Abstract: A computing device sends a request for an attestation certificate to an attestation service along with information regarding the hardware and/or software of the device. The attestation service processes the request and verifies the information received from the device. After verifying the information, the attestation service selects a public/private key pair from a collection of reusable public/private key pairs and generates an attestation certificate for the device and public key of the public/private key pair. This attestation certificate is digitally signed by the attestation service and returned to the device. The private key of the selected public/private key pair is also encrypted to a trusted secure component of the device, ensuring that the key cannot be stolen by malware and re-used on another device, and is returned to the device. The device uses this attestation certificate to access relying parties, and optionally generates additional public/private key pairs and attestation certificates.

Abstract: Various methods and systems are provided for providing on-demand emergency management. On-demand emergency management includes emergency management operations (e.g., certificate update operations or managed-secrets rollover operations) for accelerated deployment and expedited installation of certificates or secrets. In operation, a host secret manager on a host machine communicates with client secret managers on virtual machines running the host machine, to provide expedited installation of secrets on the virtual machines. During the certificate update operations, the host secret manager communicates the certificate update secret package having a new secret state to a client secret manager that installs the new certificate state on the virtual machine.

Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.

Abstract: A computing device sends a request for an attestation certificate to an attestation service along with information regarding the hardware and/or software of the device. The attestation service processes the request and verifies the information received from the device. After verifying the information, the attestation service selects a public/private key pair from a collection of reusable public/private key pairs and generates an attestation certificate for the device and public key of the public/private key pair. This attestation certificate is digitally signed by the attestation service and returned to the device. The private key of the selected public/private key pair is also encrypted to a trusted secure component of the device, ensuring that the key cannot be stolen by malware and re-used on another device, and is returned to the device. The device uses this attestation certificate to access relying parties, and optionally generates additional public/private key pairs and attestation certificates.

Abstract: A computing device sends a request for an attestation certificate to an attestation service along with information regarding the hardware and/or software of the device. The attestation service processes the request and verifies the information received from the device. After verifying the information, the attestation service selects a public/private key pair from a collection of reusable public/private key pairs and generates an attestation certificate for the device and public key of the public/private key pair. This attestation certificate is digitally signed by the attestation service and returned to the device. The private key of the selected public/private key pair is also encrypted to a trusted secure component of the device, ensuring that the key cannot be stolen by malware and re-used on another device, and is returned to the device. The device uses this attestation certificate to access relying parties, and optionally generates additional public/private key pairs and attestation certificates.

Abstract: Various methods and systems are provided for providing on-demand emergency management. On-demand emergency management includes emergency management operations (e.g., certificate update operations or managed-secrets rollover operations) for accelerated deployment and expedited installation of certificates or secrets. In operation, a host secret manager on a host machine communicates with client secret managers on virtual machines running the host machine, to provide expedited installation of secrets on the virtual machines. During the certificate update operations, the host secret manager communicates the certificate update secret package having a new secret state to a client secret manager that installs the new certificate state on the virtual machine.

Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.

Abstract: A computing device sends a request for an attestation certificate to an attestation service along with information regarding the hardware and/or software of the device. The attestation service processes the request and verifies the information received from the device. After verifying the information, the attestation service selects a public/private key pair from a collection of reusable public/private key pairs and generates an attestation certificate for the device and public key of the public/private key pair. This attestation certificate is digitally signed by the attestation service and returned to the device. The private key of the selected public/private key pair is also encrypted to a trusted secure component of the device, ensuring that the key cannot be stolen by malware and re-used on another device, and is returned to the device. The device uses this attestation certificate to access relying parties, and optionally generates additional public/private key pairs and attestation certificates.

Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.

Abstract: In one embodiment, a user device may reestablish access to a user resource while forgoing use of a user credential during a system reboot. The user device may receive the user credential from a user during an initial login to access the user resource. The user device may create an ephemeral entropy to access the user resource. The user device may access the user resource using the ephemeral entropy.

Abstract: In one embodiment, a client device 110 may use an attestation service 140 to verify a secure server 120. The secure server 120 may receive a signed trusted credential 310 from an attestation service 140 validating the secure server 120 as trustworthy to a client device 110 seeking access. The secure server 120 may protect the signed trusted credential 310 in a server secure module 280.

Abstract: Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user's device. This data protection key can be securely transferred to other of the user's devices, allowing any of the user's devices to access the protected content.

Abstract: In one embodiment, a user device may reestablish access to a user resource while forgoing use of a user credential during a system reboot. The user device may receive the user credential from a user during an initial login to access the user resource. The user device may create an ephemeral entropy to access the user resource. The user device may access the user resource using the ephemeral entropy.

Abstract: Techniques for secure data synchronization are described. In one or more implementations, a determination is made as to whether enterprise data is stored locally on a first device corresponding to an enterprise device. Based on a determination that the second device is a non-enterprise device, a determination is made as to whether a permission associated with the first device indicates that the first device is permitted to propagate the enterprise data to non-enterprise devices. If the first device lacks permission to propagate the enterprise data to non-enterprise devices, the enterprise data is prevented from being propagated to the second device.

Abstract: An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key.

Abstract: Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data.

Abstract: The techniques discussed herein may facilitate user account management while also protecting a user's personally identifiable information (PII). The user's PII is stored in a protected area, such as a secure operating system area. The techniques may also implement a broker process to access a user's PII. The techniques display a user's accounts that are available for use with an application. The techniques further provide for passing a hint to the application upon receiving selection of an account, wherein the hint indicates which user account is selected, without divulging to the application any of the user's PII.

Abstract: Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user's device. This data protection key can be securely transferred to other of the user's devices, allowing any of the user's devices to access the protected content.

Abstract: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.

Abstract: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.