Abstract: The minimization of the amount of power consumed by an electronic device in acquiring or maintaining network connectivity with a network may extend the battery life of the electronic device. When the electronic device has established a communication connection with a wireless access point, the electronic device cycles a network interface controller of the electronic device between a power on state and a power off state without terminating the communication connection. Accordingly, the electronic device powers on a main processor of the electronic device when the network interface controller detects a beacon during the power on state that indicates the wireless access point has a buffered data frame for the electronic device.

Abstract: A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code.

Abstract: The claimed subject matter provides a method for split billing. The method includes receiving a requested token. The requested token specifies conditions under which network traffic is allowed to be billed against a third party for content requested from a mobile computing device. The method also includes matching network traffic between the mobile computing device and a content provider to the specified conditions. The method further includes metering the matched network traffic to a billing account for the third party.

Abstract: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.

Abstract: Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.

Abstract: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Abstract: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Abstract: Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.

Abstract: A home device management technique is described that allows a user to manage a network of distributed home devices. Special application modules, driver modules, and service exchange ports are employed. Each application modules implements some functionality in the home, preferably using one or more devices in the home distributed system. Each driver module provides the logic for operating one or multiple distributed home devices and is capable of receiving commands from application modules and sending them to devices, detecting events for an associated type of home device, translating the detected event into a format usable by the application modules and notifying the application modules of the events. Events are communicated between the application modules and the driver modules by using one or more service exchange ports. Access control policies are employed to control access to the home devices.

Abstract: Architecture that provides trusted sensors and trusted sensor readings on computing devices such as mobile devices. The architecture utilizes a trustworthy computing technology (e.g., trusted platform module (TPM). In the context of TPM, one implementation requires no additional hardware beyond the TPM and a virtualized environment to provide trusted sensor readings. A second implementation incorporates trusted computing primitives directly into sensors and enhances security using signed sensor readings. Privacy issues arising from the deployment of trusted sensors are also addressed by utilizing protocols.

Abstract: A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code.

Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.

Abstract: A system and method for using skip nets to build and maintain overlay networks for peer-to-peer systems. A skip net is a distributed data structure that can be used to avoid some of the disadvantages of distributed hash tables by organizing data by key ordering. Skip nets can use logarithmic state per node and probabilistically support searches, insertions and deletions in logarithmic time.

Abstract: A system and method for using skip nets to build and maintain overlay networks for peer-to-peer systems. A skip net is a distributed data structure that can be used to avoid some of the disadvantages of distributed hash tables by organizing data by key ordering. Skip nets can use logarithmic state per node and probabilistically support searches, insertions and deletions in logarithmic time.