Abstract: The claimed subject matter provides a system and/or a method that facilitates managing one or more devices utilized for communicating data within a telepresence session. A telepresence session can be initiated within a communication framework that includes two or more virtually represented users that communicate therein. A device can be utilized by at least one virtually represented user that enables communication within the telepresence session, the device includes at least one of an input to transmit a portion of a communication to the telepresence session or an output to receive a portion of a communication from the telepresence session. A detection component can adjust at least one of the input related to the device or the output related to the device based upon the identification of a cue, the cue is at least one of a movement detected, an event detected, or an ambient variation.

Abstract: Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.

Abstract: Communication of information via an in-band channel using a trusted configuration space is provided. The introduction of using a trusted configuration space associated with a computer bus system, such as PCI Express® (PCIe™), for example, enables the design of trusted computing platforms capable of providing compliant devices with assurance that their trusted configuration registers can only be accessed by software running in the trusted software environment. Establishing device trust in the software that initiates trusted configuration requests makes it possible to secure and control access to certain secret, sensitive, or personally-identifiable information these devices may contain (e.g., a uniquely-identifying public key, as described above or certificate which the device provides for revocation purposes).

Abstract: A security device watches over the secure functionality in a computer system. This “watcher” security device may be integrated within the computer system or may be separate from it. The security device queries the secure functionality to determine whether the state of the secure functionality is acceptable. If no satisfactory state exists, or if no response is received, then a signal is transmitted. The signal may be auditory (a buzzer) or visual (a flashing light) in order to signal to any user that the secure functionality has been compromised. Optionally, human input devices may be disabled, or a monitoring service notified, in conjunction with or in lieu of the signal. If the secure functionality includes a secret shared between the secure functionality and the user, then the security device may signal the secret. For example, where the secret is visual, the security device may display the secret.

Abstract: Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.

Abstract: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.

Abstract: Techniques are disclosed to provide security for user input in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Two modes are presented. In a first mode, user data is passed to the host operating system. In a second mode, user data is retained in the second operating system for the use of the second operating system or processes running on the second operating system. Transitions between the nodes can be accomplished according to hypothecated user actions such as keystroke combinations, or when the user performs an action which indicates a programmatic activation of a process running in the second operating system.

Abstract: A method is provided for a processor of a computing device to obtain a trusted identification of a hardware peripheral of the computing device, for the computing device and the peripheral to derive a set of shared keys, and for the processor to send trusted data to the peripheral.