Abstract: Apparatus and methods to automatically layer data are provided. An automatic data layering program may receive access to multiple quanta of data. The program may automatically analyze and categorize each quanta of data with a corresponding level of access. The program may transfer each quanta of data so that various data stores may each only have data with the same level of access stored within. The program may receive a request to access data from a user. The program may determine the user's level of access and authorize access to the user to data corresponding with the user's level of access. The program may create a three-dimensional map or display of available data.

Abstract: Apparatus and method for using a siloed data mesh to store and access data is provided. The apparatus and method may include transmitting a dataset to a data mesh. Methods may include analyzing data included in the dataset at a data ingestion engine. Methods may include fragmenting the data. Methods may include assigning a security clearance level to each data fragment. Methods may include aggregating the data fragments to form data segments. Methods may include transmitting each data segment to a corresponding data silo. Methods may include storing each data segment. Methods may include creating a storage map of where each data segment is stored. The apparatus and method may further include receiving a data request. Methods may include using the storage map to locate the data segments. Methods may include determining if one or more of the data segments has an assigned security clearance level that is less than a security clearance level assigned to a node. Methods may include requesting the data.

Abstract: Embodiments of the present invention provide a system for segmenting and controlling transmission of data in computing networks. The system is configured for identifying initiation of transmission of a data file from a first storage container to a second storage container via a first network path, wherein the first network path comprises one or more network nodes, in response to identifying initiation of the transmission of the data file, generating a data tag for the data file, wherein the data tag is generated based on one or more file attributes, embedding the data tag into the data file, and allowing the transmission of the data file comprising the data tag, via the first network path and the one or more network nodes.

Abstract: A DVET unit is disclosed that comprises a first syringe and a second syringe having a first plunger and a second plunger, adapted to execute a backward stroke and a forward stroke in the respective syringe. The DVET unit also includes a first valve and a second valve. Further, the first valve is closed and the second valve is opened to draw blood from the source and the specimen into the first syringe and the second syringe. Moreover, the first valve is opened and the second valve is closed to pump the blood, drawn during the backward stroke, from the first syringe and the second syringe into the specimen and the waste bin.

Abstract: Embodiments of the invention are directed to systems, computer program products, and methods for tracking data transferred in a distributed network via secured, layered data tagging. A checkpoint sensing engine collects data flow at a checkpoint device and verifies a match between a checkpoint tag of the transaction packet and a checkpoint identifier of the checkpoint device. If no match occurs, the transaction packet it transmitted to a quarantine unit. If a match occurs, a deconstruction engine then removes the checkpoint tag, exposing an underlying second checkpoint tag corresponding with a second checkpoint device. Thereafter, the transaction packet is transmitted to the second checkpoint device.

Abstract: A device (100) for measuring pose and/or motion of an operator's hand (1) comprising: a first link (10) being adapted to be fixedly held and the distal end (12) being coupled to a second link (20) so as to allow a rotation motion there between about a first axis (15); the second link (20) being coupled to a third link (30) so as to allow a rotation motion there between about a second axis (25), the second axis (25) being substantially perpendicular to the first axis (15); the first edge (41) of the parallelogram linkage (40) being coupled to the third link (30); the second edge (42) of the parallelogram linkage (40) being coupled to a fourth link (50); the fourth link (50) being coupled to a fifth link (60), a distal end (62) thereof being coupled to a sixth link (70); and a grasper (80) being operably coupled to the sixth link (70).

Abstract: A computer-implemented time-series data processing method comprises receiving high volume-velocity time-series information from one or more data emission devices concerning the occurrences of events and a desired output to be generated. A data identification and structure scheme comprised of a set of identifiers, of a set of record keys and of a set of database tables is analyzed. The information concerning the occurrences of events and associated to the set of identifiers is received at a host computer that is one of one or more host computers configured to ingest and analyze the data. The computer-implemented method processes and stores the received data using the data identification and structure scheme. The computer-implemented method further processes the stored data to generate the desired output.

