Abstract: A compiler automatically modularizes identified functions or portions of source code, thereby enabling developers to merely identify portions of source code that represent functionality that is to be protected, including going back and identifying such portions after the programming of the software application program has been substantially completed. Such identification can be inline, within the source code itself, or specified in an external file.

Abstract: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.

Abstract: Processes for inhibiting scale produced during wet process phosphoric acid production by adding a scale-inhibiting amount of a reagent having a primary amine-containing polymer, or salt thereof, to one or more stages of a wet process phosphoric acid production stream are provided herein, wherein the primary amine-containing polymer includes an A mer according to Formula (I): where R is H, C1-C6 alkyl, C2-C6 alkenyl, halide, or carboxyl; R1 is H, C1-C6 alkyl, or C2-C6 alkenyl; R2 is H or an A mer according to Formula (I) as herein defined; R3 is chosen from a direct bond or a C1-C12 alkyl, C2-C12 alkenyl, or a C6-C12 aryl group; and n is an integer chosen to provide a weight average molecular weight of the primary amine-containing polymer of at least 300 Daltons, and wherein the percentage of primary amines in the polymer is from 30 mole % to 100 mole % based on the total percentage of mer units in the polymer.

Abstract: The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.

Abstract: In one example, a method includes allocating separate portions of memory for a control stack and a data stack. The method also includes, upon detecting a call instruction, storing a first return address in the control stack and a second return address in the data stack; and upon detecting a return instruction, popping the first return address from the control stack and the second return address from the data stack and raising an exception if the two return addresses do not match. Otherwise, the return instruction returns the first return address. Additionally, the method includes executing an exception handler in response to the return instruction detecting an exception, wherein the exception handler is to pop one or more return addresses from the control stack until the return address on a top of the control stack matches the return address on a top of the data stack.

Abstract: System and methods for using secure isolated technology to prevent piracy and cheating on electronic devices. In some examples, an electronic device can use hardware based secure isolated technology to store a first portion of an application in computer memory, and store a second portion of the application in a hardware based secure isolated region of the computer memory, the second portion of the application including an encrypted portion and a plaintext portion The electronic device can further use the hardware based secure isolated technology to establish a secure encrypted communication channel with a server, send data to the server via the secure encrypted communication channel, receive a decryption key from the server via the secure encrypted communication channel, and decrypt encrypted portion using the decryption key. The electronic device can then execute the application using the first portion of the application and the second portion of the application.

Abstract: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.

Abstract: When theft protection of a computing device is initiated, credentials of the user are provided to one or more services that verify the credentials and generate a recovery key. A data value is generated based on the recovery key and an identifier of the computing device (e.g., by applying a cryptographic hash function to the recovery key and the computing device identifier), and the data value is provided to the computing device, which stores the data value at the computing device. When a user is prompted to prove his or her ownership of the device, the owner can prove his or her ownership of the device in different manners by accessing the one or more services via a network (e.g., the Internet), or by providing the recovery key (e.g., obtained using another computing device) to the computing device.

Abstract: Disclosed herein is a method of producing alumina trihydrate crystals from an alumina trihydrate recovery process stream wherein an aqueous emulsion comprising an alkyl or alkenyl succinic anhydride is added to the alumina trihydrate recovery process stream, wherein the aqueous emulsion is substantially free of mineral oils. The method provides a decrease in percentage of alumina trihydrate crystals having a volume average diameter of less than about 45 micrometers compared to the percentage of alumina trihydrate crystals produced in the absence of the aqueous emulsion of an alkyl or alkenyl succinic anhydride.

Abstract: Disclosed herein is a method of producing alumina trihydrate crystals from an alumina trihydrate recovery process stream wherein an aqueous emulsion comprising an alkyl or alkenyl succinic anhydride is added to the alumina trihydrate recovery process stream, wherein the aqueous emulsion is substantially free of mineral oils. The method provides a decrease in percentage of alumina trihydrate crystals having a volume average diameter of less than about 45 micrometers compared to the percentage of alumina trihydrate crystals produced in the absence of the aqueous emulsion of an alkyl or alkenyl succinic anhydride.

Abstract: An implant comprising at least three components, namely, a solid hydrogel, a porous hydrogel adjacent to or surrounding the solid hydrogel (together considered “the hydrogel”), and a porous rigid base. The solid hydrogel and porous rigid base carry joint load, and the porous hydrogel layer and the porous rigid base allow for cellular migration into and around the implant. The invention is also a novel method of manufacturing the implant, a novel method of implanting the implant, and a method of treating, repairing or replacing biological tissue, more preferably musculoskeletal tissue, with the implant.

