Abstract: Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment.

Abstract: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

Abstract: Disclosed herein is a technique for certifying distributable objects. The technique involves creating a certification for each distributable object to indicate properties of the object. Using certifications such as this, it is possible to accept objects having certain properties only from specified entities.

Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.

Abstract: To authenticate a program on a computing device to a resource local to or remote from the computing device, a stored program security identifier (PSID) corresponding to the program is retrieved, where the stored PSID includes information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program. The PSID is re-constructed based on the same information as obtained from local sources, and the stored and reconstructed PSIDs are compared to determine whether a match exists. If so, it may be concluded that the program operates in a trusted manner according to an approved set of conditions.

Abstract: In a single machine that has entities running in an untrusted environment and entities running in a trusted environment, the trustworthiness of the entities in the trusted environment is projected to the entities in the untrusted environment. This is applicable, for example, to Microsoft®'s Next Generation Secure Computing Base (NGSCB), where a regular operating system (e.g., the Windows® operating system) hosts a secure operating system (e.g., the nexus).

Abstract: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.

Abstract: A method is provided for a processor of a computing device to obtain a trusted identification of a hardware peripheral of the computing device, for the computing device and the peripheral to derive a set of shared keys, and for the processor to send trusted data to the peripheral.

Abstract: Systems, methods, and computer-readable media for identifying executable scenario solutions relevant to a user query and returning such executable scenario solutions as search results in response to the user query are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a series of steps which may be implemented to address a particular issue relevant to the received user query. Often, a series of steps or scenario includes a number of sub-scenarios, each of which is to be executed sequentially to achieve the desired result. Accordingly, upon selection of a particular search result, the user may be guided through a series of sub-scenario result options until an item having direct association to a series of steps is selected. Once selected, the executable scenario solution is presented to the user for execution.

Abstract: Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user.

Abstract: Mechanisms for directing advertising in search result presentation and/or scenario solution execution based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. For instance, embodiments of the present invention provide a mechanism by which scenario solutions or enablers related to commonly executed scenario solutions or enablers stored in association with the user's locality can be advertised to the user in conjunction with presentation of scenario solution-related search results. Additionally, embodiments of the present invention provide a mechanism by which more highly rated scenario solutions and/or enablers than those associated with the user's locality may be advertised during presentation of an executed scenario solution.

Abstract: Mechanisms for organizing scenario solution-related information based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. Such metadata may be stored in association with a scenario solution execution workspace and/or in association with a user-specific information store. Once such information is acquired, a user may desire to share the information, or a portion thereof, with one or more other users, for instance, the members of a user group. However, often times, the user would prefer that the information not be made available to the general public. Thus, mechanisms for controlling access to user-specific information are also provided.

Abstract: A resource is obtained from a resource provider (RP) for a resource requester (RR) operating on a computing device. The RR has an identity descriptor (id) associated therewith, where the id including security-related information specifying an environment in which the RR operates. A code identity (code-ID) is calculated corresponding to and based on the loaded RR and loaded id. The RP verifies that the calculated code-ID in a request for the resource matches one of one or more valid code-IDs for the identified RR to conclude that the RR and id can be trusted, and the RP responds to the forwarded request by providing the requested resource to the RR.

Abstract: This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.

Abstract: Software is authorized in accordance with a reputation of the software. A trust in the author and/or publisher of the software is determined via digital signatures and/or CoAs, and a reputation of the software is utilized to determine the intent of the software. The reputation of the software can be determined via a local service, such as an enterprise IT department and/or via a reputation determination service. When software is downloaded or to be executed, the trust in the author/publisher is determined using digital signatures and/or CoAs associated with the software. If the author/publisher is determined to be trusted, a service is called to determine the reputation of the software. The software can be installed and/or executed dependent upon the reputation of the software and trustworthiness of the author/publisher.

Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

Abstract: In a single machine that has entities running in an untrusted environment and entities running in a trusted environment, the trustworthiness of the entities in the trusted environment is projected to the entities in the untrusted environment. This is applicable, for example, to Microsoft®'s Next Generation Secure Computing Base (NGSCB), where a regular operating system (e.g., the Windows® operating system) hosts a secure operating system (e.g., the nexus).