenses-copyright-and-trademark-compliance-2010-07-07/presentation.pdf, page 20 https://www.pillsburylaw.com/images/content/1/6/v2/1655/A9A22185D029BBE6EAA4332F1A7249E2.pdf, page 4 [19] “Welte v. Skype”, http://media.straffordpub.com/products/open-source-licenses-copyright-and-trademark-compliance-2010-07-07/presentation.pdf, page 20 https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#Welte_vs_Skype_.282008.29 [20] “Welte in AVM vs Cybits case”, https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#Welte_in_AVM_vs_Cybits_case_.282011.29 [21] “Welte vs Fantec”, https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#Welte_vs_Fantec_.282013.29 [22] “Wallace v. FSF (2005) & Wallace v. IBM et al (2006)”, https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#Wallace_v._FSF_.282005.29_.26_Wallace_v._IBM_et_al_.282006.29 [23] “AFPA v. Edu4”, https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#AFPA_v._Edu4_.282001.29 http://fsffrance.org/news/article2009-09-22.en.html [24] “Free/Iliad”, https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#Free.2FIliad_.282007.29 [25] “Geniatech v. Mchardy” http://laforge.gnumonks.org/blog/20180307-mchardy-gpl/ References i. https://opensource.org/licenses ii. https://opensource.org/licenses/category iii. https://en.wikipedia.org/wiki/Open-source_license iv. https://choosealicense.com/ v. https://www.techopedia.com/definition/8687/open-source-license vi. https://resources.whitesourcesoftware.com/blog-whitesource/top-open-source-licenses-trends-and-predictions vii. https://www.toptal.com/open-source/developers-guide-to-open-source-licenses viii. https://www.smashingmagazine.com/2010/03/a-short-guide-to-open-source-and-similar-licenses/ ix. https://resources.whitesourcesoftware.com/blog-whitesource/top-10-eclipse-public-license-questions-answered x. https://resources.whitesourcesoftware.com/blog-whitesource/top-10-apache-license-questions-answered xi. https://resources.whitesourcesoftware.com/blog-whitesource/top-10-microsoft-public-license-ms-pl-questions-answered xii. https://resources.whitesourcesoftware.com/blog-whitesource/top-10-gpl-license-questions-answered xiii. https://resources.whitesourcesoftware.com/legal/the-saas-loophole-in-gpl-open-source-licenses xiv. https://resources.whitesourcesoftware.com/white-papers/all-you-ever-wanted-to-know-about-the-most-common-open-source-licenses-and-never-dared-to-ask xv. https://tldrlegal.com/ #software

Along with the many gains that come with going cashless today, financial digitisation also gives way to a massive influx of cyber crime. The upsurge in fraudulent transactions and security threats have posed a serious challenge to central banks and clearing houses. According to data breach statistics, 267,088 data records are lost or stolen every hour. Only 4% of the total breaches committed since 2013 were “secure breaches” where encryption was used which rendered the stolen data useless. The social media industry suffered the greatest impact, accounting for 56.18% of the total compromised records in 2018. Identity theft has been the most prevalent breach type since 2013, accounting for almost 3 billion compromised records last year. (Source) Digital payments are categorized as card-not-present transactions, which refer to those transactions that are carried out without the presence of a card, and are usually associated with payments made over the internet. Internet transactions make it difficult for the merchant to verify if it’s the actual cardholder who’s making the purchase and makes it an easy target for cyber criminals. In 2005, Shift4 payment, a pioneer in secure payment processing solutions, introduced Tokenization. Credit and debit card data often gets stored on computers and networks where you’re making online purchases. Your payment card information passes through various points in the authorization process which leaves it at risk of fraud, as this data can be intercepted at multiple points. Tokenization protects this data by replacing the actual card number with a random 16-digit alphanumeric globally unique ID called a ‘token’. A token can be simply defined as an algorithmically generated data element that substitutes a more valuable piece of information. Using this token, you can map back to the sensitive data through a tokenization system. This limits the data exposure of security breaches and restricts the parties that can receive information and in what context. As the token has no extrinsic value on its own, any tokenized data intercepted by thieves and hackers is useless. Once the transaction is successful, a confirmation is sent to the online seller with a randomly generated token ID that gets stored in place of the actual PAN data in their systems. TOKENIZATION AND ENCRYPTION Tokenized data cannot be reversed back to its original value. On the contrary, Encryption, takes a value, runs it through an algorithm and transforms the plain text information into a non-readable form called ciphertext. In order to retrieve the plain text information, the ciphertext can be decrypted using an algorithm and an encryption key. The encryption strength is based on the complexity of the algorithm used to secure the data. Tokenization on the other hand uses no such complex algorithm to transform the sensitive information into a token. Neither does it require any sort of encryption key to derive the original data from the token. Vault-based Tokenization uses what’s popularly known as a token vault, a database that