Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.

Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.

Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.

Abstract: A platform security system and method improve security by binding an identity of a self-contained certificate signing request (SC CSR) requestor to the SC CSR to prevent malicious tampering, such as man-in-the-middle attacks. In at least one embodiment, the requestor, such as a client computer system or other source of a request, requests certificates from a certificate authority (CA). Binding the identity of the SC CSR to the requestor can prevent unauthorized system and/or data access and potentially resultant unauthorized access, malicious tampering, such as man-in-the-middle attacks, and other unauthorized actions or observations. Validation can be performed at the CA on the SC CSR to determine the integrity of the requestor and authorization to receive certificates before the CA sends the certificate to the requestor.

Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.

Abstract: A platform security system and method improve security by binding an identity of a self-contained certificate signing request (SC CSR) requestor to the SC CSR to prevent malicious tampering, such as man-in-the-middle attacks. In at least one embodiment, the requestor, such as a client computer system or other source of a request, requests certificates from a certificate authority (CA). Binding the identity of the SC CSR to the requestor can prevent unauthorized system and/or data access and potentially resultant unauthorized access, malicious tampering, such as man-in-the-middle attacks, and other unauthorized actions or observations. Validation can be performed at the CA on the SC CSR to determine the integrity of the requestor and authorization to receive certificates before the CA sends the certificate to the requestor.

Abstract: A platform security system and method improve security by binding an identity of a self-contained certificate signing request (SC CSR) requestor to the SC CSR to prevent malicious tampering, such as man-in-the-middle attacks. In at least one embodiment, the requestor, such as a client computer system or other source of a request, requests certificates from a certificate authority (CA). Binding the identity of the SC CSR to the requestor can prevent unauthorized system and/or data access and potentially resultant unauthorized access, malicious tampering, such as man-in-the-middle attacks, and other unauthorized actions or observations. Validation can be performed at the CA on the SC CSR to determine the integrity of the requestor and authorization to receive certificates before the CA sends the certificate to the requestor.

Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.

Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.

Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.

Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.

Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.

Abstract: An operating system or other software resident on an electronic processing device employs aggregated timestamps. In this way timestamps can be generated and compared to one another without the need for a real-time clock with a power backup. Aggregated time includes the last known time that the device synchronized its clock with a reference time available over a network. Aggregated time also includes a relative time value which in part accumulates using a session clock whenever the device is powered-up. When network time becomes available the operating system or other software will use this information to fix up the already generated aggregated timestamps. A comparison of timestamps will most of the time be resolved for stamps generated on the same device and will generally be resolved by comparing time frames when the timestamps being compared are generated by different devices.

Abstract: A pervasive service provides device specific updates. A proxy device receives an update request from a user device located proximate to the proxy device. The update request includes at least a user device identifier and a user device state. Update data associated with the user device identifier and the user device state is accessed. The proxy device transmits the device-specific update data to the user device. In some embodiments, the proxy device is a mobile device that detects or otherwise encounters a plurality of the user devices and provides device-specific updates thereto.

Abstract: An operating system or other software resident on an electronic processing device employs aggregated timestamps. In this way timestamps can be generated and compared to one another without the need for a real-time clock with a power backup. Aggregated time includes the last known time that the device synchronized its clock with a reference time available over a network. Aggregated time also includes a relative time value which in part accumulates using a session clock whenever the device is powered-up. When network time becomes available the operating system or other software will use this information to fix up the already generated aggregated timestamps. A comparison of timestamps will most of the time be resolved for stamps generated on the same device and will generally be resolved by comparing time frames when the timestamps being compared are generated by different devices.

Abstract: An operating system or other software resident on an electronic processing device employs aggregated timestamps. In this way timestamps can be generated and compared to one another without the need for a real-time clock with a power backup. Aggregated time includes the last known time that the device synchronized its clock with a reference time available over a network. Aggregated time also includes a relative time value which in part accumulates using a session clock whenever the device is powered-up. When network time becomes available the operating system or other software will use this information to fix up the already generated aggregated timestamps. A comparison of timestamps will most of the time be resolved for stamps generated on the same device and will generally be resolved by comparing time frames when the timestamps being compared are generated by different devices.

Abstract: An operating system or other software resident on an electronic processing device employs aggregated timestamps. In this way timestamps can be generated and compared to one another without the need for a real-time clock with a power backup. Aggregated time includes the last known time that the device synchronized its clock with a reference time available over a network. Aggregated time also includes a relative time value which in part accumulates using a session clock whenever the device is powered-up. When network time becomes available the operating system or other software will use this information to fix up the already generated aggregated timestamps. A comparison of timestamps will most of the time be resolved for stamps generated on the same device and will generally be resolved by comparing time frames when the timestamps being compared are generated by different devices.

Abstract: A source device can navigate towards a moving destination target device, such as when two mobile phones are moving towards each other. The source device can receive an initial position of the target and a route to the target. As the source device and target device simultaneously move, the route can be updated. For example, if a distance of movement exceeds a threshold (e.g., 1 mile) the route can be updated. In another embodiment, a target device can switch between position tracking devices so as to provide less accurate position information, but save power, or provide high accuracy position information at the cost of higher power consumption. Generally, the switching between position tracking devices and the frequency at which the route to the destination point can be based on the distance apart between the source device and target device.

Abstract: Memory for a fragmented file on a non-volatile storage device can be readdressed to contiguous physical memory addresses, while the physical location of the file fragments of the fragmented file stored on the non-volatile storage device remain the same after the memory is readdressed. A logical block addressing (LBA) mapping table can be updated based on the readdressed contiguous physical memory addresses.

Abstract: A pervasive service provides device specific updates. A proxy device receives an update request from a user device located proximate to the proxy device. The update request includes at least a user device identifier and a user device state. Update data associated with the user device identifier and the user device state is accessed. The proxy device transmits the device-specific update data to the user device. In some embodiments, the proxy device is a mobile device that detects or otherwise encounters a plurality of the user devices and provides device-specific updates thereto.