Abstract: A system and method for secure access to IoT devices using a mobile device. The mobile device includes a memory configured to store a private value thereon. The mobile device also includes a processor. The processor is configured establish a secure connection with the between the mobile device and a trusted server using the private value, receive a token from the a third party server via the trusted server, transmit the token to a provisioning server via the trusted server, receive an Internet of Things (IoT) profile from the provisioning server via the trusted server, and configure an IOT gateway based on the IoT profile.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: A system and method for secure access to IoT devices using a mobile device. The mobile device includes a memory configured to store a private value thereon. The mobile device also includes a processor. The processor is configured establish a secure connection with the between the mobile device and a trusted server using the private value, receive a token from the a third party server via the trusted server, transmit the token to a provisioning server via the trusted server, receive an Internet of Things (IoT) profile from the provisioning server via the trusted server, and configure an IOT gateway based on the IoT profile.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: A gateway device, system, and method are presented for securely obtaining health information from a personal medical device. The system installs a gateway application in a gateway device. The gateway application executes in a secure area of the gateway device. The system establishes first secure communications with the gateway application and receives aggregated personal medical device information from the gateway application. The gateway application establishes second secure communications with a personal medical device and receives information from the personal medical device via the second secure communications. The gateway application aggregates information from the personal medical device and send the aggregated information to the system via the first secure communications.

Abstract: A gateway device, system, and method are presented for securely obtaining health information from a personal medical device. The system installs a gateway application in a gateway device. The gateway application executes in a secure area of the gateway device. The system establishes first secure communications with the gateway application and receives aggregated personal medical device information from the gateway application. The gateway application establishes second secure communications with a personal medical device and receives information from the personal medical device via the second secure communications. The gateway application aggregates information from the personal medical device and send the aggregated information to the system via the first secure communications.

Abstract: An apparatus, system, and method to support downloadable DRM in a trusted execution environment is disclosed. A determination is made whether a platform supports the DRM requirements for protected content and an appropriate DRM module is downloaded if it is required. A DRM coordination agent in the trusted execution environment supports downloading a DRM module. A browser may include features to support utilizing the downloadable DRM module.

Abstract: A Digital Rights Management (DRM) service system providing digital content to which DRM technology is applied, when one or more DRM content is provided to a client device, download information for a DRM module capable of installing a DRM agent corresponding to a DRM system applied to the DRM content is provided together, making it possible for the client device to download the DRM module based on the download information, install the DRM agent, and use the DRM content.

Abstract: A method registers one or more electronic devices for a client account for a relying party with an authenticator. A request for access to one or more services for the client account is sent by a particular electronic device to the relying party. A request for authentication is sent from the relying party to the particular electronic device. The request for authentication is redirected to the authenticator. A signed response corresponding to the relying party is generated by the authenticator in response to the request for authentication. The signed response is forwarded to the relying party. Access to one or more requested services is granted.

Abstract: A method requests authentication of an electronic device by a service provider in response to a request for service by the electronic device. An authentication element is provided to the service provider via a secure media of the electronic device. In response to the request for service, an authorization server provides proxy authorization for the service provider by receiving an authorization element from the service provider and installing the authorization element on the secure media. Upon authenticating and authorizing the electronic device using the secure media, accessing the requested service.

Abstract: Methods and systems of rendering content on a device having a native digital rights management (DRM) system are described. A device, such as an end-user device capable of executing or playing content, acquires content in a common content format file having standardized locations for specific types of data. A generic digital rights token associated with the content is obtained by utilizing one of the standardized locations in the content format file, where the rights token contains information sufficient to allow retrieval of the rights associated with the content. Utilizing data in another of the standardized locations, it is then determined whether the device is registered in a domain. A license server directory may be accessed utilizing data in another of the standardized locations in the common content format file and a domain identifier, a device identifier, or both are transmitted to the license server directory.

Abstract: A method for processing an image such as a computer wallpaper identifies a characteristic color representative of the image. Image pixels with similar colors are separated into groups, and the average value of the R,G,B color components in each group is determined, after filtering out pixels with R,G,B values representing white, black, or grey. The group with the maximum difference between the highest average color component value and the lowest average color component value is identified as the characteristic color. Groups representing a number of pixels less than a certain percentage of all of the pixels are not considered. The characteristic color can be used in other displayed images at an intensity ? determined by setting maximum and minimum values of ?, with ? being the lesser of ?max and ?min plus the average color span of all pixels in the image.