stores the relationship between the original data and the token. The original data is secured in the vault via encryption. However, vaultless tokenization, a more recent and efficient technology, doesn’t require any token vaults. Whenever it receives a request, it generates a random number which may be in numeric/alpha-numeric form. During de-tokenization, it simply decodes this random number, and sends the actual card number. Let’s take a typical example to understand how credit card payment is processed under vault-based tokenization - As soon as the user punches in their card details at an eCommerce website, the PAN is passed to the credit card tokenization system. A string of 16 random characters are generated by the tokenization system to replace the PAN, or retrieve the associated token, and records the correlation in the data vault. The token returns to the eCommerce site and is used to represent the customer’s credit card in the system The token is then sent to the payment processor who uses the same technology to de-tokenize the token and fetch the original credit card number which is used for authorization. In case the organization is using a third party tokenization solution, the token is sent to the third party, who then de-tokenizes it and sends it to the payment processor for card processing. For the end user, this operation seems to be performed nearly instantaneously by the browser or application. For cloud-based tokenization, the data is stored in the cloud in a different format. At no point of time is the original card details stored within the retailer’s environment, preventing the user’s sensitive information from being compromised in any way. The token data may be fully or partially visible during the transaction which helps in speeding up the process and alleviating strain on system resources, however the original data remains completely hidden at all times. Single-use Tokens Single-use tokens usually represent a single transaction and have a faster processing rate than multi-use tokens. A unique token is created every time a repeat customer purchases something. For this reason, single use tokens pose problems during recurring transactions and refund/return processing. Single use-tokens also contribute to more number of token collision scenario than multi-use tokens. A token collision scenario arises when two identical tokens represent two different pieces of data. Validating previously existing tokens is critical in order to avoid token collision Multi-use Tokens Multi-use tokens as the name suggests, may be used to track an individual PAN across multiple transactions. The same token corresponds to a payment card used for internet shopping and purchases made from the same retailer. TOKENIZATION AND PCI DSS STANDARDS The payment card industry data security standards issues a set of guidelines that must be complied with by any organization that stores, transmits or processes cardholder information. The basic idea behind this initiative is to bolster security around credit card and debit card transactions and safeguard cardholder information. All parties associated with facilitating a transaction, fall within the PCI scope. PCI scoping is defined as the identification of people, processes and technologies that interact with or could otherwise impact the security of the cardholder data (CHD). Tokenization is applied to payment card data with an intention to reduce the PCI scope by eliminating electronic CHD being stored in the environment. Tokenization certainly reduces the risk of data breaches, however it’s important to ensure that the payment processors you use are reliable, and comply with the PCI DSS. VAULTED VS VAULTLESS TOKENIZATION Vaulted tokenization requires a database, or “vault,” to store the relationship between the card information, and it’s corresponding token. There are some limitations to this concept - To avoid data loss, every new transaction should have a continuous back up. As the credit card count increases, the database may choke up. This slows down the processing speed and accounts for an efficiency drop. Evidently, vaulted tokenization would require high maintenance and costly synchronization capabilities to ensure smooth transactions and consistency across data centers. Storing all sensitive content in one database also leaves it susceptible to theft. To overcome the challenges associated with vault-based tokenization, alternative solutions like stateless and vaultless tokenization are being used. Both these technologies are independently validated to reduce PCI DSS compliance scope. Vaultless tokenization is a lightweight and a more powerful alternative to vault-based tokenization. It eliminates token databases and the need for storage of cardholder or other sensitive data. This method corresponds to faster token generation and quick recovery of token data when needed. Stateless tokenization allows random mapping of live data elements to substitute values without the need of a database while retaining the isolation properties of tokenization. COMPATIBILITY WITH OTHER TECHNOLOGIES Tokenization also works with alternate payment systems such as NFC payments (near field communication), ACH transactions and Apple pay. Building alternate payment systems would require multiple entities to work together in order to deliver payment services to the end user. To ensure interoperability between different players, there arises a need of a trusted service manager (TSM) which establishes a link between mobile network operators and service providers. Tokenization can help mediate such services. Apple pay uses a proprietary tokenization system, however most other NFC wallets rely on a payment tokenization standard called EMVCo. #fintech #patents #technology #security

