Abstract: Methods and systems for remote dynamic isolation of IoT devices are provided. One system includes a first IoT device and a second IoT device configured with an active communication channel with the first IoT device and a role certificate. An operator device is configured to interact with a distributed ledger to issue and revoke role certificates for a plurality of devices including the first IoT device and the second IoT device. The first IoT device periodically validates a role certificate proof received from the second IoT device with an entry of the role certificate proof recorded on the distributed ledger.

Abstract: Systems and method for flexible authentication of IoT devices that can accommodate non-IP environments are disclosed. One system includes a plurality of devices, with each device including a universal authentication agent and a verification certificate, wherein each verification certificate includes a proof that is recorded on an entry on a distributed ledger. The verification certificate proof is shared with one or more devices which verify the proof with the entry. A universal authentication service is configured with the universal authentication agent of at least one device to connect the at least one device with the distributed ledger.

Abstract: Methods and systems for direct, machine-to-machine authentication through a trusted chain of ownership are disclosed. One method includes receiving, at a first device from a second device, a request for a certificate proof. The method also includes transmitting, to the second device, and in response to the request, the certificate proof from the first device, an entry of the proof being recorded on a distributed ledger. The certificate proof is useable by the second device to authenticate the first device based on a comparison of the proof and the entry on the distributed ledger, thereby establishing trust with the first device at the second device.

Abstract: Methods and systems for remote dynamic isolation of IoT devices are provided. One system includes a first IoT device and a second IoT device configured with an active communication channel with the first IoT device and a role certificate. An operator device is configured to interact with a distributed ledger to issue and revoke role certificates for a plurality of devices including the first IoT device and the second IoT device. The first IoT device periodically validates a role certificate proof received from the second IoT device with an entry of the role certificate proof recorded on the distributed ledger.

Abstract: A system for providing a system for providing network communications organized using communities of interests defined by a common encryption key. IoT devices are located at the edge of a network while providing secure and isolated communications for its applications and data through a common network infrastructure. The system's functionality provides the IoT network with secure communications to obtain data from devices by host applications over public networks. The data may be organized and segmented in a manner that isolates and protects the data with only authorized applications gaining access the data to see its existence and read its contents.

Abstract: A method and system for containerized Internet of Things (IoT) devices. The method includes receiving by a computing platform IoT device sensor data. The method also includes receiving by the computing platform at least one container image script. The method also includes loading into the computing platform at least one container, which is based on the at least one container image script received by the computing platform. The method also includes processing at least a portion of the IoT device sensor data within the at least one container to generate processed IoT device data. The method also includes transmitting from the computing platform at least a portion of the processed IoT device data. The method also includes removing the at least one container from the computing platform in response to at least a portion of the processed IoT device data being transmitted from the computing platform.

Abstract: A system for providing a system for providing network communications organized using communities of interests defined by a common encryption key. IoT devices are located at the edge of a network while providing secure and isolated communications for its applications and data through a common network infrastructure. The system's functionality provides the IoT network with secure communications to obtain data from devices by host applications over public networks. The data may be organized and segmented in a manner that isolates and protects the data with only authorized applications gaining access the data to see its existence and read its contents.

Abstract: A method and system for containerized Internet of Things (IoT) devices. The method includes receiving by a computing platform IoT device sensor data. The method also includes receiving by the computing platform at least one container image script. The method also includes loading into the computing platform at least one container, which is based on the at least one container image script received by the computing platform. The method also includes processing at least a portion of the IoT device sensor data within the at least one container to generate processed IoT device data. The method also includes transmitting from the computing platform at least a portion of the processed IoT device data. The method also includes removing the at least one container from the computing platform in response to at least a portion of the processed IoT device data being transmitted from the computing platform.

Abstract: The embodiments described herein recite a geo-location based community of interest (COI) system and method that add the capability to configure Network Connect Devices (NCD) to identify the location of the source and destination IP addresses. The NCDS may drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance falls within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: The embodiments described herein recite a geo-location based community of interest (COI) system and method which add the capability to configure Network Connect Devices (NCD) to identify the location of the source and destination IP addresses. The NCDs would then drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance falls within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: The embodiments described herein recite a geo-location based community of interest (COI) system and method which add the capability to configure Network Connect Devices (NCD) to identify the location of the source and destination IP addresses. The NCDs would then drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance fails within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: The embodiments described herein recite a geo-location based community of interest (COI) system and method which add the capability to configure Network Connect Devices (NCD) to identify the location of the source and destination IP addresses. The NCDs would then drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance falls within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: The embodiments described herein recite a geo-location based community of interest (COI) system and method which add the capability to configure Network Connect Devices (NCD) to identify the location of the source and destination IP addresses. The NCDs would then drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance falls within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: The embodiments described herein recite a geo-location based community of interest (CIO) system and method that add the capability to configure Network Connect Devices (NOD) to identify the location of the source and destination TIP addresses. The NODS may drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance falls within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: Errors occurring on a hardware bus of a hypervisor-based system may be handled in software monitors in the hypervisor-based system. When an error occurs, guest partitions on the hypervisor-based system may be notified of the error through a monitor executing in each guest partition. Only guest partitions affected by the error may be shut down or provided other instructions for taking an action in response to the error.

Abstract: Errors occurring on a hardware bus of a hypervisor-based system may be handled in software monitors in the hypervisor-based system. When an error occurs, guest partitions on the hypervisor-based system may be notified of the error through a monitor executing in each guest partition. Only guest partitions affected by the error may be shut down or provided other instructions for taking an action in response to the error.

Abstract: Methods and systems for detecting errors in a field programmable gate array are disclosed. One method includes applying a cyclic redundancy check value to a transaction, the transaction including an address and data associated with the address. The method also includes applying a cyclic redundancy check value prior to routing the transaction through a field programmable gate array, and checking the cyclic redundancy check value after routing the transaction through the field programmable gate array to detect errors in the field programmable gate array.

Abstract: Methods and systems for containing data errors in a computing system are disclosed. One method includes receiving data from an endpoint at the communication interface in response to a data request. The method also includes detecting an error in the data. The method further includes ignoring subsequent data received from the endpoint.

Abstract: A method and apparatus for capturing and logging activities of a state machine prior to error. The state machine receives a packet and processes the packet. A state machine monitor is provided for each state machine. The state machine monitor logs activities of its associated state machine in a trace buffer when the state machine changes its state. The changes of the states in the state machine are traced to create a record in the trace buffer. Optionally, a snooper may be provided to determine whether a predetermined condition exists in the received packet. The snooper attaches a trigger tag to the received packet when the predetermined condition exists. The state machine monitor stops tracing the changes of the states of the state machine when the state machine monitor detects the trigger tag in a packet forwarded to its associated state machine.