Abstract: Systems and methods are disclosed that provide smart alerts to users, e.g., alerts to users about diabetic states that are only provided when it makes sense to do so, e.g., when the system can predict or estimate that the user is not already cognitively aware of their current condition, e.g., particularly where the current condition is a diabetic state warranting attention. In this way, the alert or alarm is personalized and made particularly effective for that user. Such systems and methods still alert the user when action is necessary, e.g., a bolus or temporary basal rate change, or provide a response to a missed bolus or a need for correction, but do not alert when action is unnecessary, e.g., if the user is already estimated or predicted to be cognitively aware of the diabetic state warranting attention, or if corrective action was already taken.

Abstract: An insertion/extraction system and method for a compressor casing and a compressor bundle. The system includes a cradle extending from a first axial end of the compressor casing and configured to provide support for the compressor bundle during insertion, and an extension assembly coupled to a first axial end of the compressor bundle and extending therefrom into the compressor casing during insertion of the compressor bundle into the compressor casing, during extraction of the compressor bundle from the compressor casing, or both. The system further includes a support member that engages the extension assembly and the compressor casing to support the first axial end of the compressor bundle via the extension assembly, the support member configured to allow relative movement between the support member and the extension assembly during insertion of the compressor bundle into the compressor casing, extraction of the compressor bundle from the compressor casing, or both.

Abstract: An insertion/extraction system and method for a compressor casing and a compressor bundle. The system includes a cradle extending from a first axial end of the compressor casing and configured to provide support for the compressor bundle during insertion, and an extension assembly coupled to a first axial end of the compressor bundle and extending therefrom into the compressor casing during insertion of the compressor bundle into the compressor casing, during extraction of the compressor bundle from the compressor casing, or both. The system further includes a support member that engages the extension assembly and the compressor casing to support the first axial end of the compressor bundle via the extension assembly, the support member configured to allow relative movement between the support member and the extension assembly during insertion of the compressor bundle into the compressor casing, extraction of the compressor bundle from the compressor casing, or both.

Abstract: A system and method for data recovery is described. In one embodiment, an encrypting system encrypts a message or file using a secret key (KS) and attaches a key recovery field (KRF), including an access rule index (ARI) and KS, to the encrypted message or file. To access the encrypted message or file, a decrypting system must satisfactorily respond to a challenge issued by a key recovery center. The challenge is based on one or more access rules that are identified by the ARI included within the KRF.

Abstract: A system and method for data escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.

Abstract: A system and method for key escrow cryptography for use in a system comprising a sender and a receiver. Only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates a leaf verification string (LVS) by combining an unique program identifier (UIP), a public portion of a program unique key (KUpub), and a signature. The sender encrypts the KS using the KUpub to generate a first encrypted session key (EKS), and generates a first law enforcement access field (LEAF) by encrypting a combination of the first EKS and the UIP with a copy of a public portion of a family key (KFpub) stored in the sender. The encrypted message, the LVS, and the first LEAF are transmitted from the sender to the receiver. The receiver stores therein a public portion of the KEPF key (KEPFpub). The receiver extracts the UIP, KUpub, and the signature from the LVS, and then encrypts the KS using the extracted KUpub to generate a second encrypted session key (EKS).

Abstract: A system and method for data escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.

Abstract: A cryptographic communications system and method is provided for access field verification. A key exchange field which includes an encryption of at least part of a first encryption key using a public portion of a second encryption key, an access field which includes an encryption of at least part of the first encryption key using a public portion of a third encryption key, and a verification field which is created from at least one value used to create at least one of the key exchange field and the access field are provided to a receiver. Using the verification field, the receiver verifies that at least part of the first encryption key contained within the key exchange field and at least part of the first encryption key contained within the access field are equivalent. If the receiver's verification is successful, the access field is determined to be authentic.

Abstract: A system and method for key escrow cryptography for use in a system comprising a sender and a receiver. Only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates a leaf verification string (LVS) by combining an unique program identifier (UIP), a public portion of a program unique key (KUpub), and a signature. The sender encrypts the KS using the KUpub to generate a first encrypted session key (EKS), and generates a first law enforcement access field (LEAF) by encrypting a combination of the first EKS and the UIP with a copy of a public portion of a family key (KFpub) stored in the sender. The encrypted message, the LVS, and the first LEAF are transmitted from the sender to the receiver. The receiver stores therein a public portion of the KEPF key (KEPFpub). The receiver extracts the UIP, KUpub, and the signature from the LVS, and then encrypts the KS using the extracted KUpub to generate a second encrypted session key (EKS).

Abstract: A system and method for dam escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.

Abstract: A system and method for auditing and controlling the use of a computer. An operating system and selected programs and data , referred to as approved applications and approved data , are stored on a protected media which cannot be modified by any ordinary user or application program, regardless of operating system privilege. The protected media can be modified by the operating system, as well as by an administrator using a trusted path mechanism. The trusted path mechanism establishes a reliable communication channel between the administrator and the computer system. The present invention may be configured to collect user audit data concerning user activity and system status and to write the audit data to the protected media. Also, the present invention may be configured to limit execution of application programs to the approved applications.

Abstract: A computer system uses security labels for evey word in memory. Each access to a memory location requires that the security level of the memory location be compared to that of a process which is making the access. If the security level of the process does not dominate that of the memory location, access is denied. Each time a memory location is modified, it is assigned a security level consistent with the levels of all of the data which was used to modify the memory location.