Abstract: The present invention relates to methods, devices and systems for associating consumable data with an assay consumable used in a biological assay. Provided are assay systems and associated consumables, wherein the assay system adjusts one or more steps of an assay protocol based on consumable data specific for that consumable. Various types of consumable data are described, as well as methods of using such data in the conduct of an assay by an assay system. The present invention also relates to consumables (e.g., kits and reagent containers), software, data deployable bundles, computer-readable media, loading carts, instruments, systems, and methods, for performing automated biological assays.

Abstract: Batched execution of encryption operations is performed. A batched set of data for which format-preserving encryption is to be performed is obtained. The batched set of data includes a plurality of fields of data, which are independent of one another. Multiple rounds of format-preserving encryption are performed on the plurality of fields of data to provide an output of format-preserved encrypted data. A round of format-preserving encryption includes calling an encryption function to perform one or more encryption operations on the plurality of fields of data in parallel.

Abstract: Batched execution of encryption operations is performed. A batched set of data for which format-preserving encryption is to be performed is obtained. The batched set of data includes a plurality of fields of data, which are independent of one another. Multiple rounds of format- preserving encryption are performed on the plurality of fields of data to provide an output of format-preserved encrypted data. A round of format-preserving encryption includes calling an encryption function to perform one or more encryption operations on the plurality of fields of data in parallel.

Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.

Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.

Abstract: Embodiments of the present invention may involve providing security to a computing device. The providing security to a computing device may involve performing crypto-operations. A security system may include a central processing unit and a pre-processing unit. The pre-processing unit may be configured for receiving an incoming encapsulated request, parsing header infrastructure information of the encapsulated request, decapsulating the request, and providing the decapsulated request to the central processing unit for further processing.

Abstract: Systems and methods are provided for preserving data in a data deduplication system. A hash tree-based deduplication system balancing memory utilization and duplication-related storage access overhead is disclosed. The system preferably relies on distributed file system infrastructure and the system modifies this infrastructure. The data structures may be adapted to accommodate file-block distribution properties at runtime, such as runtime-specializing the hash tree to detect replicated chunks.

Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.

Abstract: Systems and methods are provided for preserving data in a data deduplication system. A hash tree-based deduplication system balancing memory utilization and duplication-related storage access overhead is disclosed. The system preferably relies on distributed file system infrastructure and the system modifies this infrastructure. The data structures may be adapted to accommodate file-block distribution properties at runtime, such as runtime-specializing the hash tree to detect replicated chunks.

Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.

Abstract: Embodiments are directed to an IC device comprising a set of N elements, and an interconnect system for enabling communication between the set of elements. Each element of the set of elements is configured according to a first communication plan to receive attestation data of each other element of the set of elements. Upon receiving the attestation data the element may determine whether each of the received attestation data from the other elements match an attestation pattern as defined in the first communication plan. In case the received attestation data match the first communication plan, the element may determine whether the received attestation data is attested by N?1 elements of the set of elements. In case the attestation data is attested by N?1 elements of the set of elements, the element may indicate the presence of the set of elements before the time interval has lapsed.

Abstract: A security device (6) is provided for facilitating management of secret data items such as cryptographic keys which are used by a remote server (2) to authenticate operations of the server (2). The device (6) has a user interface (13), control logic (16) and a computer interface (11) for connecting the device (6) to a local user computer (5) for communication with the remote server (2) via a data communications network (3). The control logic is adapted to establish via the user computer (5) a mutually-authenticated connection for encrypted end-to-end communications between the device (6) and server (2). In a backup operation, the secret data items are received from the server (2) via this connection. The control logic interacts with the user via the user interface (13) to obtain user authorization to backup secret data items and, in response, stores the secret data items in memory (10).

Abstract: Managing transfer of device ownership is provided. A digitally signed state change request for a device that includes at least one of a new device owner, a new designated successor device owner, and a new device ownership reversibility control bit is accepted. A stored state for the device that includes at least one of a current device owner, a previous device owner, a designated successor device owner, and a current device ownership reversibility control bit is read. The previous device owner is replaced with the current device owner, the current device owner is replaced with the new device owner, the designated successor device owner is replaced with the new designated successor device owner, and the new device ownership reversibility control bit is set in response to the new device ownership reversibility control bit being included in the digitally signed state change request.

