Abstract: One or more signals are received from one or more sensors. Based at least in part on the one or more signals, a location of a person relative to one or more locations of an autonomous self-moving device is determined. Based at least in part on the one or more signals, data indicative that the autonomous self-moving device has detected a presence and location of the person is generated. Based at least in part on the one or more signals, a location of a person relative to a location of the autonomous self-moving device is determined. A planned path for the autonomous self-moving device is determined. Based at least in part on the one or more signals, data indicative of the planned path is generated.

Abstract: A system manages access to an asset using a separate physical cryptographically-secure key device. A memory stores a public key as an unalterable record. An access configuration controller reads the public key from the memory to control the access to the asset. The public key is cryptographically paired with a private key securely recorded in the separate physical cryptographically-secure key device. The access configuration controller receives an access control change instruction signed by the private key and verifies a valid signing of the access control change instruction by the private key using the public key read from the memory. A storage system secured by the access configuration controller stores access authorization records managing access to the asset. The access configuration controller alters access authorization records according to the access control change instruction, responsive to verification of the valid signing of the access control change instruction.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A system manages access to an asset using a separate physical cryptographically-secure key device. A memory stores a public key as an unalterable record. An access configuration controller reads the public key from the memory to control the access to the asset. The public key is cryptographically paired with a private key securely recorded in the separate physical cryptographically-secure key device. The access configuration controller receives an access control change instruction signed by the private key and verifies a valid signing of the access control change instruction by the private key using the public key read from the memory. A storage system secured by the access configuration controller stores access authorization records managing access to the asset. The access configuration controller alters access authorization records according to the access control change instruction, responsive to verification of the valid signing of the access control change instruction.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A system manages access to an asset using a separate physical cryptographically-secure key device. A memory stores a public key as an unalterable record. An access configuration controller reads the public key from the memory to control the access to the asset. The public key is cryptographically paired with a private key securely recorded in the separate physical cryptographically-secure key device. The access configuration controller receives an access control change instruction signed by the private key and verifies a valid signing of the access control change instruction by the private key using the public key read from the memory. A storage system secured by the access configuration controller stores access authorization records managing access to the asset. The access configuration controller alters access authorization records according to the access control change instruction, responsive to verification of the valid signing of the access control change instruction.

Abstract: A provisioning service operating on a remote server is configured to handle provisioning of Internet of Things (IoT) devices, in which IoT devices are configured to execute policies provided by the provisioning service to self-regulate access to an IoT portal. The provisioning service generates an access token and policy which are unique to a trusted platform module (TPM) for a respective IoT device. The TPM executes the policy upon each instance in which the IoT device requires authorization to perform an operation or access the IoT portal. The policy may be configured according to a prepaid or postpaid model. In both models a local counter within the TPM of the IoT device may increment upon each instance of authorization. Under the prepaid model the IoT device may acquire a set number of uses, and under the postpaid model a statement may be generated based on prior usage.

Abstract: A key originating device generates a subject key that is managed by a policy. The subject key may be generated and the policy configured at the instruction of a user, an application, or a service, such as a provisioning service. The policy that manages the subject key identifies at least one or more entities that are authorized to receive the subject key. The subject key is provided varying layers of encryption as it is communicated between the originating device, an escrow services, and an authorized entity.

Abstract: One or more signals are received from one or more sensors. Based at least in part on the one or more signals, a location of a person relative to one or more locations of an autonomous self-moving device is determined. Based at least in part on the one or more signals, data indicative that the autonomous self-moving device has detected a presence and location of the person is generated. Based at least in part on the one or more signals, a location of a person relative to a location of the autonomous self-moving device is determined. A planned path for the autonomous self-moving device is determined. Based at least in part on the one or more signals, data indicative of the planned path is generated.

Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.

Abstract: A device is configured with a trusted platform module (TPM) executing in a trusted execution environment (TEE). Software/firmware updates, user data, applications, etc. are pushed to the device as a payload. The payloads contain a sealed container (e.g., the software/firmware update, user data, applications, etc.), one or more policies, and one or more provisioning code segments corresponding to the one or more policies. The policies are checked by the TPM of the device. If the measurement of the one or more provisioning code segments satisfy the one or more policies, then the sealed container is unsealed by the TPM and released to the device.

