Abstract: Associating a semantic service description (SSD) with a service, wherein the SSD comprises a semantic description of the service, including a semantic description of a parameter of the service, according to a computer interpretable language, and, as a service grounding, a mapping between the computer interpretable language expressing the SSD and an interface, including an interface parameter, of the service. A dynamic composition of a task based upon a user selection of a plurality of known services is supported and a dynamic association of the task with a user interface of an application is supported, based upon associating the task with the user selection of a UI object, a UI display screen, and a UI event for the application.

Abstract: Methods and systems for providing services and/or computing resources are provided. A method may include receiving an application from an application provider. The method may further include receiving data from a data provider. The method may also include receiving a first request from the data provider to execute the application and apply the data as input to the application. Additionally, the method may include executing the application in response to receiving the first request. The method may also include storing output data resulting from execution of the application. The method may further include receiving a second request from the data provider to transmit the output data to the data provider. The method may additionally include communicating the output data to the data provider in response to the second request.

Abstract: A computer-based system includes task computing enabling users to define tasks by combining available functionality and to execute such tasks. The computer-based system of includes available functionality which originates in devices, computing applications and electronic services available through local and remote procedure calls including Web Services, UPnP, CORBA, RMI, RPC, DCE, DCOM or comprises previously defined tasks. All available functionality is abstracted to the user as a service and each service is expressed in a service description language, and the services have a semantic description associated with them.

Abstract: The embodiments provide generating a dedicated virtual machine image (DVMI) including functionality for a target service provider and launching the DVMI in the host device as a dedicated virtual machine (DVM). A measurement of the DVMI and/or the launched DVM, as a Trusted Dedicated Virtual Machine (TDVM), is transmitted to the target service provider server. The target service provider determines a trust level for the TDVM, based upon the measurement and provides a level of service by the target service provider server to the TDVM, according to the trust level of the TDVM.

Abstract: A method for securely sharing electronic documents on a document storage system. The method includes receiving an electronic document from a creating user, generating an encryption key unique to the electronic document, encrypting the electronic document using the encryption key to create an encrypted electronic document, and communicating the encrypted electronic document to a document repository for storage/ The method also includes identifying a resource locator for uniquely identifying the storage location of the encrypted electronic document and communicating the encryption key and the resource locator to the creating user. The method also includes receiving the encryption key and the resource locator from a requesting user, retrieving the encrypted electronic document from the document repository using the resource locator, decrypting the encrypted electronic document using the encryption key, and communicating the decrypted electronic document to the requesting user.

Abstract: According to an aspect of an embodiment, a method of establishing a chain of trust into a virtual machine on a hardware system is described. The method may include measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine to generate a trust anchor measurement. The method may also include storing the trust anchor measurement in a sealed memory.

Abstract: A method for identity verification includes receiving a request for proof of identity from a service provider and receiving biometric information associated with a user of a communication device. The method also includes determining that the received biometric information matches a biometric profile that contains biometric information associated with a registered user of the communication device. The method also includes unlocking a private key associated with the registered user in response to determining that the received biometric information matches a biometric profile and sending a request for a digital certificate that is signed with the private key associated with the registered user. The method further includes receiving the digital certificate that includes a public key associated with the registered user and satisfies the request for proof of identity. The method also includes with forwarding the digital certificate to the service provider.

Abstract: In accordance with a particular embodiment, a method for managing power consumption includes receiving power rate information and receiving power usage information. The method also includes receiving a plurality of personal preference profiles. Each personal preference profile of the plurality of personal preference profiles is associated with a different user of a plurality of users and includes at least one preferred state associated with a respective user. The method further includes detecting a presence of at least one user within a room. The method additionally includes adjusting at least one state associated with the room based on the at least one preferred state associated with the at least one user within the room, the power rate information, and the power usage information.

Abstract: In accordance with particular embodiments, a method for managing power consumption includes receiving from a plurality of electricity relays an indication of a current state associated with each of the plurality of electricity relays. The method also includes receiving a power rate associated with a cost of power. The method further includes determining a threshold state based on the power rate and the current state associated with each of the plurality of electricity relays. The method additionally includes transmitting one or more control requests to one or more of the plurality of electricity relays. A first control request transmitted to a first electricity relay is based on the threshold state and a first current state associated with the first electricity relay.

Abstract: A first electronic device comprises an information-filtering module configured to identify one or more second electronic devices that supply one or more types of information needed by the first electronic device; an information-gathering module coupled to the information-filtering module configured to collect information from the second electronic devices; and an operation module coupled to the information-gathering module configured to adjust operational behavior of the first electronic device based on the collected information.

