Abstract: Disclosed embodiments relate to systems and methods for detecting and addressing security risks in remote native access sessions. Techniques include identifying a remote native access session between a client and a target resource. The techniques may further include identifying connection data associated with the remote native access session obtained by a connection agent, wherein the connection data originates from the client and from a mobile device associated with a user, and comprises data indicative of at least one of: hardware of the client or mobile device, configuration settings of the client or mobile device, and network connection attributes of the client or mobile device. Techniques may further include comparing a first portion of the connection data associated with the client with a second portion of the connection data associated with the mobile device; and determining, based on the comparing, a security risk associated with the remote native access session.

Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.

Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.

Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.

Abstract: The disclosed embodiments include systems and methods for dynamically managing privileged access for non-privileged accounts. Operations may include receiving a request from a computer device associated with a network account to access a privileged resource, wherein the network account lacks any privileged account membership enabling the network account to access the privileged resource. Operations may include authenticating the network account, and assigning, based on the authentication, privileged on-demand membership for the network account, wherein the privileged on-demand membership enables the network account to access the privileged resource. Operations may also include identifying that the network account should no longer have access to the privileged resource, and removing, based on the identification, the privileged on-demand membership for the network account.

Abstract: Disclosed embodiments relate to systems and methods for authenticating users of personal computing devices using encoded versions of the temporary and unique codes. Techniques include receiving a first cryptographic key having been created by a personal computing device and corresponding to a second cryptographic key maintained on the personal computing device; associating a user identifier with the first cryptographic key; accessing a temporary and unique code; accessing an encoded version of the temporary and unique code; making available to the personal computing device the encoded version of the temporary and unique code; receiving, from the personal computing device, a signed version of the temporary and unique code, the signed version having been signed by the second cryptographic key; verifying, using the first cryptographic key, the signed version of the temporary and unique code; and determining, based on the verifying, whether to authenticate the user of the personal computing device.

Abstract: The disclosed embodiments include systems and methods for dynamically managing privileged access for non-privileged accounts. Operations may include receiving a request from a computer device associated with a network account to access a privileged resource, wherein the network account lacks any privileged account membership enabling the network account to access the privileged resource. Operations may include authenticating the network account, and assigning, based on the authentication, privileged on-demand membership for the network account, wherein the privileged on-demand membership enables the network account to access the privileged resource. Operations may also include identifying that the network account should no longer have access to the privileged resource, and removing, based on the identification, the privileged on-demand membership for the network account.

Abstract: The disclosed embodiments include systems and methods for dynamically managing privileged access for non-privileged accounts. Operations may include receiving a request from a computer device associated with a network account to access a privileged resource, wherein the network account lacks any privileged account membership enabling the network account to access the privileged resource. Operations may include authenticating the network account, and assigning, based on the authentication, privileged on-demand membership for the network account, wherein the privileged on-demand membership enables the network account to access the privileged resource. Operations may also include identifying that the network account should no longer have access to the privileged resource, and removing, based on the identification, the privileged on-demand membership for the network account.

Abstract: The disclosed embodiments include systems and methods for dynamically managing privileged access for non-privileged accounts. Operations may include receiving a request from a computer device associated with a network account to access a privileged resource, wherein the network account lacks any privileged account membership enabling the network account to access the privileged resource. Operations may include authenticating the network account, and assigning, based on the authentication, privileged on-demand membership for the network account, wherein the privileged on-demand membership enables the network account to access the privileged resource. Operations may also include identifying that the network account should no longer have access to the privileged resource, and removing, based on the identification, the privileged on-demand membership for the network account.

Abstract: The present invention describes methods for the characterization of mRNA molecules during mRNA production. Characterizing mRNA includes processes such as oligonucleotide mapping, reverse transcriptase sequencing, charge distribution analysis, and detection of RNA impurities. Oligonucleotide mapping includes using an RNase to digest antisense duplexes from an RNA transcript, and then subjecting the digested RNA to reverse phase HPLC, anion exchange HPLC, and/or mass spectrometry analysis. Reverse transcriptase sequencing involves reverse transcription of an RNA transcript followed by DNA sequencing. Charge distribution analysis can comprise procedures such as anion exchange HPLC, or capillary electrophoresis. Detection of impurities includes detecting short mRNA transcripts, RNA-RNA hybrids, and RNA-DNA hybrids.

