Abstract: Systems and methods may provide for confirming, by a loader module having administrative rights with respect to a computing device, the operability of an activator module on the computing device. Additionally, the activator module may be used to manage an installation status of one or more service agents or software components on the computing device and making them persistent. In one example, confirming the operability of the activator module includes conducting a presence verification and/or authentication of the activator module, wherein a replacement activator module may be downloaded to the computing device if the presence verification and/or authentication is unsuccessful.

Abstract: Systems and methods may provide for confirming, by a loader module having administrative rights with respect to a computing device, the operability of an activator module on the computing device. Additionally, the activator module may be used to manage an installation status of one or more service agents or software components on the computing device and making them persistent. In one example, confirming the operability of the activator module includes conducting a presence verification and/or authentication of the activator module, wherein a replacement activator module may be downloaded to the computing device if the presence verification and/or authentication is unsuccessful.

Abstract: Systems and methods may provide for confirming, by a loader module having administrative rights with respect to a computing device, the operability of an activator module on the computing device. Additionally, the activator module may be used to manage an installation status of one or more service agents or software components on the computing device and making them persistent. In one example, confirming the operability of the activator module includes conducting a presence verification and/or authentication of the activator module, wherein a replacement activator module may be downloaded to the computing device if the presence verification and/or authentication is unsuccessful.

Abstract: Systems and methods may provide for confirming, by a loader module having administrative rights with respect to a computing device, the operability of an activator module on the computing device. Additionally, the activator module may be used to manage an installation status of one or more service agents or software components on the computing device and making them persistent. In one example, confirming the operability of the activator module includes conducting a presence verification and/or authentication of the activator module, wherein a replacement activator module may be downloaded to the computing device if the presence verification and/or authentication is unsuccessful.

Abstract: Systems and methods may provide for confirming, by a loader module having administrative rights with respect to a computing device, the operability of an activator module on the computing device. Additionally, the activator module may be used to manage an installation status of one or more service agents or software components on the computing device and making them persistent. In one example, confirming the operability of the activator module includes conducting a presence verification and/or authentication of the activator module, wherein a replacement activator module may be downloaded to the computing device if the presence verification and/or authentication is unsuccessful.

Abstract: Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

Abstract: Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

Abstract: Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

Abstract: A system for application usage continuum across client devices and platforms includes a first client device configured to execute a first instance of an application and a second client device configured to execute a second instance of the application. The first client device is configured to receive an indication to transfer operation of the first instance of the application running on the first client device to the second instance of the application on the second client device. The first client device is further configured to generate state information and data associated with execution of the first instance of the application on the first client device and cause the state information to be sent to the second client device to enable the second instance of the application on the second client device to continue operation of the application on the second client device using the state information from the first client device.

Abstract: Systems and methods may provide for confirming, by a loader module having administrative rights with respect to a computing device, the operability of an activator module on the computing device. Additionally, the activator module may be used to manage an installation status of one or more service agents or software components on the computing device and making them persistent. In one example, confirming the operability of the activator module includes conducting a presence verification and/or authentication of the activator module, wherein a replacement activator module may be downloaded to the computing device if the presence verification and/or authentication is unsuccessful.

Abstract: The present disclosure is directed to systems and methods related to hardware-enforced access protection. An example device may comprise a login agent module (LAM), an operating system login authentication module (OSLAM) and a secure user authentication module (SUAM). The LAM may be configured to cause a prompt requesting login information to be presented by the device. The LAM may then provide the login information to the OSLAM, which may be configured to authenticate the login information using known user information. If authenticated, the OSLAM may generate and transmit a signed login success message to the SUAM using a private key. The SUAM may be secure/trusted software loaded by device firmware, and may be configured to authenticate the signed login success message. If authenticated, the SUAM may transmit an encrypted authentication message to the OSLAM. If the encrypted authentication message is authenticated, the OSLAM may grant access to the device.

Abstract: Methods, systems, and computer program products that relate to managing persistence information of client devices for services registered with a persistence cloud service. A method from the perspective of a computing device associated with a registered service may include receiving, from a client device, a device identifier that identifies the client device to the registered service. The method further may include requesting, from a persistence cloud server associated with the persistence cloud service, persistence information associated with the device identifier. The method may also include receiving the persistence information, determining a level of service to provide to the client device based on the persistence information, and providing the level of service to the client device. The computing device may, for example, be a server associated with the registered service, or may, for example, be a router.

Abstract: The present disclosure is directed to systems and methods related to hardware-enforced access protection. An example device may comprise a login agent module (LAM), an operating system login authentication module (OSLAM) and a secure user authentication module (SUAM). The LAM may be configured to cause a prompt requesting login information to be presented by the device. The LAM may then provide the login information to the OSLAM, which may be configured to authenticate the login information using known user information. If authenticated, the OSLAM may generate and transmit a signed login success message to the SUAM using a private key. The SUAM may be secure/trusted software loaded by device firmware, and may be configured to authenticate the signed login success message. If authenticated, the SUAM may transmit an encrypted authentication message to the OSLAM. If the encrypted authentication message is authenticated, the OSLAM may grant access to the device.

Abstract: Generally, this disclosure describes devices, methods and systems and for securely updating software on a mobile platform using trusted hardware based authentication. The device may include an image update module configured to receive a software update image from an update server, the image update module executing at an operating system (OS) level; a critical component database configured to identify critical software components associated with the secure operation of the device; a secure update application module configured to verify the inclusion of the critical software components in the software update image prior to installation of the software update image on the device; and a trusted execution environment (TEE) configured to restrict control access and data access to the secure update application module and the critical component database, the restriction enforced against the OS and against modules executing at the OS level.

Abstract: A system for application usage continuum across client devices and platforms includes a first client device configured to execute a first instance of an application and a second client device configured to execute a second instance of the application. The first client device is configured to receive an indication to transfer operation of the first instance of the application running on the first client device to the second instance of the application on the second client device. The first client device is further configured to generate state information and data associated with execution of the first instance of the application on the first client device and cause the state information to be sent to the second client device to enable the second instance of the application on the second client device to continue operation of the application on the second client device using the state information from the first client device.