Abstract: A system-on-chip (SoC) includes multiple hardware modules that are implemented on a substrate. The hardware modules include a plurality of hardware and software security features and the SoC provides one or more external interfaces for accessing the security features. A validation module, implemented in the boot code of the SoC for example, manages security certificates to control access to the plurality of security features. Each security certificate includes one or more unique identifiers corresponding to one or more hardware modules in the SoC and access control settings for one or more security features of the one or more hardware modules. The security certificate additionally includes a certificate signature signed by a secure key.

Abstract: The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request.

Abstract: Return oriented programming (ROP) attack prevention techniques are described. In one or more examples, a method is described of protecting against return oriented programming attacks. The method includes initiating a compute signature hardware instruction of a computing device to compute a signature for a return address and the associated location on the stack the return address is stored and causing storage of the computed signature along with the return address in the stack. The method also includes enforcing that before executing the return instruction using the return address on the stack, initiating a verify signature hardware instruction of the computing device to verify the signature matches the target return address on the stack and responding to successful verification of the signature through execution of the verify signature hardware instruction by the computing device, executing the return instruction to the return address.

Abstract: Systems and method for providing a single sign in a gaming console that associates online activity that is out-of-game/cross game, and/or online activity that is in-game, and/or activity that is offline and in-game with that account. While online, a service tracks activity of gamers and provides usage statistics in a profile. While offline, the game console tracks the player's activity via a mechanism to collect detailed information about a specific player's in-game statistics and accomplishments. The offline activity is cached and uploaded when the console connects to the online service. Players can accumulate achievements offline that are credited towards online activities.

Abstract: Described herein are compositions and methods for treating a disease, particularly a cancer, with primed dendritic cells recognizing a tumor antigen. The methods may comprise storing, shipping and/or culturing dendritic cells, where the dendritic cells are stored on a hard surface. Lysis protocols are described where the lysis does not result in complete lysis of cells in order to provide cell surface molecules maintained in a cell surface-embedded state. Non-lethal Dengue virus strains are also provided for therapeutic purposes.

Abstract: When theft protection of a computing device is initiated, credentials of the user are provided to one or more services that verify the credentials and generate a recovery key. A data value is generated based on the recovery key and an identifier of the computing device (e.g., by applying a cryptographic hash function to the recovery key and the computing device identifier), and the data value is provided to the computing device, which stores the data value at the computing device. When a user is prompted to prove his or her ownership of the device, the owner can prove his or her ownership of the device in different manners by accessing the one or more services via a network (e.g., the Internet), or by providing the recovery key (e.g., obtained using another computing device) to the computing device.

Abstract: When theft protection of a computing device is initiated, credentials of the user are provided to one or more services that verify the credentials and generate a recovery key. A data value is generated based on the recovery key and an identifier of the computing device (e.g., by applying a cryptographic hash function to the recovery key and the computing device identifier), and the data value is provided to the computing device, which stores the data value at the computing device. When a user is prompted to prove his or her ownership of the device, the owner can prove his or her ownership of the device in different manners by accessing the one or more services via a network (e.g., the Internet), or by providing the recovery key (e.g., obtained using another computing device) to the computing device.

Abstract: An apparatus, computer-readable medium, and computer-implemented method for obfuscating execution of an application on a virtual machine (VM), includes receiving a custom VM definition corresponding to a custom VM, generating custom application bytecode from application source code based at least in part on the custom VM definition, the custom application bytecode being configured to run on the custom VM, generating custom VM source code based at least in part on the custom VM definition, compiling the custom VM source code with one or more target system compilers to generate one or more instances of the custom VM, the one or more instances of the custom VM being configured to run on the one or more target systems, and packaging the custom application bytecode and the one or more instances of the custom VM into an installable application.

Abstract: An implant having at least three components, namely, a solid hydrogel, a porous hydrogel adjacent to or surrounding the solid hydrogel (together considered “the hydrogel”), and a porous rigid base. The solid hydrogel and porous rigid base carry joint load, and the porous hydrogel layer and the porous rigid base allow for cellular migration into and around the implant. The invention is also a novel method of manufacturing the implant, a novel method of implanting the implant, and a method of treating, repairing or replacing biological tissue, more preferably musculoskeletal tissue, with the implant.