Abstract: A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

Abstract: An example system that allows a camera enabled application, such as an augmented reality application, to run in a protected area may include a first device including a camera, the camera including a secure mode of operation and a display, an image processing module configured to convert image data from the camera to encoded data when the camera is in the secure mode and protect image data stored in the system, an encryption module configured to encrypt encoded data from the image processing module, and a protected audiovisual path mechanism configured to securely send augmented encoded data to the display.

Abstract: Before a device enters a power saving mode, a location-aware application in the device may provide at least one wake trigger (and a trigger limit) to a low power monitoring module (LPMM). In power saving mode, the LPMM receives device locations from a location service module and may determine when the device location corresponds to the at least one wake trigger or trigger limit. In one embodiment, device location may only be provided to the LPMM based on a condition (e.g., timer expiration or reaching a displacement threshold as measured by sensors in the device). When device location corresponds to the trigger limit, the LPMM may notify the device (e.g., cause a transition to an active power mode) so that the location-aware application can redetermine the at least one wake trigger. The device location corresponding to the at least wake trigger may also cause the LPMM to notify the device.

Abstract: A method and device for streaming the output of one or more audio sources to one or more smart headsets includes establishing a secure connection with a smart headset, associating an audio channel of the one or more audio sources with the smart headset, and streaming the associated audio channel to the smart headset. The audio streaming device may selectively stream one or more audio channels from one or more audio sources to one or more of the smart headsets as a function of a streaming policy.

Abstract: A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

Abstract: A mechanism is described for facilitating proxy user interface-based remote management and control of computing devices according to one embodiment of the invention. A method of embodiments of the invention includes remotely pairing a first device with a second device, and remotely controlling the second device via a user interface provided at the first device. The user interface may serve as a proxy user interface at the first device for remotely controlling the second device. The first device may include a first computing device, and wherein the second device may include a second computing device or a second non-computing device.

Abstract: Embodiments of methods for restoration an anti-theft platform are generally described herein. Other embodiments may be described and claimed.

Abstract: A device, system, and method for location-based payment authorization includes receiving a payment request for an order submitted from a mobile computing device via an e-commerce vendor website. A location of the mobile computing device is determined based on location data. In one embodiment, the payment request is authorized or denied based on whether the e-commerce vendor website has been authorized for the determined location of the mobile computing device.

Abstract: A method to lock an electronic device comprising an operating system comprises placing the electronic device in a disable state in which the processor is blocked from accessing the operating system, receiving a first unlock password from a remote source during a power-up operation of the electronic device, and placing the electronic device in a temporary unlock state which allows the processor to boot the operating system for a predetermined period of time when the first unlock password matches a password stored in the electronic device. Other embodiments may be described.

Abstract: A method, system, and computer program product for a host software tamper detection and protection service. A secure partition that is isolated from a host operating system of the host system, which may be implemented by firmware of a chipset of the host system, obtains file metadata from the host system and uses the file metadata to identify a first file for examination for tampering. The secure partition obtains data blocks for the first file, communicates with a service via an out-of-band communication channel, and uses information obtained from the service and the data blocks to determine whether the first file has been corrupted. The secure partition obtains the file metadata and the data blocks for the first file without invoking an operating system or file system of the host system.

Abstract: Methods and systems to allow an authorized user to remotely awaken, boot, and login to a computer in a secure manner. The user and computer may communicate using a short message service. (SMS). The user may communicate with the computer using a mobile device, such as a smart phone. The user may initially provide a wake-up message to the computer, which may then respond by asking for one or more boot passwords. In an embodiment, these boot passwords may be basic input/output system (BIOS) passwords that are required for the loading and operations of the computer's BIOS. The user may then provide these one or more passwords to the computer. The computer may further request an operating system (OS) login password. The user may then provide this password to the computer. In an embodiment, all passwords may be provided to the computer in encrypted form. Moreover, authentication measures may be used to provide assurance that the user is legitimate.

