Abstract: Described herein is a technique to update an edge device deployed in a secure computing network. A repository connected to a public network stores build contents configured to update software installed on the edge device; the public network is inaccessible to devices within the secure computing environment. A second device connected to the public network acquires the build contents in a signed lockbox file. An edge device management service generates a lockbox file containing the build contents and a trusted signer outside the secure computing network signs the lockbox file. The second device connects to secure computing network and establishes communications with the edge device. The edge device verifies the signed lockbox file provided by the second device. Upon verification, the edge device extracts the contents of the signed lockbox file and updates the software installed on the edge device. Both offline and online updating approaches are described.

Abstract: Described herein is a technique to update an edge device deployed in a secure computing network. A repository connected to a public network stores build contents configured to update software installed on the edge device; the public network is inaccessible to devices within the secure computing environment. A second device connected to the public network acquires the build contents in a signed lockbox file. An edge device management service generates a lockbox file containing the build contents and a trusted signer outside the secure computing network signs the lockbox file. The second device connects to secure computing network and establishes communications with the edge device. The edge device verifies the signed lockbox file provided by the second device. Upon verification, the edge device extracts the contents of the signed lockbox file and updates the software installed on the edge device. Both offline and online updating approaches are described.

Abstract: An implantable medical system includes a medical device connected to a medical lead with several neural interfaces. The system can selectively generate stimulation signals at a selected one of the several neural interfaces, such as nerve cuffs. Each neural interface has at least one working electrode that is common to all the neural interfaces. Each neural interface has at least one reference electrode that is dedicated to that interface. A neural interface that has not been selected to stimulate tissue has its dedicated reference electrode floating with respect to power and ground.

Abstract: A stimulation system includes an implantable medical device (IMD) configured to provide electrical stimulation to tissue; a controller configured to control the electrical stimulation provided by the IMD; an implantable sensor configured to measure first heart rate data and to transmit the first heart rate data to the controller; an external sensor configured to measure second heart rate data and to transmit the second heart rate data to the controller; and an external electronic device communicatively coupled to the IMD, wherein the controller is configured to selectively operate the IMD in an internal sensor mode, whereby the controller controls the electrical stimulation provided by the IMD based on the first heart rate data, or an external sensor mode, whereby the controller controls the electrical stimulation provided by the IMD based on the second heart rate data.

Abstract: An implantable medical system includes a medical device connected to a medical lead with several neural interfaces. The system can selectively generate stimulation signals or sense neurological signals at a selected one of several neural interfaces, such as nerve cuffs. Each neural interface has at least one working electrode that is common to all the neural interfaces. Each neural interface has at least one reference electrode that is dedicated to that interface. A neural interface that has not been selected to stimulate tissue or to sense neurological signals has its dedicated reference electrode floating and not connected to power, ground or any electronic system. Any electrodes that were used for stimulation and are about to be used for neural sensing are grounded for a time interval to discharge any residual electrical charges that may remain due to neural stimulation signals.

Abstract: The present disclosure generally pertains to implantable stimulation systems. More specifically, the present disclosure provides systems and methods for automatically detecting the configuration of stimulation leads and optionally determining if any such leads are electrically defective. The method includes iteratively applying stimulation through anode-cathode pairs of electrode contacts disposed on one or more leads, measuring the impedance values between each respective pair, and comparing the impedance values to one or more threshold values to determine if the leads are unilateral or bilateral.

Abstract: Described herein is a technique to update an edge device deployed in a secure computing network. A repository connected to a public network stores build contents configured to update software installed on the edge device; the public network is inaccessible to devices within the secure computing environment. A second device connected to the public network acquires the build contents in a signed lockbox file. An edge device management service generates a lockbox file containing the build contents and a trusted signer outside the secure computing network signs the lockbox file. The second device connects to secure computing network and establishes communications with the edge device. The edge device verifies the signed lockbox file provided by the second device. Upon verification, the edge device extracts the contents of the signed lockbox file and updates the software installed on the edge device.