This hasn’t been a great year for Intel so far, case in point all the speculation concerning a security flaw in its processors.‘Foreshadow’, or L1TF (Terminal Fault) is a security vulnerability that takes advantage of a feature called Speculative Execution. It was first discovered by two sets of researchers in January 2018.Two security threats Meltdown and Spectre had caused lots of trouble to the company earlier this year, and this new one is somewhat similar to them. Speculative execution is widely used in most modern processors to enhance performance. The concept requires assuming succeeding instructions, instead of waiting for the previous one to be executed. If the prediction comes out correct, it saves on the execution time, otherwise they get rejected. The trouble that comes with this is that it leaves traces to the contents of protected memory that can be later exploited using sophisticated malware. THE VULNERABILITY Foreshadow affects the Intel software guard extensions (SGX) which is designed to increase the security of application code and data, keeping it from disclosure or modification. It makes such protections possible through the use of enclaves, which are protected areas of execution in memory.Surprisingly, while these enclaves were designed to be infallible, a group of researchers found a way for an attacker to steal the information it stores. According to them, the attackers can create shadow-copies of the secure enclave protected data, and then read the contents of those copies. Users can also be fooled into sending their private data to these fake accounts. This was just a part of the problem. Intel discovered two other troubles of the Foreshadow vulnerability, naming it foreshadow – NG (New Generation). The mode of attack is still based on a processor core’s L1 cache, but rather than just affecting the SGX technology, these newly discovered complications also affects memory uses. The first vulnerability of the Foreshadow-NG can grab data from memory used by the operating system kernel. This core has access to all data stored in memory, including every app and program installed on the machine. Although, in order to access the PC, the hacker must use a malicious program to steal that data. Another aspect of this vulnerability is that it also allows access to data used by the System Management Mode (SMM), which is installed in all modern processors. The PC’S firmware uses this mode to implement Advanced Power Management systems and control the hardware. Again, to steal this data, the hacker must have access to your PC with guest privileges to run malicious software. The second vulnerability is used to attack virtual machines. A virtual machine isn’t a real computer, but an emulation of a computer system. They are based on computer architectures, and provide functionality of a physical computer. A hypervisor or virtual machine motor (VMM) is what drives a virtual machine, and helps ensure that there isn’t any data leaks. However, the researchers claim that a malicious virtual machine might be able to break through the boundary, which puts the user’s data at high risk. “A malicious virtual machine running inside the cloud can potentially read data belonging to other virtual machines as well as data belonging to the cloud’s hypervisor,” as explained by the research team. (https://www.digitaltrends.com/computing/what-is-foreshadow/) THE AFFECTED PRODUCTS Unit the recent Foreshadow-NG was discovered, the original foreshadow vulnerability concerned only the SGX-enabled Intel processors. These include all 6th and 7th generation Core processors but the Atom processors that support SGX. Processors made by AMD, as well as chips based on ARM’S processor core design (Tegra, Snapdragon, Enyos, et al) also managed to stay unaffected, even with the Foreshadow-NG -but the onset of which, sure put a dent on Intel’s credibility. The list of its affected products is long. It covers 2nd to 8thgeneration Intel Core processors, X-Series chips for the X99 and X299 platforms, Xeon processors ranging from the 32400 Series to the Xeon Processor Scalable Family, along with the others. THE SOLUTION As long as you keep your systems up to date, you should not be prone to the attacks. Microcode updates released by Intel are an important component of the mitigation strategy for all three applications of L1TF. When coupled with corresponding updates to operating system, and hypervisor software from industry partners and the open source community, these updates help ensure that consumers, IT professionals and cloud service providers have access to the protections they need. “We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices,” Intel says. “This includes keeping systems up-to-date and taking steps to prevent malware.” (https://in.reuters.com/article/cyber-intel/intel-discloses-three-more-chip-flaws-idINKBN1KZ28A) However, Intel believes that a more permanent fix to the problem would be to replace today’s processors. "These changes begin with our next-generation Intel Xeon Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year." (https://www.zdnet.com/article/beyond-spectre-foreshadow-a-new-intel-security-problem/) #intel #security #electronics