Abstract: A processor employs a hardware encryption module in the processor's memory access path to cryptographically isolate secure information. In some embodiments, the encryption module is located at a memory controller (e.g. northbridge) of the processor, and each memory access provided to the memory controller indicates whether the access is a secure memory access, indicating the data associated with the memory access is designated for cryptographic protection, or a non-secure memory access. For secure memory accesses, the encryption module performs encryption (for write accesses) or decryption (for read accesses) of the data associated with the memory access.

Abstract: Example audience measurement methods disclosed herein include accessing demographic information and identification information for subscribers of a service provider based on first data received from an audience measurement entity. Such disclosed example methods also include accessing network log data stored by the service provider for the subscribers using the identification information. Such disclosed example methods further include determining audience measurement data for the subscribers based on the network log data, the demographic information and the identification information, and removing the identification information from the audience measurement data to determine anonymous audience measurement data to send to the audience measurement entity.

Abstract: Example methods and apparatus to de-duplicate impression information. An example method includes accessing a first set of cookies and a set of user identifiers, the cookies and user identifiers corresponding to devices accessing media via the Internet, identifying a pattern in the first set of cookies, obtaining impression information from a database proprietor, the impression information comprising a second set of cookies, identifying a subset of the second set of cookies that are associated with a same person based on the pattern, and associating impressions corresponding to the identified subset with the same person.

Abstract: Methods and apparatus to obtain anonymous audience measurement data from network server data for particular demographic and usage profiles are disclosed.

Abstract: Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.

Abstract: A computer implemented method, data processing system, and computer program product for managing computer workloads with security policy enforcement. When a determination is made that a component in a data processing system has failed to meet processing requirements, a candidate host to where the component may be migrated based on performance considerations is identified. A first security policy associated with the component is compared to a second security policy associated with the candidate host to determine if the first security policy is equivalent to or stronger than the second security policy. Responsive to a determination that the first security policy is equivalent to or stronger than the second security policy, the component is migrated to the candidate host.

Abstract: A memory management unit is configured to receive requests for memory access from a plurality of I/O devices. The memory management unit implements a protection mode wherein the unit prevents memory accesses by the plurality of I/O devices by mapping memory access requests (from the I/O devices) to the same set of memory address translation data. When the memory management unit is not in the protected mode, the unit maps memory access requests from the plurality of I/O devices to different respective sets of memory address translation data. Thus, the memory management unit may protect memory from access by I/O devices using fewer address translation tables than are typically required (e.g., none).

Abstract: A computer implemented method for logging extensions to platform configuration registers inside a trusted platform module instance is provided. A request to extend the current state of at least one of a plurality of platform configuration register is received. At least one platform configuration register within the trusted platform module instance is extended. The extension of the at least one platform configuration register is logged inside the trusted platform module instance as a logged entry by storing at least a tuple of platform configuration register indexes and hash values used for extending the platform configuration register. Information about new entries in the consolidated logs can be retrieved by polling or by subscribing to events that are automatically generated. A report of an extend operation and its logged hash value is sent to subscribers interested in receiving notifications of extend operations on a set of PCR registers.

Abstract: Boot configuration information is stored to a volatile memory of a processing system during a low-power state. When resuming from the low-power state, a processor device accesses configuration information for a memory controller from a non-volatile memory and restores the memory controller using the configuration information so as to permit access to the volatile memory. The processor device then configures the initial contexts one or more processor cores using the core state information maintained by the volatile memory during the low-power state and accessed via the configured memory controller, and the one or more processor cores completes the boot process by executing resume boot code maintained by the volatile memory during the low-power state and accessed via the configured memory controller, rather than accessing boot code from a non-volatile memory.

Abstract: Example methods, apparatus, systems, and articles of manufacture to explicitly and implicitly measure media impact are disclosed. An example method includes analyzing first survey response data obtained from a control group panelist responding to a first survey instrument after exposure to first media. An example first survey instrument includes an implicit measure. The example first survey response data includes first implicit response data. The example method further includes analyzing second survey response data obtained from a test group panelist responding to the first survey instrument after exposure to second media. The example second survey response data includes second implicit response data. The example second media includes elements of the first media and target advertising or entertainment material not included in the first media. The example method also includes assessing an effectiveness of the target advertising or entertainment material based on the first and second implicit response data.

Abstract: A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

Abstract: The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is included for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

Abstract: A memory management unit is configured to receive requests for memory access from a plurality of I/O devices. The memory management unit implements a protection mode wherein the unit prevents memory accesses by the plurality of I/O devices by mapping memory access requests (from the I/O devices) to the same set of memory address translation data. When the memory management unit is not in the protected mode, the unit maps memory access requests from the plurality of I/O devices to different respective sets of memory address translation data. Thus, the memory management unit may protect memory from access by I/O devices using fewer address translation tables than are typically required (e.g., none).

Abstract: A system for executing a symmetric key cryptographic method includes a processor selecting data paths, a key, an initialization vector, a memory storing batched operation parameters, a bus connected to the processor and the memory, a cryptographic processor connected to the bus and controlled by the processor for performing a plurality of operations according to the operations parameter, wherein data for each operation is received individually and separately from the batched operation parameters, wherein an output for each operation is transmitted separately, and a pair of first-in-first-out (FIFO) state machines controlled by the processor and selectably connected to one of the cryptographic processor and the bus, bypassing the cryptographic processor.

Abstract: Methods and apparatus to obtain anonymous audience measurement data from network server data for particular demographic and usage profiles are disclosed.

Abstract: The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is included for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

Abstract: Methods and apparatus to obtain anonymous audience measurement data from network server data for particular demographic and usage profiles are disclosed.

Abstract: A system and method are disclosed for managing the display of graphical content within a user interface window of a display. A first set of messaging content data is processed to render a first set of graphics data in a target area of the display. The presence of a second set of rendered graphics data is detected and defined as a target area of the display. The second set of rendered graphics data in the target area of the display is replaced by the first set of rendered graphics data.

Abstract: A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.

Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.