Abstract: In some embodiments, an augmented reality system is provided. The augmented reality system is configured to detect real-world objects, create software objects that represent the real-world objects, receive requests from applications to present virtual objects at locations associated with the real-world objects, and to present the virtual objects. In some embodiments, an operating system of the augmented reality system is configured to resolve conflicts between requests from multiple applications. In some embodiments, the operating system of the augmented reality system is configured to provide information to applications to allow the applications to avoid or resolve conflicts amongst themselves.

Abstract: In some embodiments, a method of providing visual cues for private virtual objects is provided. In response to determining that presentation of a protected characteristic of a virtual object is not permitted by an augmented reality system, the augmented reality system presents a placeholder object. In some embodiments, a method of protecting a location from undesirable virtual objects is provided. In response to determining that a location for a virtual object is associated with a protected location, a low-invasiveness version of a mesh of the virtual object is presented. In some embodiments, a method of decoupling a virtual object from a static physical location is provided.

Abstract: In some embodiments, an augmented reality system is provided. The augmented reality system is configured to detect real-world objects, create software objects that represent the real-world objects, receive requests from applications to present virtual objects at locations associated with the real-world objects, and to present the virtual objects. In some embodiments, an operating system of the augmented reality system is configured to resolve conflicts between requests from multiple applications. In some embodiments, the operating system of the augmented reality system is configured to provide information to applications to allow the applications to avoid or resolve conflicts amongst themselves.

Abstract: In some embodiments, a method of providing visual cues for private virtual objects is provided. In response to determining that presentation of a protected characteristic of a virtual object is not permitted by an augmented reality system, the augmented reality system presents a placeholder object. In some embodiments, a method of protecting a location from undesirable virtual objects is provided. In response to determining that a location for a virtual object is associated with a protected location, a low-invasiveness version of a mesh of the virtual object is presented. In some embodiments, a method of decoupling a virtual object from a static physical location is provided.

Abstract: In some embodiments, an augmented reality system is provided that provides output security. In some embodiments, an operating system of the augmented reality system provides trusted management support for presenting virtual objects from untrusted applications executing in multiple isolated processes. With the output security mechanisms enabled, untrusted applications are still provided significant flexibility to create immersive AR experiences, but their presented content is constrained by the augmented reality system based on one or more output policies that are intended to reduce intrusiveness of virtual object presentations. Output policies may be composable, such that more than one output policy may be enforced on a given virtual object in a way that reduces intrusiveness of the presentation of the virtual object.

Abstract: Systems and methods for creating and managing per-application profiles are disclosed. A method may include receiving input designating at least a first profile policy and a second profile policy. At least a first application profile and a second application profile may be created based on the received first profile policy and the second profile policy. An application of the plurality of applications may be associated with both the first application profile and the second application profile. A first storage partition and a second storage partition may be created within a storage space of the computing device. The storage space may be associated with the application. The first storage partition may store application data while the application is running under the first application profile. The second storage partition may store application data while the application is running under the second application profile.

Abstract: Functionality is described herein for receiving events which characterize features in an environment, and for identifying at least one policy based on the events. The functionality consults a certificate, associated with the policy, to determine whether the policy is valid. If valid, the functionality uses the policy to govern the behavior of at least one application, such as by controlling the application's consumption of events. A trusted passport authority may be employed to generate the certificates. Each certificate may: (1) identify that it originated from the trusted passport authority; (2) contain context information which describes a context in which the policy is intended to be applied within an environment; and/or (3) contain machine-readable content that, when executed, carries out at least one aspect of the policy.

Abstract: In some embodiments, an augmented reality system is provided that provides output security. In some embodiments, an operating system of the augmented reality system provides trusted management support for presenting virtual objects from untrusted applications executing in multiple isolated processes. With the output security mechanisms enabled, untrusted applications are still provided significant flexibility to create immersive AR experiences, but their presented content is constrained by the augmented reality system based on one or more output policies that are intended to reduce intrusiveness of virtual object presentations. Output policies may be composable, such that more than one output policy may be enforced on a given virtual object in a way that reduces intrusiveness of the presentation of the virtual object.

Abstract: Systems and methods for creating and managing per-application profiles are disclosed. A method may include receiving input designating at least a first profile policy and a second profile policy. At least a first application profile and a second application profile may be created based on the received first profile policy and the second profile policy. An application of the plurality of applications may be associated with both the first application profile and the second application profile. A first storage partition and a second storage partition may be created within a storage space of the computing device. The storage space may be associated with the application. The first storage partition may store application data while the application is running under the first application profile. The second storage partition may store application data while the application is running under the second application profile.

Abstract: A shared renderer maintains shared state information to which two or more augmented reality application contribute. The shared renderer then provides a single output presentation based on the shared state information. Among other aspects, the shared renderer includes a permission mechanism by which applications can share information regarding object properties. The shared renderer may also include: a physics engine for simulating movement of at least one object that is represented by the shared state information; an annotation engine for managing a presentation of annotations produced by plural applications; and/or an occlusion engine for managing the behavior of the output presentation when two or more objects, produced by two or more applications, overlap within the output presentation.

Abstract: Functionality is described herein for managing the behavior of one or more applications, such as augmented reality applications and/or other environment-sensing applications. The functionality defines permission information in a world-driven manner, which means that the functionality uses a trusted mechanism to identify cues in the sensed environment, and then maps those cues to permission information. The functionality then uses the permission information to govern the operation of one or more applications.

Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.

Abstract: An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.

Abstract: Functionality is described herein for receiving events which characterize features in an environment, and for identifying at least one policy based on the events. The functionality consults a certificate, associated with the policy, to determine whether the policy is valid. If valid, the functionality uses the policy to govern the behavior of at least one application, such as by controlling the application's consumption of events. A trusted passport authority may be employed to generate the certificates. Each certificate may: (1) identify that it originated from the trusted passport authority; (2) contain context information which describes a context in which the policy is intended to be applied within an environment; and/or (3) contain machine-readable content that, when executed, carries out at least one aspect of the policy.

Abstract: Functionality is described herein for managing the behavior of one or more applications, such as augmented reality applications and/or other environment-sensing applications. The functionality defines permission information in a world-driven manner, which means that the functionality uses a trusted mechanism to identify cues in the sensed environment, and then maps those cues to permission information. The functionality then uses the permission information to govern the operation of one or more applications.

Abstract: A shared renderer maintains shared state information to which two or more augmented reality application contribute. The shared renderer then provides a single output presentation based on the shared state information. Among other aspects, the shared renderer includes a permission mechanism by which applications can share information regarding object properties. The shared renderer may also include: a physics engine for simulating movement of at least one object that is represented by the shared state information; an annotation engine for managing a presentation of annotations produced by plural applications; and/or an occlusion engine for managing the behavior of the output presentation when two or more objects, produced by two or more applications, overlap within the output presentation.

Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.

Abstract: An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism.

Abstract: A method and processor for providing full load/store queue functionality to an unordered load/store queue for a processor with out-of-order execution. Load and store instructions are inserted in a load/store queue in execution order. Each entry in the load/store queue includes an identification corresponding to a program order. Conflict detection in such an unordered load/store queue may be performed by searching a first CAM for all addresses that are the same or overlap with the address of the load or store instruction to be executed. A further search may be performed in a second CAM to identify those entries that are associated with younger or older instructions with respect to the sequence number of the load or store instruction to be executed. The output results of the Address CAM and Age CAM are logically ANDed.

Abstract: An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.