Abstract: User profiles of remote desktops are managed in a crash-consistent manner. When a user logs into a remote desktop, metadata of the user profile is loaded from persistent storage while registry settings and files of the user profile are loaded asynchronously with respect to the login. During the remote desktop session, snapshots of the remote desktop image in persistent storage are generated periodically, and a change log that indicates changes to the user profile is created therefrom. The user profile stored in persistent storage is updated lazily using the change log at opportunistic times after snapshot generation. When the user logs out of the remote desktop, the user profile stored in the persistent storage is updated with any additional changes to the user profile by extracting the changes from the copy-on-write cache associated with the most recent snapshot.

Abstract: The disclosure provides an approach for certificate management for cryptographic agility. Embodiments include receiving, by a cryptographic agility system, a cryptographic request related to an application. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information associated with the cryptographic request. Embodiments include determining, by the cryptographic agility system, based on the cryptographic request, a certificate for authenticating a key related to the cryptographic technique. Embodiments include providing, by the cryptographic agility system, the certificate to an endpoint related to the cryptographic request for use in authenticating the key.

Abstract: The disclosure provides an approach for cryptographic agility. Embodiments include establishing, by a proxy component associated with a cryptographic agility system, a first secure connection with an application. Embodiments include receiving, by the proxy component, via the first secure connection, a communication from the application directed to an endpoint. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information related to the communication. Embodiments include establishing, by the proxy component, a second secure connection with the endpoint based on the cryptographic technique. Embodiments include transmitting, by the proxy component, a secure communication to the endpoint via the second secure connection based on the communication.

Abstract: This disclosure relates generally to configuring a legacy application or service with a reconfigurable cryptographic provider capable of leveraging many different cryptographic algorithms, protocols or functions. The application or service can be configured with the reconfigurable cryptographic provider by redirecting cryptographic API calls intended for a linked static shared cryptographic library or provider to a cryptographic adapter configured to emulate responses provided by the linked static shared cryptographic library. A cryptographic adapter is also described and is configured to generate abstracted versions of the cryptographic API calls and pass them on to the reconfigurable cryptographic provider, which selects and implements an appropriate cipher solution based on the abstracted cryptographic API calls.

Abstract: Disclosed are various examples for downloading data objects by enforcing a threshold amount of allocated data. In one example, among others, an application downloads a first subset of the files from a remote file management system. A user interface displays file system entries that represent the first subset of downloaded files and a second subset of undownloaded files from the remote file management system. The application detects an event for a respective file system entry associated with a respective file from the second subset of undownloaded files. The respective file is downloaded from the remote management system.

Abstract: The technology disclosed herein enables deployment of updates to computing systems connected to a Wide Area Network (WAN). In a particular example, a method includes identifying an update to be performed on computing systems connected to a Wide Area Network (WAN) and identifying first attributes of a first computing system of the computing systems. The method further includes determining an update time in which the update should be performed at the first computing system based on the first attributes relative to other attributes of other ones of the computing systems. The method also includes performing the update at the first computing system at the update time.

Abstract: The disclosure provides an approach for certificate management for cryptographic agility. Embodiments include receiving, by a cryptographic agility system, a cryptographic request related to an application. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information associated with the cryptographic request. Embodiments include determining, by the cryptographic agility system, based on the cryptographic request, a certificate for authenticating a key related to the cryptographic technique. Embodiments include providing, by the cryptographic agility system, the certificate to an endpoint related to the cryptographic request for use in authenticating the key.

Abstract: Embodiments provide for application-specific provisioning of files or registry keys. As applications are installed or launched, data is recorded by an application virtualization engine, and an index is created linking the recorded data to both the application and the underlying files or registry keys. As applications are requested (e.g., launched, updated, or the like), the application virtualization engine reveals various copies of file or registry keys to the application on demand or in accordance with a policy.

Abstract: A system is described for authenticating a user on a client device using the user's mobile device and utilizing the audio channel. An authentication server receives a request from the client to initiate a session for the user, creates the session, and sends a session token back to the client along with a request for authentication. The client broadcasts an audio transmission containing the token to the mobile device over an audio channel using data-over-sound transmission. The mobile device receives the transmission via a microphone, obtains the token and the server identity from the transmission, and sends user credentials that are stored on the mobile device along with the token identifying the session directly to the authentication server. The server verifies the received credentials, confirms the token, and logs the user into the session.

Abstract: This disclosure relates generally to configuring an application or service with reconfigurable cryptographic features taking the form of cryptographic algorithms, protocols or functions. The application or service can be configured with a cryptographic provider configured to receive abstracted cryptographic API calls and retrieve specific cryptographic features based on established cryptographic policies. This configuration allows for rapid updates to the cryptographic framework and for the cryptographic framework to be managed remotely in enterprise environments.

