Abstract: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Abstract: Techniques for increasing the battery life on a mobile device by decreasing the energy consumption of the mobile device's wireless fidelity (Wi-Fi) interface are described. In one embodiment, the mobile device's Wi-Fi interface is automatically disabled when the device is not engaged. When the device receives a wake up call from a server via its Cellular interface, the Wi-Fi interface is enabled if the device answers the wake up call and the Wi-Fi interface is available. Using its Wi-Fi interface, the mobile device then connects to an IP-based network via a Wi-Fi access point.

Abstract: Technologies, systems, and methods for ordered message delivery that avoid message races or crisscrosses between communicating nodes. For example, if Node A sends message 3 towards Node B and, shortly thereafter, Node B sends message X to Node A, Node A would like to know whether or not message X reflects Node B's state after receiving message 3. If Node B received message 3 prior to sending message X, then proper state may be maintained between the nodes. But if messages 3 and X crisscrossed, or if message 3 was never properly received by Node B, then the state between the nodes may be corrupt. Technologies, systems, and methods are provided to avoid such corruption.

Abstract: Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.

Abstract: Technologies, systems, and methods for ordered message delivery that avoid message races or crisscrosses between communicating nodes. For example, if Node A sends message 3 towards Node B and, shortly thereafter, Node B sends message X to Node A, Node A would like to know whether or not message X reflects Node B's state after receiving message 3. If Node B received message 3 prior to sending message X, then proper state may be maintained between the nodes. But if messages 3 and X crisscrossed, or if message 3 was never properly received by Node B, then the state between the nodes may be corrupt. Technologies, systems, and methods are provided to avoid such corruption.

Abstract: An exemplary architecture is for an Internet Location Coordinate enhanced Domain Name System (DNS). An exemplary method includes requesting information for a plurality of servers associated with a network domain name of a Domain Name System (DNS) where the information includes information based in part on packets transmitted by each of the plurality of servers to a plurality of network beacons; receiving the requested information from a name server associated with the Domain Name System (DNS); and, based in part on the received information, selecting an optimal server for the network domain name. Other methods, devices and systems are also disclosed.

Abstract: Techniques for increasing the battery life on a mobile device by decreasing the energy consumption of the mobile device's wireless fidelity (Wi-Fi) interface are described. In one embodiment, the mobile device's Wi-Fi interface is automatically disabled when the device is not engaged in a voice over internet protocol (VoIP) call via the Wi-Fi interface. When a VoIP call is initiated on the device, or when the device receives a wake up call from a server via its Cellular interface, the Wi-Fi interface is automatically enabled. Using its Wi-Fi interface, the mobile device then connects to an IP-based network via a Wi-Fi access point. The server then initiates a direct call, wherein VoIP technology is used by the mobile device, between the mobile device and a VoIP calling device.

Abstract: The application discloses a resource assignment system including recovery notification procedures or methods to notify an application or node of potentially lost resources. The recovery notification procedures or calls are invoked in response to a recovery notification registration function. In response to recovery notification registration, a recovery notification or call is generated to report lost resources.

Abstract: A dual mode communication device utilizes a control channel to exploit diversity, history, and context in advance of establishing a broadband data exchange session on a broadband but shorter range wireless data channel, maximizing productive use of such a session. Appropriate diversity for the negotiated session further enhance data transfer, including path diversity, radio technology diversity (e.g., WiMax, Wi-Fi, ultra wideband, Bluetooth), antenna diversity (e.g., MIMO), modulation diversity (e.g., rate selection for 802.11, or symbol length selection to combat multi-path fading), and frequency diversity (e.g., 2.4 GHz versus 5 GHz). Historical information about channel characteristics optimize the selection of channel parameters with respect to the diversity choices. In addition, context information such as location and speed can be used to categorize the historical information that is collected to further optimize channel parameters.

Abstract: Wireless adapters are installed on one or more general purpose computing devices and are connected via a network in an enterprise environment. The adapters are densely deployed at known locations throughout the environment and are configured as air monitors. The air monitors monitor signals transmitted by one or more transceiver devices and records information about these signals. One or more analysis or inference engines may be deployed to obtain the recorded signal information and the air monitor locations to determine a location of the one or more wireless transceivers devices deployed in the environment.

