Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums described herein enable executable code of a hardware security platform (HSP) circuit to communicate with a hypervisor in a separate processor. The hypervisor generates and manages virtual machines. The HSP code comprises trusted platform module (TPM) logic, that processes TPM commands received via the hypervisor, and in response to the processing, communicates security information (e.g., measurements, keys, authorization data) with the virtual machines via the hypervisor. The TPM logic receives security information related to a virtual machine from the hypervisor and stores the security information in non-volatile memory of the HSP circuit, where security information from a particular VM is distinguishable from security information from another VM in the HSP memory.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.

Abstract: A novel location and marking system is configured to provide a seamless in-the-field access to resource and asset information databases with automated functionality that effectively and more efficiently manages, controls, and distributes data according to some embodiments. In some embodiments, such systems can enable utilities to manage assets in real-time, provide map asset status, and provide automatic ticket routing, dispatching and management. For example, in some embodiments, the system is configured to generate maps with identifiers or components of an active division including tickets of one or more assets of an active division. These assets include sites of residential and business gas, electrical, and/or water and sewer conduits and metering systems, as well as related underground infrastructure that can be susceptible to earthquakes, ground disturbances, and other emergency situations according to some embodiments.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums described herein enable executable code of a hardware security platform (HSP) circuit to communicate with a hypervisor in a separate processor. The hypervisor generates and manages virtual machines. The HSP code comprises trusted platform module (TPM) logic, that processes TPM commands received via the hypervisor, and in response to the processing, communicates security information (e.g., measurements, keys, authorization data) with the virtual machines via the hypervisor. The TPM logic receives security information related to a virtual machine from the hypervisor and stores the security information in non-volatile memory of the HSP circuit, where security information from a particular VM is distinguishable from security information from another VM in the HSP memory.

Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.

Abstract: Embodiments described herein are directed to firmware policy enforcement of a computing device. For example, a security processor of the computing device is utilized to boot the computing device. During a boot session, the security processor loads and executes specialized firmware. The specialized firmware, when executed, causes the security processor to determine whether other types of firmware to be executed on the computing device is in compliance with a policy specified by the specialized firmware. Based at least on a determination that the other firmware is in compliance with the policy, the security processor executes the other firmware. Based at least on a determination that the other firmware is not in compliance with the policy, the security processor performs a mitigation with respect to the other firmware.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.

Abstract: This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include an executable file. The executable file may include code and data. A platform may modify the executable file such that the data may be placed at a location in memory not based on a fixed distance from the code. The platform may modify the executable file to indicate that the code should be loaded in a hardware enclave and at least a portion of the data should be loaded in the memory outside the hardware enclave. The platform may encrypt the code and provide it to a computing device.

Abstract: This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include an executable file having code and data. A platform may modify the executable file such that the data may be placed at a location in memory that is an arbitrary distance from the code. The platform may modify the executable file to include a separation header. The separation header may indicate that the data can be placed at an arbitrary distance in the memory from the code. The separation header may indicate that the code should be loaded into a hardware enclave and that the data should be loaded outside of the hardware enclave. The platform may encrypt the code and provide it to a computing device. The computing device may load the encrypted code into the hardware enclave but load the data into memory outside the hardware enclave.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.

Abstract: The present disclosure is directed to systems and methods for automatically shutting off fluid flow through a fluid inlet line of a water heater upon detection of a leak of the water heater. The system may include an electrically powered shutoff assembly operatively coupled to the fluid inlet line, and a capacitor operatively coupled to the electrically powered shutoff assembly. The electrically powered shutoff assembly may be configured to shut off fluid flow through the fluid inlet line upon detection of a leak of the water heater, and the capacitor may be configured to store power received from an external power source. Accordingly, when the electrically powered shutoff assembly does not have access to electric power, the capacitor may power the electrically powered shutoff assembly to shut off fluid flow through the fluid inlet line.

Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.

Abstract: Systems and methods for multi-modal sensing of three-dimensional position information of the surface of an object are disclosed. In particular, multiple visualization modalities are each used to collect distinctive positional information of a surface of an object. Each of the computed positional information is combined using weighting factors to compute a final, weighted three-dimensional position. In various embodiments, a first depth may be recorded using fiducial markers, a second depth may be recorded using a structured light pattern, and a third depth may be recorded using a light-field camera. Weighting factors may be applied to each of the recorded depths and a final, weighted depth may be computed.

Abstract: Embodiments described herein are directed to firmware policy enforcement of a computing device. For example, a security processor of the computing device is utilized to boot the computing device. During a boot session, the security processor loads and executes specialized firmware. The specialized firmware, when executed, causes the security processor to determine whether other types of firmware to be executed on the computing device is in compliance with a policy specified by the specialized firmware. Based at least on a determination that the other firmware is in compliance with the policy, the security processor executes the other firmware. Based at least on a determination that the other firmware is not in compliance with the policy, the security processor performs a mitigation with respect to the other firmware.

Abstract: A calendar UI is provided showing on one side a calendar of events in day of the month format and on the other side a column of tiles, each corresponding to an event on the calendar and selectable to invoke a web page to play a game or purchase a product or hot launch the user into a game.

Abstract: The present disclosure provides methods for processing medical data. The method may comprise receiving a plurality of data inputs associated with (i) at least one medical patient or (ii) at least one surgical procedure. The method may further comprise receiving one or more annotations for at least a subset of the plurality of data inputs. The method may further comprise generating an annotated data set using (i) the one or more annotations and (ii) one or more data inputs of the plurality of data inputs. The method may further comprise using the annotated data set to (i) perform data analytics for the plurality of data inputs, (ii) develop one or more medical training tools, or (iii) train one or more medical models.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.

Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.