Abstract: Embodiments are directed to an IC device comprising a set of N elements, and an interconnect system for enabling communication between the set of elements. Each element of the set of elements is configured according to a first communication plan to receive attestation data of each other element of the set of elements. Upon receiving the attestation data the element may determine whether each of the received attestation data from the other elements match an attestation pattern as defined in the first communication plan. In case the received attestation data match the first communication plan, the element may determine whether the received attestation data is attested by N?1 elements of the set of elements. In case the attestation data is attested by N?1 elements of the set of elements, the element may indicate the presence of the set of elements before the time interval has lapsed.

Abstract: A method, a secure device, a system and a computer program product for securely managing user access to a file system. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server through a telecommunication network establishing a connection between the secure device and the server, receiving at the secure device, through the established connection, data pertaining to a file system identifying files which are at least partly stored outside the secure device, exposing at the secure device the file system to a user, based on the data received from the server, the file system navigable by the user.

Abstract: Managing transfer of device ownership is provided. A digitally signed state change request for a device that includes at least one of a new device owner, a new designated successor device owner, and a new device ownership reversibility control bit is accepted. A stored state for the device that includes at least one of a current device owner, a previous device owner, a designated successor device owner, and a current device ownership reversibility control bit is read. The previous device owner is replaced with the current device owner, the current device owner is replaced with the new device owner, the designated successor device owner is replaced with the new designated successor device owner, and the new device ownership reversibility control bit is set in response to the new device ownership reversibility control bit being included in the digitally signed state change request.

Abstract: A server system for implementing a distributed cryptographic protocol includes a machine management server which comprises a current virtual machine configured to implement the protocol using a set of communication keys and state information for the protocol. The system further includes a memory and a refresh server. The system is configured, for each of successive new time periods in operation of the protocol, to perform a refresh operation wherein: the refresh server retrieves the state information from the memory, generates a new set of communication keys, and sends the state information and new set of keys to the machine management server; the machine management server configures a new virtual machine for implementing the protocol, whereby the new virtual machine receives the new set of keys and state information sent by the refresh server; and the new virtual machine assumes operation as the current virtual machine for the new time period and stores state information for that time period in the memory.

Abstract: A server system for implementing a distributed cryptographic protocol includes a machine management server which comprises a current virtual machine configured to implement the protocol using a set of communication keys and state information for the protocol. The system further includes a memory and a refresh server. The system is configured, for each of successive new time periods in operation of the protocol, to perform a refresh operation wherein: the refresh server retrieves the state information from the memory, generates a new set of communication keys, and sends the state information and new set of keys to the machine management server; the machine management server configures a new virtual machine for implementing the protocol, whereby the new virtual machine receives the new set of keys and state information sent by the refresh server; and the new virtual machine assumes operation as the current virtual machine for the new time period and stores state information for that time period in the memory.

Abstract: Embodiments of the present invention may involve providing security to a computing device. The providing security to a computing device may involve performing crypto-operations. A security system may include a central processing unit and a pre-processing unit. The pre-processing unit may be configured for receiving an incoming encapsulated request, parsing header infrastructure information of the encapsulated request, decapsulating the request, and providing the decapsulated request to the central processing unit for further processing.

Abstract: According to some exemplary embodiments, a computer-implemented timestamp method includes maintaining, at a cryptographic service provider (CSP), one or more timestamp policies specifying when digital timestamps should be issued. A timestamp request is received at the CSP from a timestamp authority that manages timestamping and is accompanied by a corresponding timestamp data structure. With a computer processor, a difference is determined between a first time specified in the timestamp data structure and a second time indicated by an internal clock of the CSP. The timestamp request is rejected if the first timestamp data structure fails to comply with a predetermined timestamp policy, where the predetermined timestamp policy requires that the difference between the first time and the second time be below a predetermined threshold.