Abstract: The present disclosure relates to reversible sealing of a microfluidic chip used for thermal incubation of an aqueous sample suspected to contain a target nucleic acid. The microfluidic chip contains a flow channel and a plurality of reaction compartments, into which the sample and a displacement fluid are introduced through an inlet port sealable by means of a sealing agent having a melting point above room temperature.

Abstract: A method for verifying a set of policy instructions to be used by a policy decision point (PDP) in adjudicating access requests to protected resources. The policy instructions are in the form of Horn clauses or conditional tag-expressions that are validated against a known test policy or desired outcome. The policy instructions are then compiled into aggregate form. When a plurality of policy instructions creates a conflict, the policy instructions are hierarchically organized to resolve said conflict.

Abstract: A system for controlling file access on a mobile computing device. Policy conditions are held at a policy decision point (PDP) and can be dynamically modified at run-time. Access requests to a file or set of files are intercepted by an agent that subsequently brokers the adjudication of said request via a secure, encrypted and hidden back-channel where the requestor is never allowed access to or knowledge of either the adjudication process or the parameters associated with adjudication. The PDP then returns either an access approval or denial based on said policy conditions.

Abstract: Systems and methods are described for utilizing a secure environment on a mobile computing device for applying policy-based decision management in response to access requests from untrusted areas. A policy decision processor (PDP) within the secure environment provides a policy decision in response to an access query. A decision cache within the secure environment can be used to store policy decisions for faster resolution of access requests. Policy enforcement points (PEPs) are placed between external devices that are trying to access the device and the secured environment, where the PEPs are used to enforce the policy-based decision, and can be located either inside or outside the secure environment. Decision certificates can be formulated using validity information and timestamps, and used for validation policy certificates. Memory in non-secure areas can also be marked (colored) for use in performing trusted operations in order to optimize system resource usage.

Abstract: A system and method for hardware implementations of policy-based secure computing environments for Internet enabled devices. The present invention facilitates a secure computing environment for any Internet enabled device where policy rules can be described as hardware components that allow or deny access to resources on the device. A compiler produces a hardware description language (HDL) of the hardware components based on given policy rules for that component. The system may be partially or completely implemented in hardware to address inherent limitations of a software only solution. The invention provides greater flexibility to the overall system in terms of performance, security, and expressiveness of the policy rules that must be executed.

Abstract: A system for policy-managed secure code execution and messaging for computing devices where each trusted application is managed independently of others and is not visible to unauthorized inspection or execution. If a file bundle received by the system contains metadata concerning the context of the file or its execution, the metadata is decrypted if necessary. If the file bundle containing the executable code is encrypted, its key is stored in a policy server to await adjudication of the request to execute. If the policy server allows execution of the executable code, the key stored in the policy server is used to decrypt the file bundle and the resulting executable code is stored as a trusted application in secure memory. Future requests to execute the trusted application are adjudicated by the policy server and enforced by the exclusive policy execution point associated with that trusted application in secure memory.

Abstract: Systems and methods for secure, policy-based, access control and management of mobile computing devices, including policy decision enforcement mechanisms, device and private network presence testing, aspects of file system controls, policy set sanity checking algorithms, performance optimizations.

Abstract: An autonomous and adaptive method and system for secure, policy-based control of remote and locally controlled computing devices. The invention uses a policy-based access control mechanism to achieve adaptive and dynamic behavior modification based on the context of the local operating environment of the computing device. The modification system assesses the desirability of actions or outcomes as determined by the policy rules and modifies them accordingly, thus altering the behavior of the computing device. The system can utilize a machine learning technique, pattern matching and heuristic evaluation. When applied to the control of robotic and autonomous devices, the system allows the robot to offload adjudication to a remote system and also facilitates cooperative behaviors between robots operating in dynamic environments.