Abstract: Consistency is managed among data operations by coalescing commit operations, adjusting a commit rate to optimize latency, and converging to fairness across servers. Write operations representing a change to data stored by one or more of a plurality of computing devices are received in succession by, for example, a cloud computing service. A state of a plurality of tracking objects is adjusted to indicate whether the change in data has been provided to the computing devices and whether the change in data has been acknowledged by the computing devices. Changes to the same data are coalesced such that only the most recent change is provided to the computing devices for storage. In some embodiments, the commit rate is adjustable such that the commit rate decreases quickly but increases slowly based on measured latencies.

Abstract: An exemplary system for managing an applications and data space includes a strategy layer configured to receive a query statement and to formulate one or more custom queries based on the query statement and a query scheduler layer configured to schedule issuance of the one or more custom queries to one or more query response modules associated with the applications and data space. Other methods, devices and systems are also disclosed.

Abstract: Architecture that provides trusted sensors and trusted sensor readings on computing devices such as mobile devices. The architecture utilizes a trustworthy computing technology (e.g., trusted platform module (TPM). In the context of TPM, one implementation requires no additional hardware beyond the TPM and a virtualized environment to provide trusted sensor readings. A second implementation incorporates trusted computing primitives directly into sensors and enhances security using signed sensor readings. Privacy issues arising from the deployment of trusted sensors are also addressed by utilizing protocols.

Abstract: An invention is disclosed whereby a wireless network node, equipped with two or more radio transceivers statically tuned to non-interfering frequency channels, can make decisions regarding which channel to use when communicating with a neighboring wireless node. A multi-radio unification protocol implemented in a wireless node coordinates the use of multiple wireless network interface cards and provides a virtual layer that hides the multiple physical network interfaces from higher layers of a node's network protocol stack. The invention is applicable to wireless networks generally, including those in which some nodes do not have multiple radios or do not recognize the multi-radio unification protocol. The invention makes possible simultaneous transmissions using available channels, thereby reducing interference and delay while increasing the overall capacity of the network.

Abstract: An exemplary architecture is for an Internet Location Coordinate enhanced Domain Name System (DNS). An exemplary method includes requesting information for a plurality of servers associated with a network domain name of a Domain Name System (DNS) where the information includes information based in part on packets transmitted by each of the plurality of servers to a plurality of network beacons; receiving the requested information from a name server associated with the Domain Name System (DNS); and, based in part on the received information, selecting an optimal server for the network domain name. Other methods, devices and systems are also disclosed.

Abstract: An exemplary system for managing an applications and data space includes a strategy layer configured to receive a query statement and to formulate one or more custom queries based on the query statement and a query scheduler layer configured to schedule issuance of the one or more custom queries to one or more query response modules associated with the applications and data space. Other methods, devices and systems are also disclosed.

Abstract: A method to determine if a rogue device is connected to a specific wired network from dynamic host control protocol (DHCP) requests on the wired network. These DHCP requests are analyzed to determine the type of device issuing the request. Once the type of device has been determined, it can be checked against a list of authorized device types. If the device issuing the DHCP request is not an authorized device type, then it can be determined that the suspect device is a rogue that is connected to the specific wired network. Additionally, even if the system of the present invention determines that it is an authorized device type, if the device is not one of the few authorized devices of this type, e.g. because its MAC address is not recognized as that of one of the authorized devices, the system can flag the suspect as a rogue.

Abstract: A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code.

Abstract: A method of detecting rogue devices that are coupled to a wired network without generating false negative or false positive alerts is provided. When a wireless monitor detects an observed SSID and/or BSSID, various tests are run to determine whether the observed device is actually coupled to the wired network. To guard against the suspect device spoofing an authorized SSID and/or BSSID, location information is gathered so that the network administrator can pinpoint the location of the rogue device. If the device is not recognized, various other tests are run to determine whether the unrecognized device is actually connected to the wired network. These tests include an association test, a MAC address test, an ARP test, a packet replay test, a correlation test, and/or a DHCP fingerprint test. Once it is determined that the suspect device is a rogue connected to the wired network, an appropriate alert is generated.

Abstract: An exemplary architecture is for an Internet Location Coordinate enhanced Domain Name System (DNS). An exemplary method includes requesting information for a plurality of servers associated with a network domain name of a Domain Name System (DNS) where the information includes information based in part on packets transmitted by each of the plurality of servers to a plurality of network beacons; receiving the requested information from a name server associated with the Domain Name System (DNS); and, based in part on the received information, selecting an optimal server for the network domain name. Other methods, devices and systems are also disclosed.