Abstract: Systems, devices, and methods are provided for cloud-based privacy controls. User content is encrypted using a content encryption key (CEK). The CEK may be double-encrypted by the data producer—the inner envelope is encrypted using keys associated with privacy domains that are authorized to access the user content. The outer envelope is encrypted using a cloud privacy control's public key. When a data consumer requests access the user content, the cloud privacy control evaluates privacy policies and determine whether access should be permitted. If permitted, the cloud privacy control decrypts the outer envelope and provides the inner envelope with CEK to the requestor. Upon receiving the inner envelope, the data consumer may then decrypt the inner envelope with its privacy domain private key to obtain the CEK. The CEK may then be used to perform a decryption and obtain the user content.

Abstract: Systems and methods for temporarily associating user accounts with voice-enabled devices are disclosed. A voice-enabled device, which may be associated with a default account, may be situated in an environment, such as a hotel room. A user may desire to utilize the voice-enabled device to perform one or more actions. In examples, some or all of the actions may require the use of a system resource not available to the default account. In these examples, the user may provide contact information to be used to send a message to personal device of the user to acquire user account information. Upon receipt of such information, the user account may be temporarily associated with the voice-enabled device, and may be dissociated from the voice-enabled device upon the lapse of a period of time and/or occurrence of a dissociation event.

Abstract: Systems and methods for temporarily associating user accounts with voice-enabled devices are disclosed. A voice-enabled device, which may be associated with a default account, may be situated in an environment, such as a hotel room. A user may desire to utilize the voice-enabled device to perform one or more actions. In examples, some or all of the actions may require the use of a system resource not available to the default account. In these examples, the user may provide contact information to be used to send a message to personal device of the user to acquire user account information. Upon receipt of such information, the user account may be temporarily associated with the voice-enabled device, and may be dissociated from the voice-enabled device upon the lapse of a period of time and/or occurrence of a dissociation event.

Abstract: Systems and methods for temporarily associating user accounts with voice-enabled devices are disclosed. A voice-enabled device, which may be associated with a default account, may be situated in an environment, such as a hotel room. A user may desire to utilize the voice-enabled device to perform one or more actions. In examples, some or all of the actions may require the use of a system resource not available to the default account. In these examples, the user may provide contact information to be used to send a message to personal device of the user to acquire user account information. Upon receipt of such information, the user account may be temporarily associated with the voice-enabled device, and may be dissociated from the voice-enabled device upon the lapse of a period of time and/or occurrence of a dissociation event.

Abstract: Systems and methods for temporarily associating user accounts with voice-enabled devices are disclosed. A voice-enabled device, which may be associated with a default account, may be situated in an environment, such as a hotel room. A user may desire to utilize the voice-enabled device to perform one or more actions. In examples, some or all of the actions may require the use of a system resource not available to the default account. In these examples, the user may provide contact information to be used to send a message to personal device of the user to acquire user account information. Upon receipt of such information, the user account may be temporarily associated with the voice-enabled device, and may be dissociated from the voice-enabled device upon the lapse of a period of time and/or occurrence of a dissociation event.

Abstract: Systems and methods for temporarily associating user accounts with voice-enabled devices are disclosed. A voice-enabled device, which may be associated with a default account, may be situated in an environment, such as a hotel room. A user may desire to utilize the voice-enabled device to perform one or more actions. In examples, some or all of the actions may require the use of a system resource not available to the default account. In these examples, the user may provide contact information to be used to send a message to personal device of the user to acquire user account information. Upon receipt of such information, the user account may be temporarily associated with the voice-enabled device, and may be dissociated from the voice-enabled device upon the lapse of a period of time and/or occurrence of a dissociation event.

Abstract: A device provisioning service (DPS) fields requests from unprovisioned devices so that those unprovisioned devices can obtain network credentials or other data used in provisioning the unprovisioned device. The DPS can identify the device securely and associate with a known user account, or the user provisioning the device can supply network credentials over a side channel after supplying a provision code indicative of possession of the unprovisioned device. The provision code can be unique to the unprovisioned device or a short-sequence code that is not necessarily unique, but that is sufficiently uncommon that a specific short-sequence code would not likely be used more than once at a time. In order to communicate with the DPS, a provisioning device might connect the unprovisioned device and the DPS. If the provisioning device is a trusted device, it can perform some of the steps otherwise required by the DPS.

Abstract: Systems and methods for temporarily associating user accounts with voice-enabled devices are disclosed. A voice-enabled device, which may be associated with a default account, may be situated in an environment, such as a hotel room. A user may desire to utilize the voice-enabled device to perform one or more actions. In examples, some or all of the actions may require the use of a system resource not available to the default account. In these examples, the user may provide contact information to be used to send a message to personal device of the user to acquire user account information. Upon receipt of such information, the user account may be temporarily associated with the voice-enabled device, and may be dissociated from the voice-enabled device upon the lapse of a period of time and/or occurrence of a dissociation event.

Abstract: Systems and methods for temporarily associating user accounts with voice-enabled devices are disclosed. A voice-enabled device, which may be associated with a default account, may be situated in an environment, such as a hotel room. A user may desire to utilize the voice-enabled device to perform one or more actions. In examples, some or all of the actions may require the use of a system resource not available to the default account. In these examples, the user may provide contact information to be used to send a message to personal device of the user to acquire user account information. Upon receipt of such information, the user account may be temporarily associated with the voice-enabled device, and may be dissociated from the voice-enabled device upon the lapse of a period of time and/or occurrence of a dissociation event.

Abstract: Techniques are described for applying data usage policies through data tagging. A metadata tag may be applied to data to indicate a type of the data. In some cases, the tag may be applied to the data when the data is decrypted, and the tag may propagate with the data as the data is passed between processes. A software module may include control logic that is configured to apply data usage policies based on the type tag of data. When the software module attempts an action on the data, such as storing or communicating the data, the control logic may access policy information. Based on the policy information, the control logic may allow the action, prevent the action, or allow the action to proceed on a modified version of the data.

Abstract: Many secure tunnels require protocols that require special handling, authorization or security certificates, such as L2TP and PPTP. This often eliminates them for use between a corporate or agency network and outside, public networks. A secure socket tunnel protocol (SSTP) adds drivers in both the kernel and user mode to route standard protocol traffic, such as PPP, over a common HTTPS port. In the event of network interruptions, an exchange of a session cookie allows fast reconnection of the underlying HTTPS connection without affecting higher level applications.

Abstract: Many secure tunnels require protocols that require special handling, authorization or security certificates, such as L2TP and PPTP. This often eliminates them for use between a corporate or agency network and outside, public networks. A secure socket tunnel protocol (SSTP) adds drivers in both the kernel and user mode to route standard protocol traffic, such as PPP, over a common HTTPS port. In the event of network interruptions, an exchange of a session cookie allows fast reconnection of the underlying HTTPS connection without affecting higher level applications.

Abstract: A method of communicating data over a network is provided. A secure tunnel may be implemented through the network between two computers. Performance limitations of the secure tunnel with a single session can be alleviated by establishing multiple sessions for the tunnel.

Abstract: Many secure tunnels require protocols that require special handling, authorization or security certificates, such as L2TP and PPTP. This often eliminates them for use between a corporate or agency network and outside, public networks. A secure socket tunnel protocol (SSTP) adds drivers in both the kernel and user mode to route standard protocol traffic, such as PPP, over a common HTTPS port. In the event of network interruptions, an exchange of a session cookie allows fast reconnection of the underlying HTTPS connection without affecting higher level applications.