Abstract: The cyber owner of the asset can transfer cyber ownership to a second entity based on a transaction and using an escrow entity. An escrow service in association with an escrow entity is utilized to secure transfer of ownership to the second entity in accordance with the conditions of the transaction. The cyber owner initiates an escrow process by transmitting an escrow instruction to the access configuration controller. A new cryptographic key is generated responsive to the escrow instruction and is managed by a generated escrow policy indicating an escrow period. Different components of the cryptographic key are transmitted to the second entity and the escrow service. When the conditions of the transaction are satisfied during the escrow period, the escrow service transmits the component of the cryptographic key to the second entity. The second entity may use the recomposed cryptographic key to assert ownership of the asset.

Abstract: A provisioning service operating on a remote server is configured to handle provisioning of Internet of Things (IoT) devices, in which IoT devices are configured to execute policies provided by the provisioning service to self-regulate access to an IoT portal. The provisioning service generates an access token and policy which are unique to a trusted platform module (TPM) for a respective IoT device. The TPM executes the policy upon each instance in which the IoT device requires authorization to perform an operation or access the IoT portal. The policy may be configured according to a prepaid or postpaid model. In both models a local counter within the TPM of the IoT device may increment upon each instance of authorization. Under the prepaid model the IoT device may acquire a set number of uses, and under the postpaid model a statement may be generated based on prior usage.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.

Abstract: A system manages access to an asset using a separate physical cryptographically-secure key device. A memory stores a public key as an unalterable record. An access configuration controller reads the public key from the memory to control the access to the asset. The public key is cryptographically paired with a private key securely recorded in the separate physical cryptographically-secure key device. The access configuration controller receives an access control change instruction signed by the private key and verifies a valid signing of the access control change instruction by the private key using the public key read from the memory. A storage system secured by the access configuration controller stores access authorization records managing access to the asset. The access configuration controller alters access authorization records according to the access control change instruction, responsive to verification of the valid signing of the access control change instruction.

Abstract: The cyber owner of the asset can transfer cyber ownership to a second entity based on a transaction and using an escrow entity. An escrow service in association with an escrow entity is utilized to secure transfer of ownership to the second entity in accordance with the conditions of the transaction. The cyber owner initiates an escrow process by transmitting an escrow instruction to the access configuration controller. A new cryptographic key is generated responsive to the escrow instruction and is managed by a generated escrow policy indicating an escrow period. Different components of the cryptographic key are transmitted to the second entity and the escrow service. When the conditions of the transaction are satisfied during the escrow period, the escrow service transmits the component of the cryptographic key to the second entity. The second entity may use the recomposed cryptographic key to assert ownership of the asset.

Abstract: A device is equipped with a public/private key pair. The private key is stored in a secure location on the device and the public key is utilized to track ownership of the device by a manufacturer, vendor, and/or one or more provisioning services. When a user purchases the device, a transaction involving the public key associated with the device and the user is recorded. The one or more provisioning services, which are provided access to user information, prepare a configuration payload for the device specific to the user and the device. The configuration payload is encrypted using the device's public key. When the device is powered on, the configuration payload is sent to the device. The device decrypts the configuration payload using the device's private key and adjusts one or more configuration parameters based on the configuration payload.

Abstract: A key originating device generates a subject key that is managed by a policy. The subject key may be generated and the policy configured at the instruction of a user, an application, or a service, such as a provisioning service. The policy that manages the subject key identifies at least one or more entities that are authorized to receive the subject key. The subject key is provided varying layers of encryption as it is communicated between the originating device, an escrow services, and an authorized entity.

Abstract: A device is configured with a trusted platform module (TPM) executing in a trusted execution environment (TEE). Software/firmware updates, user data, applications, etc. are pushed to the device as a payload. The payloads contain a sealed container (e.g., the software/firmware update, user data, applications, etc.), one or more policies, and one or more provisioning code segments corresponding to the one or more policies. The policies are checked by the TPM of the device. If the measurement of the one or more provisioning code segments satisfy the one or more policies, then the sealed container is unsealed by the TPM and released to the device.