Abstract: In an approach, a first application executing on a first computer acquires, one or more resources of the first computer, wherein the one or more resources include one or more shared resources that are shared among applications of the first computer. The first application receives a media stream from a second computer and presents playback of the media stream. In response to detecting that priority within the first computer has shifted to a second application, the first application pauses playback of the media stream and releases the one or more shared resources while retaining one or more remaining resources that relate to a session context. In response to detecting that priority has shifted back to the first application, the first application re-acquires the one or more shared resources and resumes playback of the media stream based on the one or more remaining resources.

Abstract: User physical interaction characteristics information or the way a user physically interacts with a device is analyzed to aid in authenticating a user of a device. User physical interaction characteristics information such as swipe speed, finger area, finger conductivity, finger angle, device angle, movement patterns, acceleration, etc., provide signatures that are distinctive for particular individuals and possibly unique if measured to a sufficiently high level of precision. In some examples, a device measures finger positions, finger pad sizes, moisture level, acceleration, displacement, and changes in finger pad size for a particular user and compares the measurements to physical interaction characteristics measured during subsequent usage of the device to verify that a user is an authorized user.

Abstract: In an approach, a first application executing on a first computer acquires, one or more resources of the first computer, wherein the one or more resources include one or more shared resources that are shared among applications of the first computer. The first application receives a media stream from a second computer and presents playback of the media stream. In response to detecting that priority within the first computer has shifted to a second application, the first application pauses playback of the media stream and releases the one or more shared resources while retaining one or more remaining resources that relate to a session context. In response to detecting that priority has shifted back to the first application, the first application re-acquires the one or more shared resources and resumes playback of the media stream based on the one or more remaining resources.

Abstract: In an approach, a first application executing on a first computer acquires, one or more resources of the first computer, wherein the one or more resources include one or more shared resources that are shared among applications of the first computer. The first application receives a media stream from a second computer and presents playback of the media stream. In response to detecting that priority within the first computer has shifted to a second application, the first application pauses playback of the media stream and releases the one or more shared resources while retaining one or more remaining resources that relate to a session context. In response to detecting that priority has shifted back to the first application, the first application re-acquires the one or more shared resources and resumes playback of the media stream based on the one or more remaining resources.

Abstract: Mechanisms are provided to allow devices to support multiple modes, such as work, personal, and family modes. Conventional mobile solutions provide only for mode distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Existing computer system solutions rely on multiple operating system instances or multiple virtual machines. Framework level modes are provided that do not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data and capabilities based on a current mode.

Abstract: Mechanisms are provided for allowing pluggable encryption in an operating system. Modules such as proprietary cipher modules connect to a kernel cryptographic framework using cryptographic cipher adapters. Supported cryptographic ciphers as well as proprietary cryptographic ciphers can be used in a transparent manner during file system access, key management, and metadata maintenance operations. Proprietary cipher modules interact with the cryptographic cipher adapters as though the cryptographic cipher adapters are the kernel cryptographic framework. The kernel cryptographic framework interacts with the cryptographic cipher adapters as though the cryptographic cipher adapters are proprietary cipher modules.

Abstract: Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Various embodiments provide framework level mode sensitive encryption that does not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data based on a current mode.

Abstract: Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Various embodiments provide framework level mode sensitive encryption that does not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data based on a current mode.

Abstract: User physical interaction characteristics information or the way a user physically interacts with a device is analyzed to aid in authenticating a user of a device. User physical interaction characteristics information such as swipe speed, finger area, finger conductivity, finger angle, device angle, movement patterns, acceleration, etc., provide signatures that are distinctive for particular individuals and possibly unique if measured to a sufficiently high level of precision. In some examples, a device measures finger positions, finger pad sizes, moisture level, acceleration, displacement, and changes in finger pad size for a particular user and compares the measurements to physical interaction characteristics measured during subsequent usage of the device to verify that a user is an authorized user.

Abstract: Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Various embodiments provide framework level mode sensitive encryption that does not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data based on a current mode.

Abstract: User physical interaction characteristics information or the way a user physically interacts with a device is analyzed to aid in authenticating a user of a device. User physical interaction characteristics information such as swipe speed, finger area, finger conductivity, finger angle, device angle, movement patterns, acceleration, etc., provide signatures that are distinctive for particular individuals and possibly unique if measured to a sufficiently high level of precision. In some examples, a device measures finger positions, finger pad sizes, moisture level, acceleration, displacement, and changes in finger pad size for a particular user and compares the measurements to physical interaction characteristics measured during subsequent usage of the device to verify that a user is an authorized user.

