Abstract: A dynamic root of trust can be injected in an application module on a client device using a backend server and can be continuously monitored to ensure authenticity, integrity and confidentiality at load time, run time and update time of the application module. The dynamic root of trust can be updated directly from the backend server and can be used to establish a time bound trust chain for the other software modules loaded and executed as part of the application module.

Abstract: Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.

Abstract: Generally, this disclosure describes a method and system for automated check-out and drop-off return of products using a mobile device. A method may include purchasing at least one product of a plurality of products wherein each product is located at a respective associated product location in a store that sells the plurality of products and a point of sale of each purchased product corresponds to the respective associated product location.

Abstract: Systems and methods of delivering data from a range of input devices may involve detecting an availability of data from an input device, wherein the input device is associated with a default input path of a mobile platform. An input device driver can be invoked in a security engine in response to the availability of the data if a hardware component in the default input path is in a secure input mode, wherein the security engine it associated with a secure input path of the mobile platform. Additionally, the input device driver may be used to retrieve the data from the input device into the security engine.

Abstract: Generally, this disclosure describes a method and system for providing product mapping on a mobile device based on device context. A method may include receiving product location data based on a context of a mobile device, wherein the product location data includes an available product location for each available product that corresponds to a desired product in a shopping list of desired products; and displaying a map of a store that sells one or more available products, wherein the store is related to the context and the map includes a product location indicator corresponding to each available product location configured to allow a user to find each available product that corresponds to a respective desired product in the store.

Abstract: Techniques for assessing the trustworthiness of a target device that a user device is attempting to communicate with are described. A user device may request one or more trustworthiness attributes of a target device before exchanging data with the target device. The user device may receive the one or more trustworthiness attributes of the target device, and determine, based on the received one or more trustworthiness attributes of the target device, a set of one or more security policies to enforce on a communication channel used for exchanging data between the user device and the target device. A communication channel between the user device and the target device can then be established according to the set of one or more security policies.

Abstract: Embodiments of the invention are directed to systems and methods for maintaining coherency between different entities in a distributed system. A coherency module automatically detects a change in state in a first entity, wherein the change in state relates to a change in functional code in the first entity. A synchronization message is transmitted to a second entity to synchronize data in the second entity with data in the first entity as a result of the change in state. The second entity is configured to synchronize the data in the second entity with the data in the first entity after receiving the synchronization message.

Abstract: Techniques for managing resources on a computing device may include a resource management module that can identify an asset available for use by the computing device. The asset can be classified based on one or more properties of the asset, and the value of the asset is determined based on the classification. The resource management module may determine that the value of the asset has changed, and the asset is ranked based on the value of the asset. The appropriate execution environment for the asset can be determined based on the ranking, and the asset can be dynamically migrated from one execution environment to another execution environment based on the dynamic value of the asset.

Abstract: Methods and systems may include a computing system having a display, a display controller with a decryption module, and a security element with security logic. The security logic can be configured to establish a secure path between the secure element and the display in response to a secure output mode request, wherein the secure path includes the display controller. In addition, the security logic may be configured to prevent the decryption module from being bypassed, and transmit encrypted data from the secure element to the display via the secure path.

Abstract: Hardware attestation techniques are described. An apparatus may comprise a platform comprising a processor capable of operating in an isolated execution mode and persistent storage having entity information associated with an entity having control of a software application. The platform may include a security controller communicatively coupled to the platform, the security controller having a signature generator operative to generate a platform signature for the software application executing on the platform, the platform signature comprising a cryptographic hash of entity information, and an attest module operative to provide the platform signature to the software application with the platform signature to attest that that the platform is associated with the software application. Other embodiments are described and claimed.