Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.

Policy-Based Application Management

A method is provided for modifying an image. The method comprises displaying an image, the image comprising a portion of an object; and determining if an edge of the object is in a location within the portion. The method further comprises detecting movement, in a member direction, of an operating member with respect to the edge. The method still further comprises moving, if the edge is not in the location, the object in an object direction corresponding to the detected movement; and modifying, if the edge is in the location, the image in response to the detected movement, the modified image comprising the edge in the location.

Information processing apparatus, information processing method and program

A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.

Secure execution of enterprise applications on mobile devices

Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.

Single sign-on access in an orchestration framework for connected devices

A telecommunication and multimedia management apparatus and method that supports voice and other media communications and that enables users to: (i) participate in multiple conversation modes, including live phone calls, conference calls, instant voice messaging or tactical communications; (ii) review the messages of conversations in either a live mode or a time-shifted mode and to seamlessly transition back and forth between the two modes; (iii) participate in multiple conversations either concurrently or simultaneously; (iv) archive the messages of conversations for later review or processing; and (v) persistently store media either created or received on the communication devices of users. The latter feature enables users to generate or review media when either disconnected from the network or network conditions are poor and to optimize the delivery of media over the network based on network conditions and the intention of the users participating in conversations.

Telecommunication and multimedia management method and apparatus

In one embodiment, a peripheral controller coupled to a processor can include a storage controller. This storage controller can control access to a non-volatile storage coupled to the peripheral controller. The storage may include both secure and open partitions, and the storage controller can enable access to the secure partition only when the processor is in a secure mode. In turn, during unsecure operation such as third party code execution, visibility of the secure partition can be prevented. Other embodiments are described and claimed.

Providing fast non-volatile storage in a secure environment

A method of system for hardening a firmware environment. A trusted core framework of firmware components are segregated from initially non-trustworthy extended firmware components such that the trusted core components are executed in a privileged processor mode, while the extended firmware components are executed in a non-privileged processor mode. An authentication of each extended firmware component is made to determine whether it is secure or non-secure. Through a memory code fault mechanism, memory accesses made by the extended firmware components are trapped, and a determination is made to whether the memory accesses should be allowed based on whether the extended firmware component is secure or non-secure and whether the requested memory page was allocated by the trusted core or a secure extended firmware component. This segregation scheme prevents non-trusted firmware from accessing privileged memory, thereby preventing rogue, errant, or malicious firmware from damaging the trusted core framework.

Hardened extended firmware interface framework

A method and system to switch between a Service virtual machine (VM) and a Guest VM in a virtual machine monitor (VMM) of a computer system. The VMM is loaded on the computer system to support a Service VM and a Guest VM. The Service OS is booted in the Service VM during the pre-boot phase. The Guest OS is booted in the Guest VM of the computer system. During OS runtime of the Guest OS, a VM switch is performed from the Guest VM to the Service VM without rebooting the computer system. The Service OS includes diagnostic tools to analyze the Guest OS. In one embodiment, the VM switch is performed by firmware of the computer system. In another embodiment, the VMM operates in accordance with an Extensible Firmware Interface (EFI) framework standard.

Switching between a service virtual machine and a guest virtual machine in a virtual machine monitor environment

A method and system are disclosed for performing trusted computing for blade devices, such as blade servers or other blade devices The computing domain for the blade devices is managed by a chassis management logic module Methods for performing blade capability authorization and optional blade authentication are provided A method for performing blade device boot processing is also provided

Method and apparatus for trusted blade device computing

Methods and systems for performing network port authentication without requiring any operating system (OS) complicity are disclosed. Under one method, port authentication instructions are loaded into a protected memory space during a pre-boot of a supplicant system. In response to a port authentication request, the supplicant system's processor is switched to a hidden execution mode and executes the port authentication instructions to authenticate a network port hosted by an authenticator system to which the supplicant system is linked. One authentication process employs an authentication server that authenticates the supplicant via one of various authentication schemes, including an access challenge. Port authentication may also be performed via an out-of-band base management controller that operates independently from an operating system running on the supplicant.

Mallik Bulusu

Papers

Providing fast non-volatile storage in a secure environment

Hardened extended firmware interface framework

Switching between a service virtual machine and a guest virtual machine in a virtual machine monitor environment

Method and apparatus for trusted blade device computing

Method and system to support network port authentication from out-of-band firmware