Abstract: Described herein are techniques for integrating external sensors to an edge device, such as for ingesting data into a data intake and query system. The edge device has an internal message broker for communicating with internal (e.g., preconfigured, recognized) sensors, and an external message broker for communicating with external (e.g., customer-configured, otherwise unrecognized) sensors. The external message broker provides access to customer configuration of external sensors, but is logically quarantined from the internal message broker to prevent unwanted customer access to internal configurations. The internal and external message brokers interface only via a bridging service that transforms external sensor data into data based on customer-configurable transformations. The transformed data can be handled by the edge device and/or downstream components (e.g., a data intake and query system) in the same manner as internal sensor data.

Abstract: In various embodiments, a computer-implemented method comprises acquiring status data for settings that control operations of the edge sensor device, transmitting the status data to a backend system, receiving a command to modify settings that control the operations of the edge sensor device, the settings specifying (i) one or more subscribers, and (ii) a data collection limit, in response to receiving the command, modifying the setting, acquiring sensor data associated with a physical device operating within a physical environment, where a sensor service collects the the sensor data up to the data collection limit, and the edge sensor device is located proximal to the physical device, inputting the sensor data into an onboard message broker for publishing, and transmitting, from the onboard message broker, the sensor data, where the sensor data is addressed to a first set of one or more subscribers of the onboard message broker.

Abstract: A wrapper layer over a target interface receives requests from client devices over a different interface, converts the requests into a format that is compatible with the target interface, and transmits each converted request over the target interface for processing by a service. The wrapper layer also processes a request by a client device to subscribe to a certain type of update made via the target interface by verifying that the client device is authorized to access a resource associated with that type of update and creating a subscription that identifies the client device and the type of update. When the wrapper layer subsequently receives a request corresponding to that type of update, the wrapper layer matches attributes of the request to the subscription by the client device and transmits a message notifying the client device of the request.

Abstract: Described herein are techniques for integrating external sensors to an edge device, such as for ingesting data into a data intake and query system. The edge device has an internal message broker for communicating with internal (e.g., preconfigured, recognized) sensors, and an external message broker for communicating with external (e.g., customer-configured, otherwise unrecognized) sensors. The external message broker provides access to customer configuration of external sensors, but is logically quarantined from the internal message broker to prevent unwanted customer access to internal configurations. The internal and external message brokers interface only via a bridging service that transforms external sensor data into data based on customer-configurable transformations. The transformed data can be handled by the edge device and/or downstream components (e.g., a data intake and query system) in the same manner as internal sensor data.

Abstract: In various embodiments, a computer-implemented method comprises acquiring, using an edge sensor device, first sensor data associated with a physical device operating within a physical environment, where the edge sensor device includes a first set of sensors of a first sensor type for obtaining the first sensor data, and the edge sensor device is located proximal to the physical device, inputting, by the edge sensor device, the first sensor data into an onboard message bus to publish the first sensor data, wherein a processing device of the edge sensor device maintains the onboard message bus, and upon receipt of the first sensor data, transmitting, by the onboard message bus, the first sensor data onto a network, where the first sensor data is addressed to a first set of one or more subscribers of the onboard message bus, and the one or more subscribers includes a remote server computing system.

Abstract: A light-weight resilient mechanism is used to synchronize server secure keying data with member devices in a highly-scalable distributed group virtual private network (VPN). A server device generates an initial secure keying data set, for the VPN, that includes a first version identifier, and sends, to member devices and via point-to-point messages, the secure keying data set. The server device sends, to the member devices, heartbeat push messages including the first version identifier. The server device generates an updated secure keying data set with a second version identifier and sends, to the member devices, a key push message that includes the updated data set. The server device sends, to the member devices, heartbeat push messages including the second version identifier. Member devices may use the first and second version identifiers to confirm that secure keying data sets are current and quickly identify if updates are missed.

