Abstract: There is described a method and data processing gateway comprising: data processing circuitry for performing data processing operations in response to program code; a first execution environment (FEE) and a second execution environment (SEE) for storing data and program code, wherein data and program code stored in the FEE when accessible to the data processing circuitry configured to operate in the FEE is inaccessible to the data processing circuitry when configured to operate in the SEE, the FEE comprising: a data ingestion store for receiving a device decryption mechanism into the FEE to decrypt encrypted device data, the data ingestion store further for receiving encrypted device data into the FEE and for decrypting the encrypted device data using the device decryption mechanism; and a subscriber client manager for receiving a first subscriber encryption mechanism into the FEE, and further for encrypting device data using the first subscriber encryption mechanism and further for transmitting encrypted dev

Abstract: Various implementations described herein are directed to determining a multi-factor trust score. Data from one or more endpoint devices is received over a gateway. A trust score is determined based on a plurality of metrics. The plurality of metrics including at least: a first attestation process performed for the one or more endpoint devices, and a second attestation process performed for the gateway. The trust score is sent to an analytics server. The trust score is configured to be used by the analytics server to determine an alert and/or a command based on the trust score.

Abstract: Various implementations described herein are directed to determining a multi-factor trust score. Data from one or more endpoint devices is received over a gateway. A trust score is determined based on a plurality of metrics. The plurality of metrics including at least: a first attestation process performed for the one or more endpoint devices, and a second attestation process performed for the gateway. The trust score is sent to an analytics server. The trust score is configured to be used by the analytics server to determine an alert and/or a command based on the trust score.

Abstract: There is described a method and data processing gateway comprising: data processing circuitry for performing data processing operations in response to program code; a first execution environment (FEE) and a second execution environment (SEE) for storing data and program code, wherein data and program code stored in the FEE when accessible to the data processing circuitry configured to operate in the FEE is inaccessible to the data processing circuitry when configured to operate in the SEE, the FEE comprising: a data ingestion store for receiving a device decryption mechanism into the FEE to decrypt encrypted device data, the data ingestion store further for receiving encrypted device data into the FEE and for decrypting the encrypted device data using the device decryption mechanism; and a subscriber client manager for receiving a first subscriber encryption mechanism into the FEE, and further for encrypting device data using the first subscriber encryption mechanism and further for transmitting encrypted dev

Abstract: A terminal for receiving and re-transmitting information, comprises a first network adapter for receiving a primary data stream in which the information has been encoded, encrypted according to a key scheme from a primary transmitter through a first network in a first format, an arrangement for receiving entitlement messages, enabling an authorized receiver to decrypt the encrypted data stream, and at least one further network adapter for connection to a secondary network. The terminal is configured to re-transmit at least part of the information in at least one secondary data stream in a second format, differing from the first format, through the second network to at least one secondary terminal connected to the secondary network. The terminal is configured to transmit the secondary data stream(s) encrypted according to the same key scheme and to forward received entitlement messages that enable an authorized receiver to decrypt the secondary data stream(s) to the secondary terminal(s).

Abstract: A terminal for receiving and re-transmitting information, comprises a first network adapter for receiving a primary data stream in which the information has been encoded, encrypted according to a key scheme from a primary transmitter through a first network in a first format, an arrangement for receiving entitlement messages, enabling an authorised receiver to decrypt the encrypted data stream, and at least one further network adapter for connection to a secondary network. The terminal is configured to re-transmit at least part of the information in at least one secondary data stream in a second format, differing from the first format, through the second network to at least one secondary terminal connected to the secondary network. The terminal is configured to transmit the secondary data stream(s) encrypted according to the same key scheme and to forward received entitlement messages that enable an authorised receiver to decrypt the secondary data stream(s) to the secondary terminal(s).