Abstract: Embodiments of the invention are directed to systems and methods for maintaining coherency between different entities in a distributed system. A coherency module automatically detects a change in state in a first entity, wherein the change in state relates to a change in functional code in the first entity. A synchronization message is transmitted to a second entity to synchronize data in the second entity with data in the first entity as a result of the change in state. The second entity is configured to synchronize the data in the second entity with the data in the first entity after receiving the synchronization message.

Abstract: A method, apparatus, and system are disclosed. In one embodiment, the method determines whether one or more manageability conditions are present in a computer system, and then invokes an out-of-service manageability remediation environment stored within a portion of a flash device in the computer system when one or more manageability conditions are present.

Abstract: Embodiments of techniques and systems for sharing user information between proximate devices are described. In embodiments, a first device may identify a physically-proximate device that may receive user information. Upon receiving an indication that a user of the first device may desire to share user information with a user of the second device, a determination may be made as to whether the two users have matching interests. In embodiments, the interest match determination may be made by a separate interest match evaluator. Upon determination of an interest match, the first device may then send a request to share user information to the second device. If a user of the second device approves the request, user information for the user of the first device may be shared with the user of the second device. Other embodiments may be described and claimed.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: Methods and systems to display, in real time, detailed attribute information regarding a calling party. This information may be presented to a user in conjunction with an incoming voice-call or message on the user's smartphone/mobile internet device (MID) or other mobile device. Such information can help him/her in real-time to decide whether to respond to the communication. Attribute information is collected at a caller attributes processing server and communicated to a receiver device of the called party.

Abstract: A method, system, and computer accessible medium are disclosed for launching an application authentication policy (AAP) application on a computing device, enabling the device for use as a personal device of a user if the user is authenticated by the AAP application, and otherwise enabling the device for use as a non-personal device that provides only basic functionality but protects other users' personal data and applications.

Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.

Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.

Abstract: A method, system, and device are disclosed. In one embodiment the method includes receiving a recipient phone number into an electronic gift phone module (EGPM). The EGPM also receives a set of gift data that includes a gift identification. The EGPM sends the recipient phone number and at least some gift data to an electronic gift processing server module (EGPSM). The EGPSM purchases a recipient gift by utilizing the gift identification. The EGPSM also sends notification of the recipient gift purchase to the recipient phone number.

Abstract: A device, system, and method for providing processor-based data protection on a mobile computing device includes accessing data stored in memory with a central processing unit of the mobile computing device and determining that the accessed data is encrypted data based on a data included in one or more control registers of the central processing unit. If the data is determined to be encrypted data, the central processing unit is to decrypt the encrypted data using a cryptographic key stored in the central processing unit. The encrypted data may also be stored on a drive of the mobile computing device. The encryption state of the data stored on the drive is maintained in a drive encryption table, which is used to update a memory page tables and the one or more control registers.

Abstract: Techniques are described for generating high quality entropy in a software only or a hardware assisted software environment, such as a virtualized environment. Embodiments of the invention describe creating an entropy pool within the virtualized environment using multiple sources of entropy. The entropy pool may be used in creating dynamically customizable and high entropy RNG and PUF. The sources of entropy may include trusted sources, untrusted sources and entropy sources with a varied scale of trust and entropy quality associated with them.

Abstract: Embodiments of the invention broadly described, introduce systems and methods for protecting data at a data protection hub using a data protection policy. One embodiment of the invention discloses a method for protecting unprotected data. The method comprises receiving a data protection request message comprising unprotected data and one or more policy parameters, determining a data protection transformation using the policy parameters, performing the data protection transformation on the unprotected data to generate protected data, and sending the protected data.

Abstract: Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: A dynamic root of trust can be injected in an application module on a client device using a backend server and can be continuously monitored to ensure authenticity, integrity and confidentiality at load time, run time and update time of the application module. The dynamic root of trust can be updated directly from the backend server and can be used to establish a time bound trust chain for the other software modules loaded and executed as part of the application module.

Abstract: A system may configure at least a low power engine (LPE) and network interface circuitry when transitioning from an active state to a low-power state. The network interface circuitry may be configured to receive information from a network and to store any received information containing audio information into a memory location. The LPE may be configured to monitor the memory location, to retrieve the stored information from the memory location, to generate audio information based on the stored information and to provide the audio information to audio circuitry for playback. It is also possible for the LPE to receive audio information from the audio circuitry, to generate information for transmission based on the audio information and to store the information into a second memory location. The network interface circuitry may then retrieve the stored information from the second memory location and transmit the information to the network.

Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.

Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.

Abstract: A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

Abstract: A method according to one embodiment includes the operations of determining a requested playback media content rating; selecting a pattern matching database associated with the requested playback media content rating; scanning one or more frames of media content; and comparing the scanned frames of media content to the pattern matching database to determine matched frames for omission from playback based on the requested playback media content rating.