Abstract: Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system. The system of the present invention resolves attestation record conflicts using digital certificates and digital signatures.

Abstract: Runtime selection and modification of conditional expressions in a computing system has broad applicability in application areas involving deployments of large numbers of network-connected handsets and other devices, as well as in high availability computing environments and essential computing services. The invention describes the deferred evaluation of conditional statements in a trusted execution context such that the problem of spoofing return code is eliminated. The system allows for any set of relevant attributes to be considered in the conditional evaluation. The executable statements associated with the returned evaluation of the conditional is also dynamic and is selected at runtime.

Abstract: Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system.

Abstract: A system for policy-managed, secure authentication and authorization for transactions. The present invention links identification and verification methods and apparatus to a policy-managed system that can control how such devices are utilized under specific scenarios as defined by the policy maker. The system then approves or denies the transaction and may also direct further action if specified in the policy rules. The user identification device and the policy-manager need not be collocated. The resulting system is advantageous because of its increased flexibility in providing secure authorizations where greater control is desired. Also, the processing of these transactions facilitates detailed records that are useful in tracking transactions or to advertisers and merchants wishing to target specific markets for their products.

Abstract: Systems and methods for using Near Field Communications1 (NFC) m\d other short-range wireless communications technologies in mobile device management and security. Uses of NFC devices of both passive and active types are presented herein, as “policy control points” (PCPs) within a policy-based system for mobile handset management, in situations where granular control of handset capabilities is required. Certain location-based, as well as non-location-specific variants of the invention are presented as examples.

Abstract: An autonomous and adaptive method and system for secure, policy-based control of remote and locally controlled computing devices. The invention uses a policy-based access control mechanism to achieve adaptive and dynamic behavior modification based on the context of the local operating environment of the computing device. The modification system assesses the desirability of actions or outcomes as determined by the policy rules and modifies them accordingly, thus altering the behavior of the computing device. The system can utilize a machine learning technique, pattern matching and heuristic evaluation. When applied to the control of robotic and autonomous devices, the system allows the robot to offload adjudication to a remote system and also facilitates cooperative behaviors between robots operating in dynamic environments.

Abstract: A system and method for hardware implementations of policy-based secure computing environments for Internet enabled devices. The present invention facilitates a secure computing environment for any Internet enabled device where policy rules can be described as hardware components that allow or deny access to resources on the device. A compiler produces a hardware description language (HDL) of the hardware components based on given policy rules for that component. The system may be partially or completely implemented in hardware to address inherent limitations of a software only solution. The invention provides greater flexibility to the overall system in terms of performance, security, and expressiveness of the policy rules that must be executed.

Abstract: The invention pertains to a system and method to display content, including data and messaging, based on a secure, policy-managed set of instructions for selecting, distributing, and presenting information on a device. The system accepts one or more streams of data in any digital form from one or more data sources. The content is assessed via a set of policy instructions that may include time, location, hierarchy of ownership, type of content, assessed importance of content, and display availability. Only approved content is transmitted to the device for display.

Abstract: Policy-based client-server systems and methods for attestation in managing and scouring mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trust expert parties and authorities within the expression and enforcement of policies for controlling use of and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, a well as potential business models for attestation used in such a policy-based system.

Abstract: An apparatus to implement role based access control which reduces administrative expenses associated with managing access in accordance with policies and roles. The apparatus includes a memory storing a first role based access control condition associated with an action and a subsystem executing an enforcement entity and a decision entity. In one preferred form, the two entities are independent entities. The enforcement entity receives a request for the action from a requestor with a role. Additionally, the enforcement entity communicates the role and the request to the decision entity for the decision entity's decision of whether the role satisfies the first condition. The decision entity then communicates the decision to the enforcement entity. Accordingly, the enforcement entity allows or denies the requestor the action based on the decision made by the decision entity.