Abstract: A system for executing trusted applications with a reduced trusted computing base. In one embodiment, the system includes a processor to dynamically instantiate an application protection module in response to a request by a program to be executed under a trusted mode. The system further includes memory to store the program which is capable of interacting with a remote service for security verification. In one embodiment, the application protection module includes a processor-measured application protection service (P-MAPS) operable to measure and to provide protection to the application.

Abstract: In accordance with some embodiments, in response to the detection of a particular event, an event data recorder may enter a secure mode. In the secure mode, data from various peripherals is collected over a secure channel and stored in a secure memory within the event data recorder. That data may subsequently be read out under secure conditions with an assurance of reliability while the system is in a secure mode, it may continue to collect data in a non-secure mode in parallel.

Abstract: Introducing, managing and restricting devices in an environment is discussed, including how to securely introduce the devices, how to establish trust between the devices, how to manage bandwidth requirements and other resource requirements of the devices, how to aggregate resource usage when multiple devices within an environment are engaging in a common task, and how to restrict device access to environment resources. Various techniques including manual and automatic solutions are disclosed.

Abstract: In one embodiment a controller comprises logic to receive a request for a credential to authenticate a user for a transaction, in response to a determination that a credential which satisfies the request resides on a memory module, execute an authentication routine to authenticate a user of the controller, in response to a successful authentication, retrieve the credential from the memory module, and provide a token to certify the credential in response to the request. Other embodiments may be described.

Abstract: Introducing, managing and restricting devices in an environment is discussed, including how to securely introduce the devices, how to establish trust between the devices, how to manage bandwidth requirements and other resource requirements of the devices, how to aggregate resource usage when multiple devices within an environment are engaging in a common task, and how to restrict device access to environment resources. Various techniques including manual and automatic solutions are disclosed.

Abstract: A system for executing trusted applications with a reduced trusted computing base. In one embodiment, the system includes a processor to dynamically instantiate an application protection module in response to a request by a program to be executed under a trusted mode. The system further includes memory to store the program which is capable of interacting with a remote service for security verification. In one embodiment, the application protection module includes a processor-measured application protection service (P-MAPS) operable to measure and to provide protection to the application.

Abstract: A method, apparatus and system which enable a mobile node to request dynamic allocation of a home address and to maintain that home address when roaming between a home subnet and a foreign subnet. According to one embodiment, the mobile node may acquire a home address from its home agent by using a Network Access Identifier (“NAI”) extension in a registration request. The mobile node may send out this registration request when it first starts up, regardless of whether it is on its home subnet or a foreign subnet. Additionally, the mobile node may set a bit in the registration request to inform the home agent that it is on its home network. If the bit is not set, the home agent may deduce that the mobile node is on a foreign network. In either instance, the mobile node may continue to use its originally acquired home address.

Abstract: A method, apparatus and system provide reliable access to a mobile node. Requests for care of addresses (COAs) are intercepted and the mobile node hostnames in the requests are replaced with alternative configured names. These altered requests are then passed down the network stack. Similarly, replies to the COA requests are also intercepted and the alternative configured names may be replaced with the mobile node hostnames. These replies may then be passed up the network stack. A mobile IP registration request extension may be used to create a mapping entry in a Domain Name Services (DNS) server between the mobile node hostname and the mobile node home address. This mapping entry ensures that the mobile node is consistently reachable via its hostname.

Abstract: A method, apparatus and system provide a seamless, secure roaming solution. Embodiments of the present invention enable secure transmission of IP packets across enterprise security gateways. According to one embodiment, a mobile node on an external network may register with an external home agent using an external home address. The mobile node may also establish a secure path to the security gateway using the external home address and an internal home address. The mobile node may thereafter use the secure path to correspond with nodes on the external network. In other embodiments, the mobile node may use this secure path to register with an internal home agent on a home network, using the internal home address. The mobile node may then correspond with nodes on the home network via the secure path.

Abstract: Introducing, managing and restricting devices in an environment is discussed, including how to securely introduce the devices, how to establish trust between the devices, how to manage bandwidth requirements and other resource requirements of the devices, how to aggregate resource usage when multiple devices within an environment are engaging in a common task, and how to restrict device access to environment resources. Various techniques including manual and automatic solutions are disclosed.

Abstract: A method, apparatus and system provide reliable access to a mobile node. Requests for care of addresses (COAs) are intercepted and the mobile node hostnames in the requests are replaced with alternative configured names. These altered requests are then passed down the network stack. Similarly, replies to the COA requests are also intercepted and the alternative configured names may be replaced with the mobile node hostnames. These replies may then be passed up the network stack. A mobile IP registration request extension may be used to create a mapping entry in a Domain Name Services (DNS) server between the mobile node hostname and the mobile node home address. This mapping entry ensures that the mobile node is consistently reachable via its hostname.

Abstract: A method, apparatus and system provide a seamless, secure roaming solution. Embodiments of the present invention enable secure transmission of IP packets across enterprise security gateways. According to one embodiment, a mobile node on an external network may register with an external home agent using an external home address. The mobile node may also establish a secure path to the security gateway using the external home address and an internal home address. The mobile node may thereafter use the secure path to correspond with nodes on the external network. In other embodiments, the mobile node may use this secure path to register with an internal home agent on a home network, using the internal home address. The mobile node may then correspond with nodes on the home network via the secure path.