Abstract: A networked device performs integrity authentication by determining, using a processor, a measured integrity value of the device. The measured integrity value is compared by the processor to an embedded integrity value of the device. Application of a policy to the device is facilitated by the processor based on the comparison.

Abstract: Device integrity authentication is performed by receiving, at a second device, data from a first device. A determination is made at the second device as to whether at least a portion of the data is associated with a protected datatype. A measured integrity value of the first device is determined in response to the portion of the data being associated with the protected datatype. The measured integrity value of the first device is compared to an embedded integrity value associated with the second device. Application of at least one of a plurality of policies associated with processing the data is facilitated at the second device based on the comparison and the protected datatype.

Abstract: Device integrity authentication is performed by receiving, at a second device, a measured integrity value from a first device. The measured integrity value of the first device is compared at the second device to an embedded integrity value associated with the second device. A level of trust for the first device is determined by the second device based on the comparison. Application of a policy to the first device is facilitated by the second device based on the comparison.

Abstract: A method for authenticating access to an electronic document. The method includes identifying a context event associated with a user seeking access to the electronic document, receiving from the user a plurality of context data, and analyzing the plurality of context data to generate a one or more derived context data. The method may also include receiving from an authentication module a context request, and in response to the context request, generating a context report, wherein the context report includes at least the one or more derived context data, and is configured to enable the authentication module to authenticate the user's access to the electronic document using a first authentication mechanism.

Abstract: A computer-implemented method of defining a set of annotation elements to map a concept to electronic data as input data; generating a mapping rule, according to the set of annotation elements defined and a sample of the input data; mapping the concept to the input data by applying the mapping rule to the input data; and generating a semantic instance of the input data based upon the mapping of the concept to the input data. The set of annotation elements to map the concept to the input data are a selected ontology corresponding to the input data, a selected ontology concept from the selected ontology, a mapping of a word or word phrase in the sample input data to the selected ontology concept from the selected ontology, and a pattern of the mapped word or word phrase relative to a structure of the sample input data.

Abstract: Methods and systems for providing services and/or computing resources are provided. A method may include receiving an application from an application provider. The method may further include receiving data from a data provider. The method may also include receiving a first request from the data provider to execute the application and apply the data as input to the application. Additionally, the method may include executing the application in response to receiving the first request. The method may also include storing output data resulting from execution of the application. The method may further include receiving a second request from the data provider to transmit the output data to the data provider. The method may additionally include communicating the output data to the data provider in response to the second request.

Abstract: A method for securely sharing electronic documents on a document storage system. The method includes receiving an electronic document from a creating user, generating an encryption key unique to the electronic document, encrypting the electronic document using the encryption key to create an encrypted electronic document, and communicating the encrypted electronic document to a document repository for storage/ The method also includes identifying a resource locator for uniquely identifying the storage location of the encrypted electronic document and communicating the encryption key and the resource locator to the creating user. The method also includes receiving the encryption key and the resource locator from a requesting user, retrieving the encrypted electronic document from the document repository using the resource locator, decrypting the encrypted electronic document using the encryption key, and communicating the decrypted electronic document to the requesting user.

Abstract: A method for identity verification includes receiving a request for proof of identity from a service provider and receiving biometric information associated with a user of a communication device. The method also includes determining that the received biometric information matches a biometric profile that contains biometric information associated with a registered user of the communication device. The method also includes unlocking a private key associated with the registered user in response to determining that the received biometric information matches a biometric profile and sending a request for a digital certificate that is signed with the private key associated with the registered user. The method further includes receiving the digital certificate that includes a public key associated with the registered user and satisfies the request for proof of identity. The method also includes with forwarding the digital certificate to the service provider.

Abstract: A system and method uses wireless communication devices as beacons to determine the relative location of another target wireless communication device. The beacons transmit identifying information that the target device can use to determine the identity of the beacon. The target device can measure the received intensity of the beacon transmissions and determine an associated beacon that best satisfies a specified criteria (e.g., largest signal strength) using a procedure of the present invention that discriminates between multiple beacons.

Abstract: A system and method are disclosed for providing and maintaining a high level of security during migration of data from one platform to another. The disclosed system combines user and equipment authentication with equipment environment authorization guaranteed by a security module such as supported by a trusted platform module (TPM) in parallel, for secure information transfer to support migration between platforms.