Abstract: Mechanisms are provided for allowing pluggable encryption in an operating system. Modules such as proprietary cipher modules connect to a kernel cryptographic framework using cryptographic cipher adapters. Supported cryptographic ciphers as well as proprietary cryptographic ciphers can be used in a transparent manner during file system access, key management, and metadata maintenance operations. Proprietary cipher modules interact with the cryptographic cipher adapters as though the cryptographic cipher adapters are the kernel cryptographic framework. The kernel cryptographic framework interacts with the cryptographic cipher adapters as though the cryptographic cipher adapters are proprietary cipher modules.

Abstract: Mechanisms are provided for allowing pluggable encryption in an operating system. Modules such as proprietary cipher modules connect to a kernel cryptographic framework using cryptographic cipher adapters. Supported cryptographic ciphers as well as proprietary cryptographic ciphers can be used in a transparent manner during file system access, key management, and metadata maintenance operations. Proprietary cipher modules interact with the cryptographic cipher adapters as though the cryptographic cipher adapters are the kernel cryptographic framework. The kernel cryptographic framework interacts with the cryptographic cipher adapters as though the cryptographic cipher adapters are proprietary cipher modules.

Abstract: Mode sensitive networking is provided to allow mode specific communications using a mobile device. If a device has an established secured connection and an application is running in work mode, packets are routed through the secure connection. If the device has an established secured connection but an application is running in personal mode, packets are routed through an alternate connection. Secured connections may be established by using privileged applications. A device and associated applications may have access to different servers, sites, and destinations based on a current mode.

Abstract: Mechanisms are provided to allow particular parties and applications access to protected application programming interfaces (APIs) without the use of security domains. Trusted parties and applications may have access to protected APIs while unfrosted parties and applications may be restricted to a more limited set of APIs. Public keys associated with individual applications that are used to enforce licensing policies can be repurposed for use in a verification process to prevent unauthorized access to APIs. A credential storage manager can be used to maintain permission and certificate information. An application authorization manager may access credential storage and maintain trusted application information.

Abstract: Mechanisms are provided to efficiently and effectively authenticate a user of a device. Passcode information such as passwords, pins, and access codes are obtained along with biometric information to periodically authenticate a user of a device. A user identity confidence score may be generated and continually modified by using data such as passcode information, biometric information, and/or user physical interaction characteristics information. If the user identify confidence score falls beneath a particular threshold, additional user authentication information may be requested.

Abstract: Mechanisms are provided for allowing pluggable encryption in an operating system. Modules such as proprietary cipher modules connect to a kernel cryptographic framework using cryptographic cipher adapters. Supported cryptographic ciphers as well as proprietary cryptographic ciphers can be used in a transparent manner during file system access, key management, and metadata maintenance operations. Proprietary cipher modules interact with the cryptographic cipher adapters as though the cryptographic cipher adapters are the kernel cryptographic framework. The kernel cryptographic framework interacts with the cryptographic cipher adapters as though the cryptographic cipher adapters are proprietary cipher modules.

Abstract: User physical interaction characteristics information or the way a user physically interacts with a device is analyzed to aid in authenticating a user of a device. User physical interaction characteristics information such as swipe speed, finger area, finger conductivity, finger angle, device angle, movement patterns, acceleration, etc., provide signatures that are distinctive for particular individuals and possibly unique if measured to a sufficiently high level of precision. In some examples, a device measures finger positions, finger pad sizes, moisture level, acceleration, displacement, and changes in finger pad size for a particular user and compares the measurements to physical interaction characteristics measured during subsequent usage of the device to verify that a user is an authorized user.

Abstract: Mechanisms are provided to efficiently and effectively authenticate a user of a device. Passcode information such as passwords, pins, and access codes are obtained along with biometric information to periodically authenticate a user of a device. A user identity confidence score may be generated and continually modified by using data such as passcode information, biometric information, and/or user physical interaction characteristics information. If the user identify confidence score falls beneath a particular threshold, additional user authentication information may be requested.

Abstract: Mechanisms are provided to allow particular parties and applications access to protected application programming interfaces (APIs) without the use of security domains. Trusted parties and applications may have access to protected APIs while unfrosted parties and applications may be restricted to a more limited set of APIs. Public keys associated with individual applications that are used to enforce licensing policies can be repurposed for use in a verification process to prevent unauthorized access to APIs. A credential storage manager can be used to maintain permission and certificate information. An application authorization manager may access credential storage and maintain trusted application information.