Abstract: Various embodiments of a breath-activated nebulizer with flow-based fluidic control and related methods of using such a nebulizer are disclosed. The nebulizer may include a body comprising a reservoir for holding medication, a nozzle for emitting a jet of pressurized gas, and a fluid conduit in communication with the reservoir for delivery of the medication proximate the jet to produce an aerosol of medication. The nebulizer may also include a nebulizer outlet in communication with the body for delivery of the aerosol to a patient, an entrainment passage for providing entrainment flow from atmosphere during inhalation by the patient, and a control conduit in fluid communication with the fluid conduit for delivery of a control gas to the fluid conduit to prevent the delivery of the medication proximate the jet. In some exemplary embodiments, the control conduit may comprise a gas passage proximate the entrainment passage to allow the control gas to flow across the entrainment passage.

Abstract: Various embodiments of a breath-activated nebulizer with fluidic control and related methods of using such a nebulizer are disclosed. The nebulizer may include a body comprising a reservoir for holding medication, a nozzle for emitting a jet of pressurized gas, and a fluid conduit in communication with the reservoir for delivery of the medication proximate the jet to produce an aerosol of medication. The nebulizer may also include a nebulizer outlet in communication with an interior of the body for delivery of the aerosol to a patient, a control conduit in fluid communication with the fluid conduit for delivery of a control gas to the fluid conduit to prevent the delivery of the medication proximate the jet, and a fluidic amplifier configured to control the delivery of the control gas to the control conduit.

Abstract: A method for protecting Security Accounts Manager (SAM) files within a Windows® operating system is disclosed. A SAM file encryption key is generated by encrypting a SAM file via a syskey utility provided within the Windows® operating system. The SAM file encryption key is then stored in a virtual floppy disk by selecting an option to store SAM file encryption key to a floppy disk under the syskey utility. A blob is generated by performing a Trusted Platform Module (TPM) Seal command against the SAM file encryption key along with a value stored in a Performance Control Register and a TPM Storage Root Key. The blob is stored in a non-volatile storage area of a computer.

Abstract: Applications which function under a first operating system also function when it becomes necessary to call into action a second operating system due to provision having been made for configuration and other settings necessary to the execution of such applications (here generically called policy settings or policy source data) to be made available to the second operating system.

Abstract: In a hypervisor-based computing system, each guest operating system (GOS) is associated with multiple plug-in modules, with each module being configured to execute a respective function. The hypervisor also includes plug-in modules mirroring those of the GOS to provide for enhanced functionality on a module-by-module basis.

Abstract: A technique for identifying a user of a device includes receiving a tracking mechanism trigger and capturing (e.g., periodically) identifying information on the user of the device in response to the trigger.

Abstract: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.

Abstract: Applications which function under a first operating system also function when it becomes necessary to call into action a second operating system due to provision having been made for configuration and other settings necessary to the execution of such applications (here generically called policy settings or policy source data) to be made available to the second operating system.

Abstract: An apparatus, system, and method are disclosed for securely authorizing changes to a transaction restriction. A security module securely stores encryption keys for a payment instrument. The payment instrument electronically transacts payments and includes a transaction restriction. An authentication module receives an authentication from a user of the payment instrument. The security module validates the authentication with a first encryption key. In addition, the security module authorizes a change to the transaction restriction using a second encryption key if the authentication is valid. The security module resides on a computer that the user designates as authorized to validate the authentication.

Abstract: A method for providing a secure single sign-on to a computer system is disclosed. Pre-boot passwords are initially stored in a secure storage area of a smart card. The operating system password, which has been encrypted to a blob, is stored in a non-secure area of the smart card. After the smart card has been inserted in a computer system, a user is prompted for a Personal Identification Number (PIN) of the smart card. In response to a correct smart card PIN entry, the blob stored in the non-secure storage area of the smart card is decrypted to provide the operating system password, and the operating system password along with the pre-boot passwords stored in the secure storage area of the smart card are then utilized to log on to the computer system.

Abstract: A method for protecting Security Accounts Manager (SAM) files within a Windows® operating system is disclosed. A SAM file encryption key is generated by encrypting a SAM file via a syskey utility provided within the Windows® operating system. The SAM file encryption key is then stored in a virtual floppy disk by selecting an option to store SAM file encryption key to a floppy disk under the syskey utility. A blob is generated by performing a Trusted Platform Module (TPM) Seal command against the SAM file encryption key along with a value stored in a Performance Control Register and a TPM Storage Root Key. The blob is stored in a non-volatile storage area of a computer.

