Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: Before a composition is ingested into a runtime environment at a runtime device, the composition may be verified at an authoring trusted execution environment (TEE) operating on an authoring device. A user can operate an untrusted computing platform (e.g., a personal computer, laptop computer, tablet computer, etc.) to write code, generate data, or create some other composition. Since this composition is created on an untrusted device, the authoring TEE may output the composition on a trusted peripheral device to a user for review and approval. Responsive to receiving approval at the trusted peripheral device, the authoring TEE can sign the composition with a local key and forward the composition for execution by the runtime device. The signature can be utilized by the runtime device to prove that it was reviewed and verified by an authorized user operating the authoring device.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.

Abstract: A mobile local computing device is configured to access memories or storage devices associated with a remote computing device using remote direct memory access (RDMA) over a wireless fifth generation (5G) network link that provides high bandwidth and low latency relative to previous wireless network protocols. The mobile local computing device utilizes a local compute context that is unique to the local environment and which may be facilitated by devices, components, or functionalities that are local to the mobile local computing device, but which are not available with the same context to the remote computing device. The 5G network link supports high bandwidth and low latency so that the mobile local computing device can access and utilize the remote data in large datasets in a similar manner to how it would for locally stored data, while still being able to leverage the local I/O and maintain its unique local compute context.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: A mobile local computing device is configured to access memories or storage devices associated with a remote computing device using remote direct memory access (RDMA) over a wireless fifth generation (5G) network link that provides high bandwidth and low latency relative to previous wireless network protocols. The mobile local computing device utilizes a local compute context that is unique to the local environment and which may be facilitated by devices, components, or functionalities that are local to the mobile local computing device, but which are not available with the same context to the remote computing device. The 5G network link supports high bandwidth and low latency so that the mobile local computing device can access and utilize the remote data in large datasets in a similar manner to how it would for locally stored data, while still being able to leverage the local I/O and maintain its unique local compute context.

Abstract: Before a composition is ingested into a runtime environment at a runtime device, the composition may be verified at an authoring trusted execution environment (TEE) operating on an authoring device. A user can operate an untrusted computing platform (e.g., a personal computer, laptop computer, tablet computer, etc.) to write code, generate data, or create some other composition. Since this composition is created on an untrusted device, the authoring TEE may output the composition on a trusted peripheral device to a user for review and approval. Responsive to receiving approval at the trusted peripheral device, the authoring TEE can sign the composition with a local key and forward the composition for execution by the runtime device. The signature can be utilized by the runtime device to prove that it was reviewed and verified by an authorized user operating the authoring device.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.

Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.

Abstract: One or more techniques and/or systems are disclosed for identifying a list of destination servers ordered by round-trip time (RTT) for a requesting machine. When a client interacts with an address, such as an IP address, when accessing a remote service, an RTT is collected for the address, or the RTT may be derived for a range of addresses, and saved in a database. When the client subsequently requests access to a remote service, a list of destination servers are returned, respectively identified by corresponding addresses. The destination servers can be sorted in order of efficiency by determining an expected RTT associated with a matching address, or range, in the database, and sorting the destination servers by their respective expected RTTs.

Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.

Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.

Abstract: In various embodiments, methods and systems for managing wake-enabled transport connections of wake-enabled applications is provided. A set of ports is designated as a wake-enabled port set. An operating system (OS) of a computing device running applications plumbs the multiport wake pattern to the one or more network interface controllers (NIC) of the computing device. A wake-enabled application acquires a port from the wake-enabled port set. The OS makes a determination that the application is wake-enabled and as such, assigns a port, from the wake-enable port set, to the wake-enabled application. Upon receiving a packet at the NIC, a determination is made whether the packet corresponds to a wake-enabled transport connection based on comparing the packet to the multiport wake pattern. Upon matching the packet to the multiport wake pattern, the NIC communicates with the OS to wake a portion of the wake-enabled application associated with the wake-enabled transport connection.

Abstract: Systems and methods that facilitate inter-process networking are described that can provide inter-process communication, firewall restrictions, process and host mobility, as well as parallelization of task performance. In various embodiments, a computer process can be provided with its own internet protocol address and network stack to facilitate inter-process networking. In further embodiments, a gateway process can facilitate process mobility, host mobility, and parallelization of task performance, as well as management of a host area network by facilitating inter-process communication between suitably configured processes.

Abstract: One or more techniques and/or systems are disclosed for identifying a list of destination servers ordered by round-trip time (RTT) for a requesting machine. When a client interacts with an address, such as an IP address, when accessing a remote service, an RTT is collected for the address, or the RTT may be derived for a range of addresses, and saved in a database. When the client subsequently requests access to a remote service, a list of destination servers are returned, respectively identified by corresponding addresses. The destination servers can be sorted in order of efficiency by determining an expected RTT associated with a matching address, or range, in the database, and sorting the destination servers by their respective expected RTTs.