Abstract: A pair of virtualized security device initialization data sets are received at a first virtualization server from respective sources prior to a launch of a compute instance at the server. A first virtualized security device is initialized using the data sets, and used to generate cryptographic artifacts used by the compute instance. A data item which was included in one of the data sets is modified after the cryptographic artifacts are generated. Additional cryptographic artifacts are generated by a second virtualized security device at a second virtualization server to which the compute instance has been migrated. The second virtualized security device is initialized using at least the modified data item.

Abstract: A computing device includes one or more processors, a memory and an encryption accelerator. The memory includes instructions that when executed on the processors cause a first networking session to be established between a pair of communication peers. Encryption of messages of the first session is enabled by a parameter of a security protocol of the session. The encryption accelerator obtains a key determined in the first session, and uses the key to encrypt messages of a second networking session established between the peers.

Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

Abstract: Disclosed systems and methods implement a tracking system that tracks accesses to a TPM-secured key. In embodiments, the key may be encrypted using an encryption key, which is sealed using the TPM. A first value indicating an initial access state of the key is stored in a PCR of the TPM, and the encryption key is sealed against the PCR, so that it can be unsealed when contents of PCR match a next value derived from the first value. When the key is accessed, contents of the PCR is verified against an expected access state. If successfully verified, the PCR is extended hold the next value, the encryption key is unsealed, and the key decrypted. With each access, the encryption key is repeatedly resealed against the successive states stored in PCR. In this manner, the PCR may be used to track accesses and detect unauthorized accesses to the key.

Abstract: Systems and methods are disclosed to generate a persistent identifier for a device using a trusted platform module (TPM) of the device, so that the identifier is persistent during the lifetime of the TPM. In embodiments, during an initialization of the TPM, the system obtains an entropy value from the TPM used to generate the device's persistent identifier. The identifier is written to a non-volatile storage of the TPM so that it cannot be erased during the lifetime of the TPM. In embodiments, a persistent keys pair is generated based on the identifier, and also permanently written to the non-volatile storage. In embodiments, the persistent identifier may be measured and verified via TPM quotes. In embodiments, the persistent private key may be used to sign a nonce to prove the identity of the device.

Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.

Abstract: The present invention provides a flowable material container closure assembly having a port tube and a membrane tube.

Abstract: The present invention provides a flowable material container assembly having a membrane tube disposed coaxially within a port tube. The membrane tube has an outer layer, a core layer, and an inner layer. The outer layer is a blend of a polyolefin and a thermoplastic elastomer. The core layer is a blend of a polyolefin and a thermoplastic elastomer. The inner layer is a blend of a polyolefin, a radio frequency susceptible polymer, and a thermoplastic elastomer.

Abstract: At compile-time, a managed code module does not know the location of an unmanaged code module on the code execution system where the managed code is to be executed. A wrapper function in the managed code module specifies the desired function in the unmanaged code module, and parameters to pass to/from that function. At runtime, the managed code environment or the managed code determines the location of the unmanaged code module, and the managed code environment generates a dynamic assembly specifying the location, the function, and the parameters. The code execution system executes the dynamic assembly as proxy for the unmanaged code module.

Abstract: A device and method for inactivating pathogens in therapeutic fluids with sterilizing radiation in a continuous thin fluid flow arrangement that exhibits radiation dose uniformity for fluids having high optical densities. Radiation dose uniformity is achieved in part through a “carrying” mechanism that moves or carries the fluid, thereby eliminating a channel flow velocity profile where flow volumes near the channel walls run the risk of overexposure to the radiation due to very large residence times within the channel. The device comprises a relatively flat belt chamber (22) connected to a fluid flow through an inlet (24) and an outlet (26) on the belt chamber (22). The belt chamber (22) has a top surface (28) and a bottom surface (30). A radiation permeable plate (32) is disposed adjacent the top surface (28) of the belt chamber (22) and is in contact with the belt chamber (22). A radiation source (42) is provided adjacent to the plate (32) adjacent to a side opposite the belt chamber (22).

Abstract: A device and method for inactivating pathogens in therapeutic fluids with sterilizing radiation in a continuous flow arrangement while exhibiting radiation dose uniformity and narrow residence time distribution of the fluid within the device. The device (10) comprises a radiation permeable cylindrical tube (12) having a concentric cylindrical rotor (14) disposed therein, thereby providing a thin gap (16) therebetween. A top plate (18) having a fluid outlet (26) and a bottom plate (20) having a fluid inlet (24) seal the cylindrical tube (12). The inlet (24) and outlet (26) are both in fluid communication with the thin gap (16). A rotor shaft (36) is disposed axially through the cylindrical rotor (14) and is connected to a motor (30). A pump provides fluid flow through the device (10). A radiation source provides sterilizing radiation to the fluid through the cylindrical tube (12).