Abstract: Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

Abstract: Systems and methods providing a local edge authority platform that enables localized control of managed devices with selective cloud and occasional cloud connectivity are provided. The method includes receiving first configuration instructions from a first configuration authority for configuring a managed device; receiving second configuration instructions from a second configuration authority for configuring the managed device, wherein the first configuration authority is different than the second configuration authority; determining a conflict exists between the first configuration instructions and the second configuration instructions; resolving the conflict; and configuring the managed device based on the resolved conflict.

Abstract: Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

Abstract: Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

Abstract: Methods and devices for using candidate accounts on a computer device may include creating on the computer device, a candidate account representing a blank user profile for use on the computer device. The methods and devices may include automatically logging in the candidate account and locking the computer device. The methods and devices may include creating a user specific isolated environment on the computer device for the candidate account.

Abstract: Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.

Abstract: Methods and devices for using candidate accounts on a computer device may include creating on the computer device, a candidate account representing a blank user profile for use on the computer device. The methods and devices may include automatically logging in the candidate account and locking the computer device. The methods and devices may include creating a user specific isolated environment on the computer device for the candidate account.

Abstract: The techniques discussed herein may facilitate user account management while also protecting a user's personally identifiable information (PII). The user's PII is stored in a protected area, such as a secure operating system area. The techniques may also implement a broker process to access a user's PII. The techniques display a user's accounts that are available for use with an application. The techniques further provide for passing a hint to the application upon receiving selection of an account, wherein the hint indicates which user account is selected, without divulging to the application any of the user's PII.

Abstract: Presented is an anti-tampering method that validates and protects specific sections of a binary file. In one embodiment, this method permits a proxy engine to execute (via emulation by a virtual machine) the protected code on behalf of the binary in kernel mode upon successful completion of an integrity check. The integrity check can optionally check only the specific parts of code that the developer wishes to validate. The integrity check can cross binary boundaries. Moreover, the integrity check can be done on a hard drive or in memory. Furthermore, since the encrypted code is executed by the proxy engine in kernel mode, hackers are further deterred from modifying the code. Additionally, a method of creating a protected binary file is described herein.

Abstract: Restricting execution by a computing device of instructions within an application program. The application program is modified such that execution of the selected instructions is dependent upon a corresponding expected state of one or more hardware components in the computing device. In an embodiment, the application program is modified to place the hardware components in the expected states prior to execution of the corresponding selected instructions. Creating the dependency on the hardware components prevents the unintended or malicious execution of the selected instructions.

Abstract: Presented is an anti-tampering method that validates and protects specific sections of a binary file. In one embodiment, this method permits a proxy engine to execute (via emulation by a virtual machine) the protected code on behalf of the binary in kernel mode upon successful completion of an integrity check. The integrity check can optionally check only the specific parts of code that the developer wishes to validate. The integrity check can cross binary boundaries. Moreover, the integrity check can be done on a hard drive or in memory. Furthermore, since the encrypted code is executed by the proxy engine in kernel mode, hackers are further deterred from modifying the code. Additionally, a method of creating a protected binary file is described herein.

Abstract: Restricting execution by a computing device of instructions within an application program. The application program is modified such that execution of the selected instructions is dependent upon a corresponding expected state of one or more hardware components in the computing device. In an embodiment, the application program is modified to place the hardware components in the expected states prior to execution of the corresponding selected instructions. Creating the dependency on the hardware components prevents the unintended or malicious execution of the selected instructions.

Abstract: In an example embodiment, executable files are individually encrypted utilizing a symmetric cryptographic key. For each user to be given access to the obfuscated file, the symmetric cryptographic key is encrypted utilizing a public key of a respective public/private key pair. A different public key/private key pair is utilized for each user. Obfuscated files are formed comprising the encrypted executable files and a respective encrypted symmetric cryptographic key. The private keys of the public/private key pairs are stored on respective smart cards. The smart cards are distributed to the users. When a user wants to invoke the functionality of an obfuscated file, the user provides the private key via his/her smart card. The private key is retrieved and is utilized to decrypt the appropriate portion of the obfuscated file. The symmetric cryptographic key obtained therefrom is utilized to decrypt the encrypted executable file.

Abstract: An apparatus for recording theme-based travel related events includes a set of display pieces, each configured to depict a scaled, specific geographic area and, when arranged in a predetermined orientation, collectively depict a larger, substantially contiguous geographic region. A display tray forms a flat display surface dimensioned to hold the entire set, or selective subsets of display pieces. A storage tray holds the unused display pieces. Magnets, adhesive and/or mechanical interlocks retain the individual display pieces on either the display or storage tray. A mounting frame holds the display tray for wall mounted viewing of the changing mosaic of display pieces and simultaneously stores the unused pieces. A partially pre-formatted travel ledger carried with the frame records key dates, locations and events.