Abstract: A method for secure exchange of context data between users and devices is generally presented. In this regard, a method is introduced comprising receiving context data over a network link from a first device registered by a user, and selectively forwarding the context data without user input based on permissions previously established by the user. Other embodiments are also disclosed and claimed.

Abstract: Methods and apparatus to provide secure application attestation using dynamic measurement kernels are described. In some embodiments, secure application attestation is provided by using dynamic measurement kernels. In various embodiments, P-MAPS (Processor-Measured Application Protection Service), Secure Enclaves (SE), and/or combinations thereof may be used to provide dynamic measurement kernels to support secure application attestation. Other embodiments are also described.

Abstract: A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.

Abstract: A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.

Abstract: An embodiment of the present invention provides a method, comprising creating a secure profile store to maintain a version of a user's profile on each of a plurality of platforms the user may be using, offering incentive based context to service providers by capturing context information of the user, wherein the platforms owned by the user will store a local version of the user's profile in the profile store.

Abstract: An embodiment of the present invention provides a method, comprising offering incentive based context to service providers by capturing context information of a user and integrating an approval service to verify authorization for access to the user context and distributing the context information to the service provider, wherein the service provider provides an incentive to the user for the context information.

Abstract: An embodiment of the present invention provides a method of offering incentive based context to service providers, comprising capturing context information of a user and distributing the context information to the service provider, the user capable of using a plurality of context capturing devices that all coordinate with an online secure profile storage service to provide a highly-available entity with which all the plurality of context capturing devices share profile information, wherein the profile storage service enables access to a user's profile by online services when any or all of the user's devices are offline, and wherein the service provider provides an incentive to the user for the context information.

Abstract: An embodiment of the present invention provides a method of offering anonymous incentive based context to service providers, comprising delivering context information of a user to the service provider, wherein prior to delivery of the context information to the service provider, the context is anonymized by removing identifying information and aggregating it with context from additional users.

Abstract: An embodiment of the present invention provides a method of offering incentive based context to service providers, comprising securely capturing private context information of a user and distributing the approved context information to the service provider, wherein the service provider provides an incentive to the user for the context information.

Abstract: Input data is validated by generating code based on the input data. A schema is generated based on the input data indicating conditions for the input file. The schema may then be customized based on a type of application to consume the input data. A validator executable code is generated based on the schema and checks the input file for compliance with the conditions determined by the schema. Results of validation may be provided to the application in yes or no form, or as number of non-compliances. In the latter case, the application may decide to accept or reject the data based on predetermined non-compliance levels.

Abstract: A system, apparatus, and method are provided for enhancing entropy in a pseudo-random number generator (PRNG) using remote sources. According to one embodiment of the present invention, first, the PRNG's internal state is initialized. Local seeding information is then obtained from a local host. For added security, additional seeding information is obtained from one or more remote entropy servers operating independently to each maintain a constantly updated state pool. Finally, the PRNG is stirred based upon the local seeding information, and the additional seeding information.

Abstract: Data in a file is read to virtual, autonomous, hierarchically structured object classes that are independent of an application implementation. The object classes are navigable and/or actionable allowing various operations including, but not limited to, validation, integrity testing, “file open”, and file repair at the data level. By rendering a complete picture of the data including relationships before it is actually consumed by an application, security and robustness of applications can be enhanced.

Abstract: Receiving a request for an attestation of platform configuration from an attestation requestor, receiving an acceptable configuration, and if the platform matches the acceptable configuration, sending an attestation of platform configuration including a signed response indicating that the platform configuration matches an acceptable configuration to the attestation requester.

Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.

Abstract: The system includes receiving, from a delegator, a designation of a role and a delegate to assume the role, receiving, from a credential service provider, an indication that the designation is valid, issuing a delegation credential in response to receiving the indication, and issuing a confirmation to the delegator, which indicates that the delegation credential was issued.

Abstract: Input data is validated by generating code based on the input data. A schema is generated based on the input data indicating conditions for the input file. The schema may then be customized based on a type of application to consume the input data. A validator executable code is generated based on the schema and checks the input file for compliance with the conditions determined by the schema. Results of validation may be provided to the application in yes or no form, or as number of non-compliances. In the latter case, the application may decide to accept or reject the data based on predetermined non-compliance levels.

Abstract: Data in a file is read to virtual, autonomous, hierarchically structured object classes that are independent of an application implementation. The object classes are navigable and/or actionable allowing various operations including, but not limited to, validation, integrity testing, “file open”, and file repair at the data level. By rendering a complete picture of the data including relationships before it is actually consumed by an application, security and robustness of applications can be enhanced.

Abstract: An arrangement is provided for controlled access to identification and status information or delegated credentials. A delegation, formed between a delegator and a delegate, is registered with a delegate credential service provider. The delegate requests a service from a relying party that then requests, based on the requested service and the delegation, delegated credential from the delegate credential service provider. The delegate credential service provider sends the delegated credential to the relying party. According to the received delegated credential, the relying party generates a service response and sends the response to the delegate.

Abstract: To protect a private cryptographic key, two values are derived. The two values together can reconstruct the key. One value is sent to a server and deleted from the local machine. The other value is held by the local machine. To use the key, the user will enter a password, which will be used to authenticate the user to the server, and retrieve the value from the server. The password is also used to unlock the value held by the local machine. The private cryptographic key is thus protected against brute force password attacks without changing the behavior of the user.

Abstract: The present invention is directed to a method of making an inclusion complex comprising an acylated cyclodextrin host molecule and a guest molecule, wherein the method comprises the steps of: a) contacting the acylated cyclodextrin host molecule and the guest molecule to form an inclusion complex; and b) precipitating the inclusion complex in an aqueous medium. The present invention is further directed to an inclusion complex comprising an acylated cyclodextrin host molecule and a guest molecule, wherein the guest molecule comprises from about 2% (wt.) to about 15% (wt.) of the inclusion complex. Moreover, the present invention relates to a composition comprising a polymer and an inclusion complex, wherein the inclusion complex comprises an acylated cyclodextrin host molecule and a guest molecule and medical devices and solid pharmaceutical compositions comprised thereof.