Abstract: A method for verifying a set of policy instructions to be used by a policy decision point (PDP) in adjudicating access requests to protected resources. The policy instructions are in the form of Horn clauses or conditional tag-expressions that are validated against a known test policy or desired outcome. The policy instructions are then compiled into aggregate form. When a plurality of policy instructions creates a conflict, the policy instructions are hierarchically organized to resolve said conflict.

Abstract: A system for controlling file access on a mobile computing device. Policy conditions are held at a policy decision point (PDP) and can be dynamically modified at run-time. Access requests to a file or set of files are intercepted by an agent that subsequently brokers the adjudication of said request via a secure, encrypted and hidden back-channel where the requestor is never allowed access to or knowledge of either the adjudication process or the parameters associated with adjudication. The PDP then returns either an access approval or denial based on said policy conditions.

Abstract: A system and methods for context-aware and situation-aware secure, policy-based access control for computing devices. The invention enhances the previously disclosed policy-based control system by adding contextual information to the set of resources by which a policy decision point can adjudicate a query to execute a transaction or to access a secure resource. Policy information points are able to store information collected over time related to resources under the control of the system. The system can further include an analytical processing engine capable of inferring new information from existing information that also can be used by the decision points. The policy information points provide context to the decision. They are also able to consider and include information that is external to the system or detected outside the system itself.

Abstract: A system and method for hardware implementations of policy-based secure computing environments for Internet enabled devices. The present invention facilitates a secure computing environment for any Internet enabled device where policy rules can be described as hardware components that allow or deny access to resources on the device. A compiler produces a hardware description language (HDL) of the hardware components based on given policy rules for that component. The system may be partially or completely implemented in hardware to address inherent limitations of a software only solution. The invention provides greater flexibility to the overall system in terms of performance, security, and expressiveness of the policy rules that must be executed.

Abstract: Systems and methods for secure, policy-based, access control and management of mobile computing devices, including policy decision enforcement mechanisms, device and private network presence testing, aspects of file system controls, policy set sanity checking algorithms, performance optimizations.

Abstract: A system and methods for context-aware and situation-aware secure, policy-based access control for computing devices. The invention enhances the previously disclosed policy-based control system by adding contextual information to the set of resources by which a policy decision point can adjudicate a query to execute a transaction or to access a secure resource. Policy information points are able to store information collected over time related to resources under the control of the system. The system can further include an analytical processing engine capable of inferring new information from existing information that also can be used by the decision points. The policy information points provide context to the decision. They are also able to consider and include information that is external to the system or detected outside the system itself.

Abstract: Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system. The system of the present invention resolves attestation record conflicts using digital certificates and digital signatures.

Abstract: An autonomous and adaptive method and system for secure, policy-based control of remote and locally controlled computing devices. The invention uses a policy-based access control mechanism to achieve adaptive and dynamic behavior modification based on the context of the local operating environment of the computing device. The modification system assesses the desirability of actions or outcomes as determined by the policy rules and modifies them accordingly, thus altering the behavior of the computing device. The system can utilize a machine learning technique, pattern matching and heuristic evaluation. When applied to the control of robotic and autonomous devices, the system allows the robot to offload adjudication to a remote system and also facilitates cooperative behaviors between robots operating in dynamic environments.

Abstract: Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system. The system of the present invention resolves attestation record conflicts using digital certificates and digital signatures.

Abstract: Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system.

Abstract: The present invention relates to a recording apparatus and method, a reproducing apparatus and method, and a program that make it possible to photograph and record a still image and moving images before and after the still image as well. In step S1, when a still-image-with-moving-image photographing mode is set, moving image temporary storage is started. When a shutter is depressed in step S2, in step S3, a photographed still image is recorded and one moving image is generated from the moving image before the still image stored in step S1, a moving image obtained by converting the photographed still image, and a moving image photographed after the depression of the shutter and the one moving image generated is recorded. Therefore, the moving images before and after the still image are recorded together with a high-definition still image.

Abstract: An autonomous and adaptive method and system for secure, policy-based control of remote and locally controlled computing devices. The invention uses a policy-based access control mechanism to achieve adaptive and dynamic behavior modification based on the context of the local operating environment of the computing device. The modification system assesses the desirability of actions or outcomes as determined by the policy rules and modifies them accordingly, thus altering the behavior of the computing device. The system can utilize a machine learning technique, pattern matching and heuristic evaluation. When applied to the control of robotic and autonomous devices, the system allows the robot to offload adjudication to a remote system and also facilitates cooperative behaviors between robots operating in dynamic environments.

Abstract: A system and method for hardware implementations of policy-based secure computing environments for Internet enabled devices. The present invention facilitates a secure computing environment for any Internet enabled device where policy rules can be described as hardware components that allow or deny access to resources on the device. A compiler produces a hardware description language (HDL) of the hardware components based on given policy rules for that component. The system may be partially or completely implemented in hardware to address inherent limitations of a software only solution. The invention provides greater flexibility to the overall system in terms of performance, security, and expressiveness of the policy rules that must be executed.

Abstract: Policy-based client-server systems and methods for attestation in managing and scouring mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trust expert parties and authorities within the expression and enforcement of policies for controlling use of and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, a well as potential business models for attestation used in such a policy-based system.

Abstract: An information processing apparatus has a plurality of recording media, and includes an imaging unit operable to capture an image of a subject, and a recording unit operable to record image data of the captured image onto the recording media such that the amounts of recorded image data differ between the recording media. The same image data is recorded onto at least a first recording medium built in the apparatus and a second recording medium removable from the apparatus such that the amount of data recorded on the first medium is smaller than that recorded on the second medium. In this information processing apparatus, a user can view images captured previously with more ease because image data recorded on the first recording medium is sorted by date and is provided to the user in this state.

Abstract: In a movable conveyor belt storage installation including a belt storage means (4), conveyor belt support structures (29) following the belt storage means (4), and a movable takeover car (7) including a deflection means (43) for the conveyor belt and a takeup chute (8) for taking over excavated material, the belt storage means (4) is comprised of at least two segments (13, 20, 22, 26) which are connected with one another so as to be pivotable about an axis extending transversely to the belt running direction and passing through the plane of the floor (31), wherein at least a portion of the support structures (29) are capable of being carried along in or on the takeover car (7).

Abstract: In a movable conveyor belt storage installation including a belt storage means (4), conveyor belt support structures (29) following the belt storage means (4), and a movable takeover car (7) including a deflection means (43) for the conveyor belt and a takeup chute (8) for taking over excavated material, the belt storage means (4) is comprised of at least two segments (13, 20, 22, 26) which are connected with one another so as to be pivotable about an axis extending transversely to the belt running direction and passing through the plane of the floor (31), wherein at least a portion of the support structures (29) are capable of being carried along in or on the takeover car (7).

Abstract: An information processing apparatus has a plurality of recording media, and includes an imaging unit operable to capture an image of a subject, and a recording unit operable to record image data of the captured image onto the recording media such that the amounts of recorded image data differ between the recording media. The same image data is recorded onto at least a first recording medium built in the apparatus and a second recording medium removable from the apparatus such that the amount of data recorded on the first medium is smaller than that recorded on the second medium. In this information processing apparatus, a user can view images captured previously with more ease because image data recorded on the first recording medium is sorted by date and is provided to the user in this state.