Abstract: A system for policy-managed secure code execution and messaging for computing devices where each trusted application is managed independently of others and is not visible to unauthorized inspection or execution. If a file bundle received by the system contains metadata concerning the context of the file or its execution, the metadata is decrypted if necessary. If the file bundle containing the executable code is encrypted, its key is stored in a policy server to await adjudication of the request to execute. If the policy server allows execution of the executable code, the key stored in the policy server is used to decrypt the file bundle and the resulting executable code is stored as a trusted application in secure memory. Future requests to execute the trusted application are adjudicated by the policy server and enforced by the exclusive policy execution point associated with that trusted application in secure memory.

Abstract: The invention pertains to a system and method to display contextual information, including data and messaging, based on a secure, policy-managed set of instructions for selecting, distributing, and presenting information on a device. The system accepts one or more streams of contextual information in any digital form from one or more data sources. The contextual information is assessed via a set of policy instructions that may include time, location, hierarchy of ownership, type of contextual information, assessed importance of the contextual information, and display availability. Only approved contextual information is transmitted to the device for display.

Abstract: Systems and methods are described for utilizing a secure environment on a mobile computing device for applying policy-based decision management in response to access requests from untrusted areas. A policy decision processor (PDP) within the secure environment provides a policy decision in response to an access query. A decision cache within the secure environment can be used to store policy decisions for faster resolution of access requests. Policy enforcement points (PEPs) are placed between external devices that are trying to access the device and the secured environment, where the PEPs are used to enforce the policy-based decision, and can be located either inside or outside the secure environment. Decision certificates can be formulated using validity information and timestamps, and used for validation policy certificates. Memory in non-secure areas can also be marked (colored) for use in performing trusted operations in order to optimize system resource usage.

Abstract: A system for policy-managed, secure authentication and authorization for transactions. The present invention links identification and verification methods and apparatus to a policy-managed system that can control how such devices are utilized under specific scenarios as defined by the policy maker. The system then approves or denies the transaction and may also direct further action if specified in the policy rules. The user identification device and the policy-manager need not be collocated. The resulting system is advantageous because of its increased flexibility in providing secure authorizations where greater control is desired. Also, the processing of these transactions facilitates detailed records that are useful in tracking transactions or to advertisers and merchants wishing to target specific markets for their products.

Abstract: An autonomous and adaptive method and system for secure, policy-based control of remote and locally controlled computing devices. The invention uses a policy-based access control mechanism to achieve adaptive and dynamic behavior modification based on the context of the local operating environment of the computing device. The modification system assesses the desirability of actions or outcomes as determined by the policy rules and modifies them accordingly, thus altering the behavior of the computing device. The system can utilize a machine learning technique, pattern matching and heuristic evaluation. When applied to the control of robotic and autonomous devices, the system allows the robot to offload adjudication to a remote system and also facilitates cooperative behaviors between robots operating in dynamic environments.

Abstract: A system and method for hardware implementations of policy-based secure computing environments for Internet enabled devices. The present invention facilitates a secure computing environment for any Internet enabled device where policy rules can be described as hardware components that allow or deny access to resources on the device. A compiler produces a hardware description language (HDL) of the hardware components based on given policy rules for that component. The system may be partially or completely implemented in hardware to address inherent limitations of a software only solution. The invention provides greater flexibility to the overall system in terms of performance, security, and expressiveness of the policy rules that must be executed.

Abstract: A system for policy-based control and augmentation of cryptocurrency security including policy rules that govern transactions that are embedded in the cryptocurrency transmission. The transactions are then adjudicated using the policy-based control system at the endpoint. The invention first secures the private key to the cryptocurrency in a secure hardware module to ensure that ownership is maintained. Then, the system uses a policy-based control subsystem to embed policy information within the cryptocurrency transmission. On receipt, the transmission is decoupled such that the policy information can be implemented resulting in a decision to approve or disapprove the transaction. The system can be used for multiple signatories on a single transaction as well as any other policy requirement desired.

Abstract: The invention pertains to a system and method to display content, including data and messaging, based on a secure, policy-managed set of instructions for selecting, distributing, and presenting information on a device. The system accepts one or more streams of data in any digital form from one or more data sources. The content is assessed via a set of policy instructions that may include time, location, hierarchy of ownership, type of content, assessed importance of content, and display availability. Only approved content is transmitted to the device for display.