Abstract: This relates generally to protecting adjustable cipher solutions using trusted execution mechanisms. An example method includes, at one or more electronic devices, receiving a request for configuring a cipher solution for one or more cryptographic operations, retrieving one or more cryptographic policies from a first module protected by a secure enclave within a trusted execution environment, accessing one or more libraries in accordance with the one or more cryptographic policies, attesting the one or more libraries by verifying attestation data associated with the one or more libraries within a second module protected by the secure enclave of the trusted execution environment, and configuring the cipher solution for the electronic device based on attesting the one or more libraries.

Abstract: This relates generally to configuring and automatically selecting a cipher solution for secure communication. An example method includes, at an electronic device, receiving a request initiated by a requestor for one or more cryptographic operations, determining contextual information associated with the requestor, selecting a cipher solution for processing the request based on the contextual information and a policy engine, and processing the request for the one or more cryptographic operations by executing one or more cryptographic algorithms in accordance with the selected cipher solution.

Abstract: The current document is directed a resource-exchange system that facilitates resource exchange and sharing among computing facilities. The currently disclosed methods and systems employ efficient, distributed-search methods and subsystems within distributed computer systems that include large numbers of geographically distributed data centers to locate resource-provider computing facilities that match the resource needs of resource-consumer computing-facilities based on attribute values associated with the needed resources, the resource providers, and the resource consumers. The resource-exchange system monitors and controls resource exchanges on behalf of participants in the resource-exchange system in order to optimize resource usage within participant data centers and computing facilities.

Abstract: The disclosure provides an approach for cryptographic agility. Embodiments include receiving a request from an application for a cryptographic operation, wherein the request is associated with a computing device. Embodiments include determining one or more resource constraints related to the computing device. Embodiments include selecting, based on the one or more resource constraints, a cryptographic technique from a plurality of cryptographic techniques associated with indications of resource requirements. Embodiments include performing the cryptographic operation using the cryptographic technique. Embodiments include providing a response to the application based on performing the cryptographic operation.

Abstract: The disclosure provides an approach for auditable cryptographic agility. Embodiments include receiving, by a cryptographic agility system, a request to perform a cryptographic operation related to an application. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique for performing the cryptographic operation based on contextual information associated with the request. Embodiments include performing, by the cryptographic agility system, the cryptographic operation using the cryptographic technique. Embodiments include writing, by the cryptographic agility system, data related to selecting the cryptographic technique to a secure digital ledger.

Abstract: The disclosure provides an approach for cryptographic agility. Embodiments include establishing, by a proxy component associated with a cryptographic agility system, a first secure connection with an application. Embodiments include receiving, by the proxy component, via the first secure connection, a communication from the application directed to an endpoint. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information related to the communication. Embodiments include establishing, by the proxy component, a second secure connection with the endpoint based on the cryptographic technique. Embodiments include transmitting, by the proxy component, a secure communication to the endpoint via the second secure connection based on the communication.

Abstract: The disclosure provides an approach for certificate management for cryptographic agility. Embodiments include receiving, by a cryptographic agility system, a cryptographic request related to an application. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information associated with the cryptographic request. Embodiments include determining, by the cryptographic agility system, based on the cryptographic request, a certificate for authenticating a key related to the cryptographic technique. Embodiments include providing, by the cryptographic agility system, the certificate to an endpoint related to the cryptographic request for use in authenticating the key.

Abstract: The current document is directed a resource-exchange system that facilitates resource exchange and sharing among computing facilities. The currently disclosed methods and systems employ efficient, distributed-search methods and subsystems within distributed computer systems that include large numbers of geographically distributed data centers to locate resource-provider computing facilities that match the resource needs of resource-consumer computing-facilities based on attribute values associated with the needed resources, the resource providers, and the resource consumers. The resource-exchange system monitors and controls resource exchanges on behalf of participants in the resource-exchange system in order to optimize resource usage within participant data centers and computing facilities. By optimizing resource usage, the resource-exchange system drives participant data centers and computing facilities towards maximum operational efficiency.

Abstract: The current document is directed a resource-exchange system that facilitates resource exchange and sharing among computing facilities. The currently disclosed methods and systems employ efficient, distributed-search-based auction methods and subsystems within distributed computer systems that include large numbers of geographically distributed data centers to locate resource-provider computing facilities that match the resource needs of resource-consumer computing facilities. Multiple security methods and subsystems are employed to prevent unauthorized access to resource-exchange-system services, to secure resource-exchange-system-participant data from unauthorized access, and to prevent hosted virtual machines and other hosted computational entities from interfering with operation of native virtual machines and other native computational entities within hosting resource-provider computing facilities.

Abstract: An adaptive virtual desktop architecture is provided. Application install or assignment is evaluated, such as by using heuristics to identify applications that may present compatibility problems. Upon determining that a newly installed application may have compatibility problems when associated with a non-persistent virtual desktop, a promotion to a persistent virtual desktop occurs.