Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: Trusted agents operating within a trusted execution environment (TEE) of a client computing device are configured with complex computational puzzles (e.g., hash functions or other proof of work puzzles) for a remote service to solve before the trusted agent executes an operation. The trusted agent may have a policy that the puzzle is associated with, in which the policy defines a statistically defined time period over which puzzles are solved. The statistically defined time period is effectuated through parameters which control a complexity of the puzzle. Malware or bad actors that attempt to misuse the trusted agent are throttled until the remote service solves the puzzle, which is configured with a level of complexity that takes the statistically defined time period.

Abstract: A provisioning service operating on a remote server is configured to handle provisioning of Internet of Things (IoT) devices, in which IoT devices are configured to execute policies provided by the provisioning service to self-regulate access to an IoT portal. The provisioning service generates an access token and policy which are unique to a trusted platform module (TPM) for a respective IoT device. The TPM executes the policy upon each instance in which the IoT device requires authorization to perform an operation or access the IoT portal. The policy may be configured according to a prepaid or postpaid model. In both models a local counter within the TPM of the IoT device may increment upon each instance of authorization. Under the prepaid model the IoT device may acquire a set number of uses, and under the postpaid model a statement may be generated based on prior usage.

Abstract: A computing device's trusted platform module (TPM) is configured with a cryptographic watchdog timer which forces a device reset if the TPM fails to solve a cryptographic challenge before the expiration of the timer. The computing device's TPM is configured to generate the cryptographic challenge, to which the computing device does not possess the cryptographic token for resolution. While the watchdog timer counts down, the computing device requests a cryptographic token from a remote service to solve the challenge. The remote service transmits the cryptographic token to the computing device so long as the remote service identifies no reason to withhold the token, such as the computing device being infected with malware. The interoperability of the computing device and remote service enables the remote service to exercise control and reset capabilities over the computing device.

Abstract: Before a composition is ingested into a runtime environment at a runtime device, the composition may be verified at an authoring trusted execution environment (TEE) operating on an authoring device. A user can operate an untrusted computing platform (e.g., a personal computer, laptop computer, tablet computer, etc.) to write code, generate data, or create some other composition. Since this composition is created on an untrusted device, the authoring TEE may output the composition on a trusted peripheral device to a user for review and approval. Responsive to receiving approval at the trusted peripheral device, the authoring TEE can sign the composition with a local key and forward the composition for execution by the runtime device. The signature can be utilized by the runtime device to prove that it was reviewed and verified by an authorized user operating the authoring device.

Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.

Abstract: A computing device's trusted platform module (TPM) is configured with a cryptographic watchdog timer which forces a device reset if the TPM fails to solve a cryptographic challenge before the expiration of the timer. The computing device's TPM is configured to generate the cryptographic challenge, to which the computing device does not possess the cryptographic token for resolution. While the watchdog timer counts down, the computing device requests a cryptographic token from a remote service to solve the challenge. The remote service transmits the cryptographic token to the computing device so long as the remote service identifies no reason to withhold the token, such as the computing device being infected with malware. The interoperability of the computing device and remote service enables the remote service to exercise control and reset capabilities over the computing device.

Abstract: Trusted agents operating within a trusted execution environment (TEE) of a client computing device are configured with complex computational puzzles (e.g., hash functions or other proof of work puzzles) for a remote service to solve before the trusted agent executes an operation. The trusted agent may have a policy that the puzzle is associated with, in which the policy defines a statistically defined time period over which puzzles are solved. The statistically defined time period is effectuated through parameters which control a complexity of the puzzle. Malware or bad actors that attempt to misuse the trusted agent are throttled until the remote service solves the puzzle, which is configured with a level of complexity that takes the statistically defined time period.

