Abstract: A multi-module wearable device. According to an embodiment of the present disclosure, there is provided a system, including: a first wearable instrument; a second wearable instrument including a biometric sensor; an electrical connection between the first wearable instrument and the second wearable instrument; and a strap, sized and dimensioned to be disposed about a wrist. The electrical connection may be capable of connecting the first wearable instrument to the second wearable instrument when the second wearable instrument is at a first position on the strap relative to the first wearable instrument, and of connecting the first wearable instrument to the second wearable instrument when the second wearable instrument is at a second position on the strap relative to the first wearable instrument.

Abstract: Fleets of mobile or desktop electronic devices are sometimes wrongly unenrolled from a security and management service. They must then be reenrolled individually, from the devices themselves. To overcome this, a calling agent in each device is only partially removed or disabled upon receipt of the unenrollment instruction. The remaining portion of the calling agent is removed after a cool-off period. During the cool-off period, a persistent component of the calling agent that remains active contacts a monitoring center to check whether there is a cancellation of the unenroll instruction. If there is, the devices can be reenrolled from the monitoring center. This persistent component is designed to survive device reimaging and reinstantiates itself in such an event. This tether provides the ability to reverse unintentional device unenrollment.

Abstract: A computer-assisted method for providing re-quotations for insurance coverage may include receiving a list of insurance leads corresponding to individuals who received a previous quotation for insurance coverage but did not purchase the insurance coverage and identifying a difference between the previous quotation and a new quotation. This difference may include an increase in offered insurance coverage and/or a reduction in cost. A computing device may calculate a probability for each of the individuals on the list using a regression model based, at least in part, on the identified difference. In some cases, the regression model may be associated with individual states. In other cases, the regression model may correspond to a plurality of states. The regression model may output a probability that a resident of a particular state will purchase insurance in response to a re-quotation for insurance coverage, where individuals may then be ranked based on the probability.

Abstract: Systems and methods are disclosed that provide smart alerts to users, e.g., alerts to users about diabetic states that are only provided when it makes sense to do so, e.g., when the system can predict or estimate that the user is not already cognitively aware of their current condition, e.g., particularly where the current condition is a diabetic state warranting attention. In this way, the alert or alarm is personalized and made particularly effective for that user. Such systems and methods still alert the user when action is necessary, e.g., a bolus or temporary basal rate change, or provide a response to a missed bolus or a need for correction, but do not alert when action is unnecessary, e.g., if the user is already estimated or predicted to be cognitively aware of the diabetic state warranting attention, or if corrective action was already taken.

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes storing, in a trust authority, a pre-defined attestation report for a workload executing in a virtual machine (VM) managed by the virtualization layer, the pre-defined attestation report including a hash of at least a portion of an image of the VM; receiving, at the trust authority from a security module of a host in which the VM executes, an attestation report generated by measuring memory of the VM; comparing the attestation report with the pre-defined attestation report; and generating an indication of validity for the workload based on a result of the comparison.

Abstract: In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.

Abstract: Disclosed are various examples of provisioning a data processing unit (DPU) management operating system using a capsule. A management hypervisor installer executed on a host device receives a listing DPU device from a baseboard management controller (BMC). A preinstalled DPU management operating system image is identified for a DPU device from the listing, and is wrapped with a capsule that specifies the capsule as a DPU management operating system image capsule. A server component provides the DPU management operating system image capsule at a particular URI, and the URI is transmitted to the BMC.

Abstract: A compositor receives, from each of a plurality of originating devices, compressed and/or encrypted image data portions of a frame of image data, together with portion metadata for each of the compressed and/or encrypted image data portions. Frame metadata for the frame of image data. The compositor then composites the image data portions without decompressing and/or decrypting them, based on the portion and frame metadata, by generating composited frame metadata for the composited image frame and amending the portion metadata for each of the compressed and/or encrypted image data portions to indicate a location of the compressed and/or encrypted image data portions in the composited image frame. The compressed and/or encrypted image data portions, the composited frame metadata and the amended portion metadata are then transmitted by the compositor to a display control device.

Abstract: A mobile device that can optionally communicate with a server, the mobile device including latitude/longitude determining capabilities, a display, a data communication system and a power source. The mobile device can be used to communicate, provide location information, track an individual, as well as allow alerting, such in a case of an emergency. This location information could be accompanied with one or more of video information, audio information, multimedia information, and pictures taken by the mobile device. The mobile devices also allow inner-communicability among the devices such as text messaging, chat, voice communications, and the like. The capabilities of the mobile device can also be used to determine if the device has traversed a geo-fence, or defined electronic perimeter, with the crossing of the perimeter capable of triggering special functionality such as the turning on of the mobile device, or smart phone, sending an alert, altering functionality, or the like.

Abstract: A mobile device that can optionally communicate with a server, the mobile device including latitude/longitude determining capabilities, a display, a data communication system and a power source. The mobile device can be used to communicate, provide location information, track an individual, as well as allow alerting, such in a case of an emergency. This location information could be accompanied with one or more of video information, audio information, multimedia information, and pictures taken by the mobile device. The mobile devices also allow inner-communicability among the devices such as text messaging, chat, voice communications, and the like. The capabilities of the mobile device can also be used to determine if the device has traversed a geo-fence, or defined electronic perimeter, with the crossing of the perimeter capable of triggering special functionality such as the turning on of the mobile device, or smart phone, sending an alert, altering functionality, or the like.

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes storing, in a trust authority, a pre-defined attestation report for a workload executing in a virtual machine (VM) managed by the virtualization layer, the pre-defined attestation report including a hash of at least a portion of an image of the VM; receiving, at the trust authority from a security module of a host in which the VM executes, an attestation report generated by measuring memory of the VM; comparing the attestation report with the pre-defined attestation report; and generating an indication of validity for the workload based on a result of the comparison.

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts.

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

Abstract: In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.