Abstract: A server device initiates a traffic encapsulation key (TEK) re-key sequence for a group virtual private network (VPN), based on an upcoming expiration time for an existing TEK. The server device sends, via a push message during a first time period immediately after the initiating, a new TEK to members of the group VPN. The server device receives, during a second time period that immediately follows the first time period, a pull request, for the new TEK, from one of the members of the group VPN, and sends, to the one of the members, the new TEK, where the re-key sequence transitions all the members of the group VPN from the existing TEK key to the new TEK key before the expiration time for the existing TEK.

Abstract: A light-weight resilient mechanism is used to synchronize server secure keying data with member devices in a highly-scalable distributed group virtual private network (VPN). A server device generates an initial secure keying data set, for the VPN, that includes a first version identifier, and sends, to member devices and via point-to-point messages, the secure keying data set. The server device sends, to the member devices, heartbeat push messages including the first version identifier. The server device generates an updated secure keying data set with a second version identifier and sends, to the member devices, a key push message that includes the updated data set. The server device sends, to the member devices, heartbeat push messages including the second version identifier. Member devices may use the first and second version identifiers to confirm that secure keying data sets are current and quickly identify if updates are missed.

Abstract: A light-weight resilient mechanism is used to synchronize server secure keying data with member devices in a highly-scalable distributed group virtual private network (VPN). A server device generates an initial secure keying data set, for the VPN, that includes a first version identifier, and sends, to member devices and via point-to-point messages, the secure keying data set. The server device sends, to the member devices, heartbeat push messages including the first version identifier. The server device generates an updated secure keying data set with a second version identifier and sends, to the member devices, a key push message that includes the updated data set. The server device sends, to the member devices, heartbeat push messages including the second version identifier. Member devices may use the first and second version identifiers to confirm that secure keying data sets are current and quickly identify if updates are missed.

Abstract: A method may be performed by a device in a network, the device including multiple security process units (SPUs). The method includes receiving a packet over the network, the packet including a media access control (MAC) address, and assigning one SPU as the MAC address owner. The method also includes sending information about the MAC address to other SPUs within the device, storing the MAC address in a MAC table within each SPU, and initiating a MAC age query to confirm the MAC address has timed out among all SPUs. The MAC age query is passed via a logical ring of the SPUs beginning with the MAC address owner. If the MAC address is aged out at each SPU, the MAC address is deleted from each MAC table. If the MAC entry is still active, a different SPU is assigned as the MAC address owner.

Abstract: The present invention relates to a sanitary absorbent article such as a sanitary napkin that has the ability to protect the undergarment of the wearer from being soiled by menstrual liquid. The sanitary napkin has a main body with panels that originate from its longitudinal side edges. A distal end of each panel that is continuous with the respective longitudinal side edge is folded underneath and affixed to the barrier later of the main body to form a looping member and a freely extending flap. As a result the effective affixation point of each flap is located inwardly of the respective side edge of the main body.

Abstract: The present invention relates to a sanitary absorbent article such as a sanitary napkin that has the ability to protect the undergarment of the wearer from being soiled by menstrual liquid. The sanitary napkin has a main body with panels that originate from its longitudinal side edges. A distal end of each panel that is continuous with the respective longitudinal side edge is folded underneath and affixed to the barrier later of the main body to form a looping member and a freely extending flap. As a result the effective affixation point of each flap is located inwardly of the respective side edge of the main body.

Abstract: The present invention relates to a sanitary absorbent article such as a sanitary napkin that has the ability to protect the undergarment of the wearer from being soiled by menstrual liquid. The sanitary napkin has a main body with panels that originate from its longitudinal side edges. A distal end of each panel that is continuous with the respective longitudinal side edge is folded underneath and affixed to the barrier later of the main body to form a looping member and a freely extending flap. As a result the effective affixation point of each flap is located inwardly of the respective side edge of the main body.