Abstract: A computing device has first and second operating systems with access to separate first and second memories. The second operating system hosts containers which provide separate execution environments. The containers have secure computing resources. A software module in the second operating system receives access requests from applications in the first operating system and selectively passes the requests based on rules for accessing the containers.

Abstract: Systems and processes for mobile device management (MDM) implement scoped MDM policies. A mobile device has containers to isolate data and processes on the mobile device from the others of the containers. The scoped MDM policies involve container level commands and device level commands. The mobile device has a first agent residing in a first container and a controller residing within a second container. The controller executes a first device level command to control access to the resources of the mobile device for all containers. The first agent or the controller executes a first container level command to control access to the resources of the mobile device by only the first container.

Abstract: A computing device has first and second operating systems with access to first and second memories, respectively. The second memory is provided for secure computing resources and is not accessible by applications in the first operating system. A software module executable within the first operating system receives requests for secure computing resources, adds access credentials and passes the requests to a software module in the second operating system.

Abstract: A computing device has first and second operating systems with access to first and second memories, respectively. The second memory is provided for secure computing resources and is not accessible by applications in the first operating system. A software module executable within the first operating system receives requests for secure computing resources, adds access credentials and passes the requests to a software module in the second operating system.

Abstract: A computing device has first and second operating systems with access to separate first and second memories. The second operating system hosts containers which provide separate execution environments. The containers have secure computing resources. A software module in the second operating system receives access requests from applications in the first operating system and selectively passes the requests based on rules for accessing the containers.

Abstract: Methods and devices for managing a physical communication interface can include operating a first communication interface management unit in a first container operating on the communication device, the first communication interface management unit managing a connection to a first virtual communication interface having a network connection with the physical communication interface; and concurrently with the operation of the first communication interface, operating a second communication interface management unit in a second container operating on the communication device, the second communication interface management unit managing a connection to a second virtual communication interface having a network connection with the physical communication interface.

Abstract: Systems and processes for mobile device management (MDM) implement scoped MDM policies. A mobile device has containers to isolate data and processes on the mobile device from the others of the containers. The scoped MDM policies involve container level commands and device level commands. The mobile device has a first agent residing in a first container and a controller residing within a second container. The controller executes a first device level command to control access to the resources of the mobile device for all containers. The first agent or the controller executes a first container level command to control access to the resources of the mobile device by only the first container.

Abstract: The present disclosure provides systems, methods, and computer-readable media for mediating communications between two processes not running in a common container. A request from a requesting process running in a first container to communicate with one or more target processes outside the first container is received, and a device file accessible to the first container is created. The inter-container communication is then routed from the requesting process through the created device file, and on to the target process.

Abstract: A method, transmitting device, and computer-readable storage medium are provided for sharing image data between a source device and at least one receiving device. In one implementation, a method is provided for periodically sending image data of a shared screen to the at least one receiving device using a sharing connection. The method also receives a request associated with activating a user interface component involving confidential information, suspends updating of the image data responsive to the received request, and periodically sends suspended image data to the at least one receiving device while updating is suspended.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: A system and method for disabling header compression during an establishment and configuration of a communication protocol and communication channel between a pair of correspondents. The system comprises an initiating correspondent transmitting at least one PPP negotiation packet having at least one acceptable TCP/IP header compression option type. A software module of a responding correspondent intercepts and examines said at least one PPP negotiation packet before said at least one PPP negotiation packet reaches a PPP layer of the responding correspondent and modifies said acceptable TCP/IP header compression option type to an unacceptable TCP/IP header compression option type and transmits same to said PPP layer of the responding correspondent. The responding correspondent rejects said unacceptable TCP/IP header compression option type.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: A system and method for disabling header compression during an establishment and configuration of a communication protocol and communication channel between a pair of correspondents. The system comprises an initiating correspondent transmitting at least one PPP negotiation packet having at least one acceptable TCP/IP header compression option type. A software module of a responding correspondent intercepts and examines said at least one PPP negotiation packet before said at least one PPP negotiation packet reaches a PPP layer of the responding correspondent and modifies said acceptable TCP/IP header compression option type to an unacceptable TCP/IP header compression option type and transmits same to said PPP layer of the responding correspondent. The responding correspondent rejects said unacceptable TCP/IP header compression option type.

Abstract: A method and system for manipulating packet header compression parameters, by substituting at least one instruction set associated with a PPP negotiation packet at the PPP layer of a protocol stack, the at least one instruction set for use in establishing a communication protocol and channel between a pair of correspondents. The method includes the steps of a software module coupled to a first correspondent examining all PPP negotiation packets from a second correspondent; the software module determining whether a first instruction set is present in the PPP negotiation packet; the software module discarding said first instruction set and replacing the first instruction set with a second instruction set; and at the second correspondent receiving the second instruction set associated with a communication protocol information.

Abstract: A method, transmitting device, and computer-readable storage medium are provided for sharing image data between a source device and at least one receiving device. In one implementation, a method is provided for periodically sending image data of a shared screen to the at least one receiving device using a sharing connection. The method also receives a request associated with activating a user interface component involving confidential information, suspends updating of the image data responsive to the received request, and periodically sends suspended image data to the at least one receiving device while updating is suspended.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract: Techniques are disclosed for utilizing a block Montgomery machine designed only to operate at a fixed block length to perform operations using non-block length (flexible)moduli. In one embodiment, a new modulus n? is obtained having a block length equal to the fixed block length of the Montgomery machine or a multiple thereof. At least one modular additive operation is performed with the new modulus n?, and at least one modular multiplicative operation is performed with the non-block length modulus n. In this way, the result of the at least one additive operation is sufficiently reduced when a carry stems from the additive operation.

Abstract: In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.