An automatically predetermined credential system for a remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software program. When executed, the administrative access to the OS is activated before completing the administrative activities. The single-use downloaded software program has policies that performs checks on a user computer executing the software program. The policies include checking firewall settings, confirming virus checking, interrogating software to confirm patches or updates have been performed, checking for key loggers or other surveillance software or devices The single-use downloaded software is protected with a passcode to prevent activation in an unauthorized way.

In accordance with some embodiments, a secure local application communication method is performed at a first apparatus that includes a housing arranged to hold a second apparatus, a controller, a communication interface, and a non-transitory memory storing a matrix. The secure local application communication method includes detecting, via the communication interface, a request originating from a first application executing on the second apparatus to communicate with a second application on the second apparatus. The method further includes determining whether or not to allow the request based on the matrix. The method additionally includes allowing transportation of packets from the first application to the second application in accordance with a determination of allowing the request.

Disclosed herein is a technique for implementing a secure lock screen on a computing device. The secure lock screen is configured to permit particular applications to display their content—such as main user interfaces (UIs)—while maintaining a desired overall level of security on the computing device. Graphics contexts, which represent drawing destinations associated with the applications, are tagged with entitlement information that indicates whether or not each graphics context should be displayed on the computing device when the computing device is in a locked-mode. Specifically, an application manager tags each application that is initialized, where the tagging is based on a level of entitlement possessed by the application. In turn, a rendering server that manages the graphics contexts can identify the tagged entitlement information and display or suppress the content of the applications in accordance with their entitlements.

An electronic device and an operating method of an electronic device are provided. The electronic device receives, from a first server, access information about a second server for accessing the second server, receives access information about a third server from the second server accessed based on the access information about the second server, in response to a service connection request using the third server of an application, checks the validity of the application based on data for verifying the validity of the application included in the access information about the third server, and performs the service by accessing the third server based on the result of identifying the validity of the application.

Mechanisms for protecting an application from an untrusted operating system (OS) are provided, the methods including: determining that a virtual address for a page of memory allocated by the untrusted OS for the application belongs to a valid mapping; determining that the page of memory is not already in use; and in response to determining that the virtual address for the page of memory belongs to a valid mapping and determining that the page of memory is not already in use, mapping the page of memory to an enclaved container for the application. Some mechanisms further include unmapping the page of memory from the untrusted OS. In some mechanism, determining that the virtual address for the page of memory belongs to a valid mapping is based on a list of valid mappings for the application.

Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

A system for kernel protection includes a processor and a transmission interface. The processor is arranged to execute at least one guest virtual machine (VM), at least one primary VM, and a hypervisor. The at least one guest VM is arranged to send at least one command to a command hub. The at least one primary VM is arranged to manage and configure a safety setting according to the at least one command from the command hub and at least one policy, and manage and configure a safety protection component according to the safety setting. The hypervisor is arranged to manage and configure the safety protection component according to a ground rule and at least one safety setting command from the at least one primary VM. The transmission interface is arranged to bind the at least one primary VM to the hypervisor.

A system for application (APP) protection includes a processor. The processor is arranged to execute a guest virtual machine (VM), at least one primary VM, a hypervisor, and a host VM, wherein at least one APP protection with at least one identification (ID) of the at least one APP running on the guest VM is downloaded to the guest VM. The hypervisor includes an install service module and a launcher module. The host VM is arranged to: receive at least one install command from the guest VM, and generate an install service command to the install service module; verify the at least one APP protection by the at least one ID and generate at least one verification result; obtain the at least one ID from the at least one primary VM according to the at least one verification result; and generate a launch command to the launcher module.

A method to control the display of content on a screen connected to a processing platform, the content including access conditions, and the method including acquiring an image within a sensitive area, the sensitive area being an area within which content displayed on the screen would be within the field of view of an observer placed thereat, detecting a number of potential observers within the sensitive area, acquiring a number of credentials from the detected observers within the sensitive area, if the number of credentials is below the number of detected observers, disabling the display of the content, if the number of credentials equal the number of detected observers, comparing each credential with the access conditions and if all credentials match the access conditions, enabling display of the content.

Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.