Abstract: A provisioning service operating on a remote server is configured to handle provisioning of Internet of Things (IoT) devices, in which IoT devices are configured to execute policies provided by the provisioning service to self-regulate access to an IoT portal. The provisioning service generates an access token and policy which are unique to a trusted platform module (TPM) for a respective IoT device. The TPM executes the policy upon each instance in which the IoT device requires authorization to perform an operation or access the IoT portal. The policy may be configured according to a prepaid or postpaid model. In both models a local counter within the TPM of the IoT device may increment upon each instance of authorization. Under the prepaid model the IoT device may acquire a set number of uses, and under the postpaid model a statement may be generated based on prior usage.

Abstract: Before a composition is ingested into a runtime environment at a runtime device, the composition may be verified at an authoring trusted execution environment (TEE) operating on an authoring device. A user can operate an untrusted computing platform (e.g., a personal computer, laptop computer, tablet computer, etc.) to write code, generate data, or create some other composition. Since this composition is created on an untrusted device, the authoring TEE may output the composition on a trusted peripheral device to a user for review and approval. Responsive to receiving approval at the trusted peripheral device, the authoring TEE can sign the composition with a local key and forward the composition for execution by the runtime device. The signature can be utilized by the runtime device to prove that it was reviewed and verified by an authorized user operating the authoring device.

Abstract: A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.

Abstract: An edge rail for a pane or panel of glass or like material to be used as a door or partition is made of mating male and female rail sections defining a channel for reception of and secure attachment to an edge portion of a pane or panel. The two rail sections have portions thereof cut away and defining a recess or chamber for reception of a door or partition supporting structure directly within the rail and not as an appendage thereto. The edge rail has substantially universal application as either a top rail or a bottom rail and for either a right hand mount or a left hand mount. The rail is relatively small, slim and compact and imparts an esthetically pleasing appearance to the panel assembly.

Abstract: A lock assembly including an exterior with a lock housing block formed on its inner side and an interior member with an inner side includes a recessed portion configured to receive the lock housing block of the exterior member. The assembly further includes a first aperture that extends completely through the exterior member, a second aperture that extends completely through the interior member, a deadbolt aperture that extends completely through the lock housing block, and a deadbolt seated within the deadbolt aperture. When the interior and exterior members are aligned such that the lock housing block is seated within the recessed portion of the interior member, the first and second aperture are aligned with each other to define a cylinder aperture that extends completely through both the exterior member and the interior member. Finally, there is at least one cylinder seated within said cylinder aperture.

Abstract: There is disclosed a method for managing information about off-line storage data comprising storing information about the off-line storage data, interfacing said information with a file manager of an operating system of a computer, displaying said off-line storage data as accessible by said computer as part of the file system managed by said file manager so that the information stored about the off line storage data can be accessed by using the file manager.

Abstract: An apparatus for detecting customer premise equipment alerting signals (CAS) in a first telephone having a transmit circuit and a receive circuit and a hybrid line termination for connecting the transmit circuit and the receive circuit to a central office line. The apparatus includes an off-hook detector for producing an off-hook signal identifying whether or not the first telephone is in an off-hook state, an extension-in-use detector for producing an extension-in-use signal identifying whether or not a second telephone connected to the central office line is in an off-hook state, a CAS detector selectively operable to receive the CAS signals directly from the central office line and from the hybrid line termination and a control element for controlling the CAS detector in response to the off-hook signal and the extension-in-use signal.

Abstract: Soluble coffee process involving the addition of a partial condensate of volatile flavorful components to a concentrated coffee extract which has previously been stripped of its volatile flavorful components and subjecting this enhanced concentrated coffee extract to a dehydration process which maximizes the retention of the flavorful components to provide a soluble coffee product with distinct green/nutty flavor notes.

Abstract: Frequency response testing apparatus, developed for use with hearing aids, comprises a generator providing a predetermined varying-frequency input for the device under test, and a discriminator which applies incremental output level signals from the device to a display matrix of LED's under the control of timing signals derived from the generator, the overall arrangement providing a display in the form of a linear graphical plot.

Abstract: A custard mix in the form of free-flowing granules which will instantly disperse in a hot liquid to form a thickened, uniform sauce is attained by controlled moisturization of the starch and sugar ingredients during blending and granulation.