Abstract: Methods and systems to assign an application and a video frame buffer to a protected memory domain to render an image of a keyboard from the protected memory domain to a random position of the video frame buffer and correlate user input from a pointing device to the rendered keyboard image. The keyboard image may be randomly repositioned following a user input. The keyboard image may be rendered over a secure user image. An acknowledgment image may be rendered from the protected memory domain to a random position of the video frame buffer, and may be randomly repositioned in response to a user input that does not correlate to the acknowledgment image. User inputs that do not correlate to a randomly positioned image may be counted, and one or more processes may be aborted when the number of non-correlated user inputs exceeds a threshold.

Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.

Abstract: Embodiments of switching between multiple operating systems (OSes) using sleep state management and sequestered re-baseable memory are generally described herein. Embodiments of the invention allow one OS to be suspended into S3 or sleep mode, saving its state to memory and turning off its devices. Then, another sleeping OS can be resumed from another location in memory by switching a memory base addressed to a sequestered memory region and restoring its device state. Other embodiments may be described and claimed.

Abstract: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, an apparatus includes privileged mode logic, an interface, and memory management logic. The privileged mode logic is to transfer control of the processor among a plurality of virtual machines. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, determination logic, and a translation lookaside buffer. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address.

Abstract: A method and apparatus for cross validation of data using multiple subsystems are described. According to one embodiment of the invention, a computer comprises a first subsystem and a second subsystem; and a memory, the memory comprising a first memory region and a second memory region, the first memory region being associated with the first subsystem and a second memory region being associated with the second subsystem; upon start up of the computer, the first subsystem to validate the second memory region and the second subsystem to validate the first memory region.

Abstract: Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.

Abstract: Disclosed is a method for restricting access of a first code of a plurality of codes and data of a first function from a second function. Thee method comprises calling the second function by the first function, addresses of the plurality of data may be stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the data and/or addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).

Abstract: Embodiments of switching between multiple operating systems (OSes) using sleep state management and sequestered re-baseable memory are generally described herein. Embodiments of the invention allow one OS to be suspended into S3 or sleep mode, saving its state to memory and turning off its devices. Then, another sleeping OS can be resumed from another location in memory by switching a memory base addressed to a sequestered memory region and restoring its device state. Other embodiments may be described and claimed.

Abstract: A method and apparatus for cross validation of data using multiple subsystems are described. According to one embodiment of the invention, a computer comprises a first subsystem and a second subsystem; and a memory, the memory comprising a first memory region and a second memory region, the first memory region being associated with the first subsystem and a second memory region being associated with the second subsystem; upon start up of the computer, the first subsystem to validate the second memory region and the second subsystem to validate the first memory region.

Abstract: One particular implementation of the present invention may take the form of a mobile set configured to include one or more projection devices to display a media presentation to a viewer. The mobile set may be configured to follow a fixed path or may move through autonomous navigation. In one embodiment, the mobile set may be included as part of an amusement park ride to interact with the ride patrons and provide them with a greater entertainment experience. For example, the mobile projected set may be synchronized to move with a carrier vehicle carrying the ride patrons and project a presentation or display to the ride patrons during the ride. Placing the projected scene on a mobile set allows the patrons to interact with the projected scene for a longer period of time then if the projected scene was stationary. Further, the mobile sets may be used to configure and control sightlines through the ride to provide a more dynamic environment for the amusement park ride.

Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.

Abstract: End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values.

Abstract: A ride system is provided that allows selective relative positioning of vehicles in an amusement or theme park ride to simulate racing or other effects. The ride system includes a chassis that is adapted to be supported by and to travel on or along a length of track of a particular ride. A support is attached to the chassis and moves with the chassis during operation of the ride. The ride system includes first and second passenger vehicles that are spaced apart on and supported by the support. A drive assembly is linked to the support and configured to rotate the support about its central axis. During support rotation, the first and second vehicles are moved concurrently relative to the track to alter their relative positioning. The vehicles are each rotated about an axis that extends parallel to the rotation axis, and the rotation may be independent or concurrent.

Abstract: There is provided a system and method for the Figment collaboration system, providing intuitive user interfaces for collaboration. There is provided a system comprising an input surface, a display outputting on the input surface, and a server having a processor configured to receive a first input from the input surface, convert the first input into a first content box, generate contextual content suggestions based on the first content box, and show the first content box and the contextual content suggestions in a workspace canvas output to the display. By utilizing data sources accessible through a network, the contextual content suggestions may provide highly relevant data and remote user access to facilitate enhanced collaboration. At the same time, by supporting familiar workflows similar to working with conventional whiteboards, users can readily use the Figment collaboration system without the stress of having to learn poorly designed and complicated collaboration interfaces.

Abstract: Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material.

Abstract: Hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.

Abstract: A method and device allowing a scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an out-of-band (OOB) configured to compute a first hash value for data stored in one or more sectors of a data storage device at a first time; receive, using communication circuitry, a request to transmit a portion of the data stored in the one or more sectors of the data storage device at a second time, the second time being subsequent to the first time; compute a second hash value for the data stored in the one or more sectors of the data storage device at the second time; and transmit, using the communication circuitry, the requested portion of the data, only if the second hash value does not match the first hash value.

Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a network interface component, and a management controller. The management controller may be configured to receive information related to a subscription request for a virtual machine, generate configuration information for the network interface component based on the subscription request, and provide the configuration information to the network interface component. Other embodiments are disclosed and claimed.

Abstract: A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program's source code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.

Abstract: An item of protective gear for a body, including a section of shell material and a section of a relatively softer flexural material joined in a unitary structure, wherein the flexural material is a joint compliantly allowing for the shell material to conform to the body, or is an edge extension on the shell material for cushioning or comfort; and the item is configured to protect a specific area of a body.