Abstract: Reversed phase-High Performance (High Pressure) Liquid Chromatography (RP-HPLC) and Size Exclusion Chromatography (SEC) methods have been developed for monitoring structural and size heterogeneity as well as stability of large RNA transcripts, including lengths of up to at least 10,000 nucleotides. The methods are designed for significantly larger mRNAs that could be monitored in the past, including lengths of up to at least 10,000 nucleotides, and including chemically modified RNA transcripts. SEC techniques are also used in the preparative purification of large RNA transcripts to remove impurities, including hybridized nucleic acid impurities and multimeric RNA species. All of these techniques are also beneficial in that they can be used for large scale manufacturing of therapeutics.

Abstract: A control system for an air driven drill is described, wherein the control system is of the kind that provides a feed stroke to a drill bit. The system comprises an interrupt line so that compressed air fed to a feed chamber is also fed to a clamp chamber whereby the unbalanced force on the feed piston becomes balanced so as to stop the feed stroke. An adjustable frequency generator is provided to impose a pulsating pressure variation in an air pressure supply. During a feed stroke under which compressed air is fed to the feed chamber, air fed to the clamp chamber via the interrupt line is caused by the adjustable frequency generator to have a pulsating pressure, so that the feed stroke is caused to be stopped for a first period, then resumed for a second period, to provide a periodically interrupted feed stroke.

Abstract: A control system for an air driven drill is described, wherein the control system is of the kind that provides a feed stroke to a drill bit. The system comprises an interrupt line so that compressed air fed to a feed chamber is also fed to a clamp chamber whereby the unbalanced force on the feed piston becomes balanced so as to stop the feed stroke. An adjustable frequency generator is provided to impose a pulsating pressure variation in an air pressure supply. During a feed stroke under which compressed air is fed to the feed chamber, air fed to the clamp chamber via the interrupt line is caused by the adjustable frequency generator to have a pulsating pressure, so that the feed stroke is caused to be stopped for a first period, then resumed for a second period, to provide a periodically interrupted feed stroke.

Abstract: A pneumatically operated rivet squeezer is described, having features that allow for the miniaturization of a squeezer to a size smaller than portable rivet squeezers presently available. A first feature of the invention is that a return spring is accommodated within the squeezer housing by embedding the spring diametrically partially within a cavity in an internal wall of the housing and diametrically partially within a cavity in a jaw of the squeezer. A second feature of the invention contributing to miniaturization is that the squeezer utilizes a wedge having a very high mechanical advantage during the final stage of squeezing action, and a novel two curve surface for applying force to arms of the squeezer.

Abstract: A high-energy radiation detector is disclosed which uses a semiconductor material to absorb high-energy radiation and emit secondary light in response. The semiconductor is designed to be largely transparent for the interband light it emits so that the generated secondary photons can reach the semiconductor surface, to be detected by a suitable photo-detector. The semiconductor thus plays a role of a scintillator with the emitted light registered by a photo-detector. Two different device embodiments are disclosed. The first embodiment employs a uniform bulk slab of the appropriately chosen semiconductor, such as n-doped InP. Its principal advantage lies in the simplicity and low cost. The second device employs a multi-layer heterostructure. The principal advantage of the second type detector is the possibility of a substantial enhancement in the efficiency of absorption of the primary high-energy radiation.

Abstract: A high-energy radiation detector is disclosed which uses a semiconductor material to absorb high-energy radiation and emit secondary light in response. The semiconductor is designed to be largely transparent for the interband light it emits so that the generated seciondary photons can reach the semiconductor surface, to be detected by a suitable photo-detector. The semiconductor thus plays a role of a scintillator with the emitted light registered by a photo-detector. Two different device embodiments are disclosed. The first embodiment employs a uniform bulk slab of the appropriately chosen semiconductor, such as n-doped InP. Its principal advantage lies in the simplicity and low cost. The second device employs a multi-layer heterostructure. The principal advantage of the second type detector is the possibility of a substantial enhancement in the efficiency of absorption of the primary high-energy radiation.