Abstract: This disclosure relates to the analysis of data generated by one or more connected systems and devices. Operational data obtained by one or more connected devices and/or systems, such as a connected thermostat and/or wind turbine system, may be used to detect and/or predict impending failures and/or suboptimal performance. By detecting and/or predicting anomalous system and device performance, various actions may be taken to improve system and device performance and mitigate failure conditions.

Abstract: Systems and methods are described that use software diversification techniques to improve the security of mobile applications. Embodiments of the disclosed systems and methods may, among other things, facilitate secure application distribution through deployment of diverse of applications in an application distribution channel. Software diversification consistent with certain disclosed embodiments may mitigate large-scale automated circumvention of security protections by presenting attacking malware moving and/or otherwise unpredictable diverse targets.

Abstract: Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication process. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.

Abstract: This disclosure relates to, among other things, systems and methods for managing electronic content. Certain embodiments disclosed herein provide for a trusted data management platform that may interact with a trusted assertion service and/or a digital rights management service to manage access to and/or use of electronic content. Content creators and/or other content rights holder may register their content and/or associate rights using the trusted data management platform and/or a trusted assertion service and be assured that their content rights are securely managed and respected.

Abstract: Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom.

Abstract: This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.

Abstract: This disclosure relates to, among other things, systems and methods for managing the secure management and distribution of electronic content over broadcast and/or broadband communication channels. Certain embodiments disclosed herein may allow for implementation of a digital rights management service in connection with bidirectional communication channels and/or unidirectional communication channels, such as a broadcast signal. Various embodiments may allow for the generation and/or transmission of a digital rights management license in a field included in a broadcast signal. The license may be used by a client device to securely manage a received broadcast signal in accordance with associated rules and/or rights.

Abstract: This disclosure relates to systems and methods for distributing content to a mobile device. Systems and methods are described that provide techniques for the dynamic selection of content for distribution to a mobile device based on user profile information and/or feedback information associated with a user of the mobile device. Additional embodiments of the disclosed systems and methods may provide for the pre-distribution of certain shared content portions to a mobile device. In further embodiments, information relating to the rendering of content items from a set of serialized and/or episodic content items on a mobile device may be used to determine whether to pre-distribute other content items from the set of content items.

Abstract: This disclosure relates to, among other things, systems and methods for the secure management and verification of data. Certain embodiments disclosed herein provide for a trusted data management platform that may interact with a trusted assertion service to securely record assertion information relating to the generation and/or processing of data managed by the platform. Data consumers interact with the trusted assertion service to authenticate and/or otherwise verify the provenance, chain-of-handling, and/or other information associated with data managed by the trusted data management platform and/or associated data marketplaces.

Abstract: Systems and methods for provenance tracking and/or identification of a product using genetic material are claimed. In various embodiments, genetic material such as plasmids may be incorporated into and/or otherwise persistently associated with a product. The genetic material may be encoded with, among other things, information that may uniquely identify the product, provide details relating to the origins of the product, the handling, distribution, and/or chain of custody of the product, intellectual property rights and/or other rights associated with the product, and/or the like. By extracting and analyzing the genetic material from the product, information encoded in the genetic material may be obtained by an interested party.

Abstract: This disclosure relates to, among other things, systems and methods for the secure management and distribution of electronic content over broadcast communication channels. Certain embodiments disclosed herein may allow for implementation of a multi-tenant conditional access system whereby a client device may configure itself between multiple broadcast service operators. Robust key generation and management techniques are also described that may use a derived key structure to protect control words used to descramble broadcast content, providing additional measures of security and implementation redundancy.

Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

Abstract: This disclosure relates to systems and methods for dynamically mapping content based on information relating to a user. In various embodiments, a segment associated with a user may be identified, and a content service may map the presentation of advertisements and/or other content within rendered content in a manner that is tailored to the identified segment. In this manner, advertisement and/or other content impressions may be targeted to the user based on their identified segment. Further embodiments facilitate defining and refining content maps for a particular segment until a content mapping meeting certain objective criteria is realized.

Abstract: This disclosure relates to systems and methods for performing cryptographic operations in connection with the management of electronic content using multiple license services. In some circumstances, a content service may not wish to share unencrypted content keys with a single license service for a variety of security reasons. Embodiments of the disclosed systems and methods may use multi-party cryptographic methods in connection with the management of protected content keys and/or associated licenses and/or the distribution of content keys and/or licenses to authorized users and/or devices. In various embodiments, a content service may split a content key into a plurality of key shares and may transmit the key shares to a plurality of different license services. The license services may coordinate operations to generate a protected content key without revealing unencrypted content key to any of the participating license services.

Abstract: The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.

Abstract: Systems and method are disclosed for facilitating efficient calibration of filters for correcting room and/or speaker-based distortion and/or binaural imbalances in audio reproduction, and/or for producing three-dimensional sound in stereo system environments. According to some embodiments, using a portable device such as a smartphone or tablet, a user can calibrate speakers by initiating playback of a test signal, detecting playback of the test signal with the portable device's microphone, and repeating this process for a number of speakers and/or device positions (e.g., next to each of the user's ears). A comparison can be made between the test signal and the detected signal, and this can be used to more precisely calibrate rendering of future signals by the speakers.

Abstract: This disclosure relates to systems and methods for managing data associated with a user using a personalized cloud storage platform operating as a centralized repository for user data generated from a variety of sources and/or user devices. By centralizing the storage and/or management of personal data that would conventionally be confined between multiple information silos, embodiments of the systems and methods disclosed herein may improve the ability of a user to control their personal data, facilitate utilization of their personal data in a variety of ways not offered by services associated with the silos, and/or allow a user to centrally manage their personal data. Further embodiments disclosed herein allow a user to define one or more policies or other rules associated with personal data stored in their personal cloud.

Abstract: This disclosure relates to, among other things, systems and methods for managing the communication of messages between devices using a service system operating as a trusted intermediary. Information indicative of device location and/or orientation may be communicated to the service system, which may use the information to determine whether a transmitting device is oriented and/or otherwise pointed in the direction of an intended receiving device. The trusted service may enforce policy articulated by the receiving device in connection with the communication of a message from the transmitting device to the intended receiving device.

Abstract: The present disclosure relates to systems and methods for facilitating trusted handling of genomic and/or other sensitive information. Certain embodiments may use a virtualized execution environment to execute code and/or programs that wish to access and/or otherwise use genomic and/or other sensitive information. In some embodiments, data requests from the code and/or programs may be routed through a transparent data access proxy configured to transform requests and/or associated responses to protect the integrity of the genomic and/or other sensitive information.