Abstract: A method, apparatus, system, and computer program product for a secure subscriber identity module service. Communication via a mobile network is activated in response to receiving a request to activate communication service for the system by a secure partition of the system. In response to receiving the request, a key is retrieved for a permit service from storage accessible only by the secure partition. The key is included in a permit requesting to activate the communication service, and the permit is sent to a service provider for the communication service. The service provider communicates with the permit service to obtain a digital signature for the permit. The secure partition receives a signed permit from the service provider, confirms that the signed permit contains the digital signature by the permit service, and activates the communication service for the system in response to confirming that the signed permit contains the digital signature.

Abstract: Embodiments of systems and methods for power-on user authentication are disclosed. A method for power-on user authentication may comprise receiving an authentication input with a security controller of a computing device prior to supplying power to a primary processor of the computing device, comparing the authentication input to an authentication code using the security controller, and supplying power to the primary processor in response to the authentication input matching the authentication code.

Abstract: A device, system, method, and machine readable medium for configurable ultrasound Doppler measurements from a mobile device are disclosed. In one embodiment, the device includes an oscillator capable of generating an ultrasound frequency sound wave. The device also includes an ultrasound emission module capable of emitting a first ultrasound wave at a first frequency and at a first power level and a second ultrasound wave at a second frequency and at a second power level. The device also an ultrasound receiver and amplifier module capable of receiving and amplifying ultrasound emission waves. The device also includes processing logic capable of receiving the first and second ultrasound waves and displaying those waves on a display device.

Abstract: Theft deterrence and secure mobile platform subscription techniques for wireless mobile devices are described. An apparatus may comprise a removable secure execution module arranged to connect with a computing platform for a wireless mobile device. The removable secure execution module may comprise a first processing system to execute a security control module. The security control module may be operative to communicate with a security server over a wireless channel on a periodic basis to obtain a security status for the wireless mobile device. The security control module may output control directives to control operations for one or more components of the computing platform based on the security status. Other embodiments are described and claimed.

Abstract: Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key.

Abstract: Embodiments of the present disclosure provide methods, apparatuses, articles, and removable storage devices for pre-boot recovery of a locked computer system. In one instance, the method includes determining on pre-boot whether a removable storage device is attached to a computer system, determining whether the computer system is in a locked state and, if the removable storage device is detected, transferring control to a pre-boot authentication module (PBA) stored on the removable storage device to interact with a manageability engine to restore the computer system from the locked state to an unlocked state. If the removable storage device is not detected, the computer system shuts down if the system is determined to be in the locked state and no other PBA is detected. The computer system comprises a host operating environment and a manageability engine that operates independent of the host operating environment. Other embodiments may also be described and claimed.

Abstract: Embodiments of techniques and systems for asynchronous offline bill review and payment are described. A bill payment management module, operated on a manageability engine on a mobile device, communicates with an online bill payment service. The bill payment management module may receive information about bill payments, including bills which are due, and presents selective information to a bill payment client application. A bill payer can then access the information on the mobile device through the bill payment client application and review or change the payment amounts. The review and the modifications may be performed when the mobile device is offline and the modifications may be stored until a later time when the mobile device can connect to a network. Once a network is available, the bill payment management module may send payment instructions to the online bill payment service. Other embodiments may be described and claimed.

Abstract: Illustrative embodiments of systems and methods providing remote management over a wireless wide-area network (WWAN) using short messages are disclosed. In one embodiment, a computing device may include an in-band processor, a wireless transceiver configured for communications over a WWAN, and an out-of-band (OOB) processor capable of communicating over the WWAN using the wireless transceiver irrespective of an operational state of the in-band processor. The OOB processor may be configured to receive a short message via the wireless transceiver, determine whether the short message originated from a trusted remote computing device, and execute at least one operation indicated by the short message in response to determining that the short message originated from a trusted remote computing device.

Abstract: A method, system, and device are disclosed. In one embodiment the method includes receiving a recipient phone number into an electronic gift phone module (EGPM). The EGPM also receives a set of gift data that includes a gift identification. The EGPM sends the recipient phone number and at least some gift data to an electronic gift processing server module (EGPSM). The EGPSM purchases a recipient gift by utilizing the gift identification. The EGPSM also sends notification of the recipient gift purchase to the recipient phone number.