Abstract: According to an aspect of an embodiment, a method of establishing a chain of trust into a virtual machine on a hardware system is described. The method may include measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine to generate a trust anchor measurement. The method may also include storing the trust anchor measurement in a sealed memory.

Abstract: A method for managing software licenses in a cloud environment includes receiving, by a license services system associated with the cloud environment, a request to use a first application from a first user associated with a first subscribing entity, and receiving, by the license services system, a request to use a second application from a second user associated with a second subscribing entity. The method also includes permitting, by the license services system, the first user to execute the first application if a license for the first application is available to the first subscribing entity, and permitting, by the license service system, the second user to execute the second application if a license for the second application is available to the second subscribing entity.

Abstract: A system and method are disclosed for providing and maintaining a high level of security during migration of data from one platform to another. The disclosed system combines user and equipment authentication with equipment environment authorization guaranteed by a security module such as supported by a trusted platform module (TPM) in parallel, for secure information transfer to support migration between platforms.

Abstract: A method for managing software licenses in a cloud environment includes receiving, by a license services system associated with the cloud environment, a request to use a first application from a first user associated with a first subscribing entity, and receiving, by the license services system, a request to use a second application from a second user associated with a second subscribing entity. The method also includes permitting, by the license services system, the first user to execute the first application if a license for the first application is available to the first subscribing entity, and permitting, by the license service system, the second user to execute the second application if a license for the second application is available to the second subscribing entity.

Abstract: Systems, methods, computer program products, and apparatuses for enhancing the performance of data duplication are provided. A storage system receives an object, which requires data duplication for increased resiliency. A requisite number of copies of the object are created based on a minimum number defined by a system policy. The storage system stores the object and the requisite number of copies and monitors one or more events in the storage system against predetermined data duplication criteria. The predetermined data duplication criteria are defined within the system policy as criteria for making additional copies of the object over the minimum number. One or more additional copies over the requisite number are created and stored based on the occurrence of the one or more events.

Abstract: Associating a semantic service description (SSD) with a service, wherein the SSD comprises a semantic description of the service, including a semantic description of a parameter of the service, according to a computer interpretable language, and, as a service grounding, a mapping between the computer interpretable language expressing the SSD and an interface, including an interface parameter, of the service. A dynamic composition of a task based upon a user selection of a plurality of known services is supported and a dynamic association of the task with a user interface of an application is supported, based upon associating the task with the user selection of a UI object, a UI display screen, and a UI event for the application.

Abstract: In one embodiment, receive a first request in connection with accessing a set of encrypted data, wherein the set of encrypted data has an expiration date; the first request comprises a first key associated with the expiration date; and the set of encrypted data has been encrypted using the first key. Validate the first key by comparing the expiration date against a current time. Generate a second key for decrypting the set of encrypted data using the first key only if the expiration date has not passed.

Abstract: Methods and systems for providing services and/or computing resources are provided. A method may include receiving an application from an application provider. The method may further include receiving data from a data provider. The method may also include receiving a first request from the data provider to execute the application and apply the data as input to the application. Additionally, the method may include executing the application in response to receiving the first request. The method may also include storing output data resulting from execution of the application. The method may further include receiving a second request from the data provider to transmit the output data to the data provider. The method may additionally include communicating the output data to the data provider in response to the second request.

Abstract: A system for trusted network booting of a server. The system may include a booting server that may contain a booting image and a network server that may boot with the booting image from the booting server. The network server may include a trust anchor that measures the booting image. The system may further include a network controller that controls access to a network. The network controller may verify the measurement of the booting image before allowing the network server to access the network.

Abstract: In accordance with some embodiments of the present disclosure a method for providing evidence of a physical location of a virtual machine comprises launching, by an information technology (IT) resource, a virtual machine from a virtual machine image. The method further comprises generating, by the IT resource, a chain entry in a physical presence chain of the virtual machine image, the chain entry including an identifier of the IT resource indicating that the IT resource launched the virtual machine.

Abstract: In a VDI session, an application is dynamically deployed in a host server or a client device to achieve improved performance. The host server establishes a VDI session with the client device and executes an application in response to a request from the client device. The host server determines, based on a set of performance parameters associated with the VDI session, that the client device is to take over the execution of the application. Execution of the application is then suspended, and state data of the application is collected when the application is suspended. Thereafter, the host server sends an instruction and the state data to the client device to instruct the client device to resume execution of the application from a state defined by the state data.

Abstract: An event condition is checked, using a computer and data content of the computer is additionally protected in relation to a normal data protection according to the event condition. The event condition is detecting by the computer a remote command and/or detecting a state according to a policy.

Abstract: An event condition is checked, using a computer and data content of the computer is additionally protected in relation to a normal data protection according to the event condition. The event condition is detecting by the computer a remote command and/or detecting a state according to a policy.

Abstract: A computer-based system includes task computing enabling users to define tasks by combining available functionality and to execute such tasks. The computer-based system of includes available functionality which originates in devices, computing applications and electronic services available through local and remote procedure calls including Web Services, UPnP, CORBA, RMI, RPC, DCE, DCOM or comprises previously defined tasks. All available functionality is abstracted to the user as a service and each service is expressed in a service description language, and the services have a semantic description associated with them.

Abstract: A method for managing software licenses in a cloud environment includes receiving, by a license services system associated with the cloud environment, a request to use a first application from a first user associated with a first subscribing entity, and receiving, by the license services system, a request to use a second application from a second user associated with a second subscribing entity. The method also includes permitting, by the license services system, the first user to execute the first application if a license for the first application is available to the first subscribing entity, and permitting, by the license service system, the second user to execute the second application if a license for the second application is available to the second subscribing entity.

Abstract: The embodiments provide generating a dedicated virtual machine image (DVMI) including functionality for a target service provider and launching the DVMI in the host device as a dedicated virtual machine (DVM). A measurement of the DVMI and/or the launched DVM, as a Trusted Dedicated Virtual Machine (TDVM), is transmitted to the target service provider server. The target service provider determines a trust level for the TDVM, based upon the measurement and provides a level of service by the target service provider server to the TDVM, according to the trust level of the TDVM.

Abstract: A method for securely sharing electronic documents on a document storage system. The method includes receiving an electronic document from a creating user, generating an encryption key unique to the electronic document, encrypting the electronic document using the encryption key to create an encrypted electronic document, and communicating the encrypted electronic document to a document repository for storage/ The method also includes identifying a resource locator for uniquely identifying the storage location of the encrypted electronic document and communicating the encryption key and the resource locator to the creating user. The method also includes receiving the encryption key and the resource locator from a requesting user, retrieving the encrypted electronic document from the document repository using the resource locator, decrypting the encrypted electronic document using the encryption key, and communicating the decrypted electronic document to the requesting user.

Abstract: A target computing environment is secured by a hardware trust anchor that provides a trust state of the target computing environment based upon a security audit of the target computing environment. And diagnosing the target computing environment can be diagnosed by the hardware trust anchor according to the security diagnostic information.

Abstract: According to an aspect of an embodiment, a method of establishing a chain of trust into a virtual machine on a hardware system is described. The method may include measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine to generate a trust anchor measurement. The method may also include storing the trust anchor measurement in a sealed memory.

Abstract: A system for trusted network booting of a server. The system may include a booting server that may contain a booting image and a network server that may boot with the booting image from the booting server. The network server may include a trust anchor that measures the booting image. The system may further include a network controller that controls access to a network. The network controller may verify the measurement of the booting image before allowing the network server to access the network.