Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: Techniques for desktop migration are presented. A user authenticates to an original device and a token is generated for remoting to that device's desktop. A target device acquires the token while in proximity to the original device and uses the token to authenticate to a third-party service that provides a second token back to the target device. The second token permits the target device to authenticate and to directly connect via remoting software to the original device's desktop.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: A first device requests a protected resource (managed by a second device). A first authentication is performed by the second device upon receipt of the request. The second device provides an audio message back to the first device, which plays the audio message over a speaker. A third device captures the audio message as audio and uses the audio message to request a second authentication from the second device. The second device provides an authenticated session handle back to the first device for accessing the protected resource when both the first and second authentications are successful.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: Techniques for desktop migration are presented. A user authenticates to an original device and a token is generated for remoting to that device's desktop. A target device acquires the token while in proximity to the original device and uses the token to authenticate to a third-party service that provides a second token back to the target device. The second token permits the target device to authenticate and to directly connect via remoting software to the original device's desktop.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: The disclosed embodiments relate to a security module and a method of operating a security module. The method may comprise the acts of detecting a second security module, determining whether a key associated with the second security module is available to the first security module, and obtaining the key associated with the second security module if the key associated with the second security module is not available to the first security module. The security module may comprise a detector that is adapted to detect another security module and determine whether one of a plurality of keys is associated with the other security module, and a device that obtains at least one key associated with the other security module if the one of the plurality of keys is not associated with the other security module.

Abstract: The specification discloses a system and related method for tracking access to digital information that involves combining biometric information of a person seeking access with the digital information and a digital signature. Each person who accesses the digital information has their biometric and digital signatures combined in this manner. Thus, the digital information itself reflects who has accessed the information. Where the digital information is a video, the combining of the biometric and digital signatures is done on a frame-by-frame basis.

Abstract: A method and apparatus for initializing multiple security modules are provided. The method may comprise the acts of determining if the security module is a controlling security module or a subordinate security module, generating at least one key if the security module is the controlling security module, and receiving at least one key from another security module if the security module is the subordinate security module. The apparatus may comprise a detector that is adapted to determine if the security module is a controlling security module or a subordinate security module, a key generator that generates a key for the security module if the security module is the controlling security module, and a key receiver that receives a key from another security module if the security module is the subordinate security module.

Abstract: The disclosed embodiments relate to method and apparatus for providing computer security system. The method may include calculating a hash value of an operation at an administrative system. The signed hash of the operation may be created in the administrative system. The signed hash may be received at the managed system. The managed system may validate the signed hash by using a stored reference hash. Upon determining if the signed hash is valid, the managed system may execute the operation that corresponds to the signed hash.