Patent application number | Description | Published |
20110109508 | LOCATION PROOFS - A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point. | 05-12-2011 |
20110231469 | ENERGY-AWARE CODE OFFLOAD FOR MOBILE DEVICES - A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code. | 09-22-2011 |
20110320823 | TRUSTED SENSORS - Architecture that provides trusted sensors and trusted sensor readings on computing devices such as mobile devices. The architecture utilizes a trustworthy computing technology (e.g., trusted platform module (TPM). In the context of TPM, one implementation requires no additional hardware beyond the TPM and a virtualized environment to provide trusted sensor readings. A second implementation incorporates trusted computing primitives directly into sensors and enhances security using signed sensor readings. Privacy issues arising from the deployment of trusted sensors are also addressed by utilizing protocols. | 12-29-2011 |
20120079507 | MANAGEMENT AND MARKETPLACE FOR DISTRIBUTED HOME DEVICES - A home device management technique is described that allows a user to manage a network of distributed home devices. Special application modules, driver modules, and service exchange ports are employed. Each application modules implements some functionality in the home, preferably using one or more devices in the home distributed system. Each driver module provides the logic for operating one or multiple distributed home devices and is capable of receiving commands from application modules and sending them to devices, detecting events for an associated type of home device, translating the detected event into a format usable by the application modules and notifying the application modules of the events. Events are communicated between the application modules and the driver modules by using one or more service exchange ports. Access control policies are employed to control access to the home devices. The application and driver modules can be obtained over a network from a home marketplace that can also determine their compatibility and interoperability with the home devices. | 03-29-2012 |
20120331550 | TRUSTED LANGUAGE RUNTIME ON A MOBILE PLATFORM - Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox. | 12-27-2012 |
20130031374 | FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices. | 01-31-2013 |
20130047197 | SEALING SECRET DATA WITH A POLICY THAT INCLUDES A SENSOR-BASED CONSTRAINT - Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data. | 02-21-2013 |
20130054948 | Attestation Protocol for Securely Booting a Guest Operating System - In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode. | 02-28-2013 |
20130102276 | SPLIT BILLING FOR A MOBILE DEVICE - The claimed subject matter provides a method for split billing. The method includes receiving a requested token. The requested token specifies conditions under which network traffic is allowed to be billed against a third party for content requested from a mobile computing device. The method also includes matching network traffic between the mobile computing device and a content provider to the specified conditions. The method further includes metering the matched network traffic to a billing account for the third party. | 04-25-2013 |
20130159729 | SOFTWARE-BASED TRUSTED PLATFORM MODULE - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices. | 06-20-2013 |
20130223308 | ENGERY EFFICIENT MAXIMIZATION OF NETWORK CONNECTIVITY - The minimization of the amount of power consumed by an electronic device in acquiring or maintaining network connectivity with a network may extend the battery life of the electronic device. When the electronic device has established a communication connection with a wireless access point, the electronic device cycles a network interface controller of the electronic device between a power on state and a power off state without terminating the communication connection. Accordingly, the electronic device powers on a main processor of the electronic device when the network interface controller detects a beacon during the power on state that indicates the wireless access point has a buffered data frame for the electronic device. | 08-29-2013 |
20130251216 | Personal Identification Combining Proximity Sensing with Biometrics - Described is a technology by which the identity of a person (e.g., a customer in a commercial transaction) is determinable without active identification effort, via biometric data is obtained without action by the person. Machine processing of the biometric data over a set of possible persons, determined from secondary proximity sensing, is used to determine or assist in determining the identity of the person. | 09-26-2013 |
20130290755 | ENERGY-AWARE CODE OFFLOAD FOR MOBILE DEVICES - A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code. | 10-31-2013 |
20130322630 | LOCATION PROOFS - A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point. | 12-05-2013 |
20140006805 | Protecting Secret State from Memory Attacks | 01-02-2014 |
20140173674 | SERVER GPU ASSISTANCE FOR MOBILE GPU APPLICATIONS - Various technologies described herein pertain to performing collaborative rendering. A GPU of a mobile device can generate a mobile-rendered video stream based on a first instance of an application executed on the mobile device. A GPU of a server can generate one or more server-rendered video streams based on instance(s) of the application executed on the server. Based on the one or more server-rendered video streams, the server can generate a compressed server-manipulated video stream. The mobile device can further combine the mobile-rendered video stream and the compressed server-manipulated video stream to form a collaborative video stream, and a display screen of the mobile device can be caused to display the collaborative video stream. The mobile-rendered video stream can have a first level of a quality attribute and the collaborative video stream can have a second level of the quality attribute greater than the first level of the quality attribute. | 06-19-2014 |
20140359270 | ATTESTATION PROTOCOL FOR SECURELY BOOTING A GUEST OPERATING SYSTEM - In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode. | 12-04-2014 |