Abstract: A trusted platform module (TPM) is a silicon chip that constitutes a secure encryption key-pair generator and key management device. A TPM provides a hardware-based root-of-trust contingent on the generation of the first key-pair that the device creates: the SRK (storage root key). Each SRK is unique, making each TPM unique, and an SRK is never exported from a TPM. Broadly contemplated herein is an arrangement for determining automatically whether a TPM has been replaced or cleared via loading a TPM blob into the TPM prior to the first time it is to be used (e.g. when a security-related software application runs). If the TPM blob loads successfully, then it can be concluded that the TPM is the same TPM that was used previously. If the TPM blob cannot be loaded, then corrective action will preferably take place automatically to configure the new TPM.

Abstract: A trusted platform module (TPM) key is assigned a numerical limit for the number of times the key can be used, and once the key has been used the assigned number of times, it is rendered unusable.

Abstract: Various embodiments of a breath-activated nebulizer with flow-based fluidic control and related methods of using such a nebulizer are disclosed. The nebulizer may include a body comprising a reservoir for holding medication, a nozzle for emitting a jet of pressurized gas, and a fluid conduit in communication with the reservoir for delivery of the medication proximate the jet to produce an aerosol of medication. The nebulizer may also include a nebulizer outlet in communication with the body for delivery of the aerosol to a patient, an entrainment passage for providing entrainment flow from atmosphere during inhalation by the patient, and a control conduit in fluid communication with the fluid conduit for delivery of a control gas to the fluid conduit to prevent the delivery of the medication proximate the jet. In some exemplary embodiments, the control conduit may comprise a gas passage proximate the entrainment passage to allow the control gas to flow across the entrainment passage.

Abstract: Various embodiments of a breath-activated nebulizer with fluidic control and related methods of using such a nebulizer are disclosed. The nebulizer may include a body comprising a reservoir for holding medication, a nozzle for emitting a jet of pressurized gas, and a fluid conduit in communication with the reservoir for delivery of the medication proximate the jet to produce an aerosol of medication. The nebulizer may also include a nebulizer outlet in communication with an interior of the body for delivery of the aerosol to a patient, a control conduit in fluid communication with the fluid conduit for delivery of a control gas to the fluid conduit to prevent the delivery of the medication proximate the jet, and a fluidic amplifier configured to control the delivery of the control gas to the control conduit.

Abstract: An atomizing nebulizer for dispensing a substance or medicament is described. The nebulizer is formed with a reservoir base releasably secured to an effluent vent cap that together capture a diffuser and integral dispersing baffle that are further formed with an uptake lumen or channel terminating with a nozzle jet. The diffuser dispersing baffle is positioned relative to the jet nozzle to optimize atomization of any of a number of such substances so as to maximize disbursement of the substance. The reservoir base also incorporates a pressurized fluid-accelerating inlet tube terminated with a metering orifice that cooperates with the nozzle jet when the inlet tube is received within the diffuser uptake lumen or channel.

Abstract: A method, system and computer program product for securing decrypted files in a shared environment. A filter driver in a kernel space may be configured to control service requests to encrypted files stored in a shared area, e.g., a shared directory on a disk unit, accessible by multiple users. The filter driver may receive a service request to open an encrypted document in the shared area issued from an authorized user. Upon receiving the encrypted data, the filter driver may decrypt the encrypted data. The filter driver may subsequently store the decrypted data in a file in a non-shared area, e.g., a non-shared directory. The non-shared area may be accessible only by the authorized user that requested access to the encrypted file. By storing the decrypted data in a file in the non-shared area, a file once decrypted may be protected in a file sharing environment.

Abstract: A computer system that may include a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password. The results of the hash are used to render an AES key, which is used to encrypt an RSA key. The encrypted RSA key along with the total number of hash cycles that were used is stored and the RSA key is provided to the TPM as a security key. In the event that the RSA key in the TPM must be recovered, the encrypted stored version is decrypted with an AES key that is generated based on the user inputting the same password and hashing the password for the stored number of cycles.

Abstract: An embedded security subsystem, and method for implementing the same, which provide secure controllability of a data security device within a data processing system. The embedded security subsystem of the present invention includes a persistent enable flag for providing control access to the data security device, wherein the persistent enable flag is accessible only in response to a power-on reset cycle of the data processing system. The persistent enable flag is read-only accessible to runtime program instructions. A pending state change flag that is write accessible by runtime program instructions is utilized for setting an intended next state of the persistent enable flag such that control access to the data security device is enabled only during a subsequent power-on reset of said data processing system.

Abstract: Systems, methods and media for accessing and protecting TPM keys for signing and for decryption are disclosed. More particularly, hardware and software are disclosed for enabling a user knowing a signing-only authentication to access a key for signing only, upon submission of the signing only-authentication, and for enabling the user or a system administrator knowing a decryption-only authentication to access a key for decryption only, upon submission of the decryption-only authentication.