Patent application number | Description | Published |
20130044128 | CONTEXT ADAPTIVE USER INTERFACE FOR AUGMENTED REALITY DISPLAY - A user interface includes a virtual object having an appearance in context with a real environment of a user using a see-through, near-eye augmented reality display device system. A virtual type of object and at least one real world object are selected based on compatibility criteria for forming a physical connection like attachment, supporting or integration of the virtual object with the at least one real object. Other appearance characteristics, e.g. color, size or shape, of the virtual object are selected for satisfying compatibility criteria with the selected at least one real object. Additionally, a virtual object type and appearance characteristics of the virtual object may be selected based on a social context of the user, a personal context of the user or both. | 02-21-2013 |
20130044129 | LOCATION BASED SKINS FOR MIXED REALITY DISPLAYS - The technology provides embodiments for providing a location-based skin for a see-through, mixed reality display device system. In many embodiments, a location-based skin includes a virtual object viewable by a see-through, mixed reality display device system which has been detected in a specific location. Some location-based skins implement an ambient effect. The see-through, mixed reality display device system is detected to be present in a location and receives and displays a skin while in the location in accordance with user settings. User data may be uploaded and displayed in a skin in accordance with user settings. A location may be a physical space at a fixed position and may also be a space defined relative to a position of a real object, for example, another see-through, mixed reality display device system. Furthermore, a location may be a location within another location. | 02-21-2013 |
20130093788 | USER CONTROLLED REAL OBJECT DISAPPEARANCE IN A MIXED REALITY DISPLAY - The technology causes disappearance of a real object in a field of view of a see-through, mixed reality display device system based on user disappearance criteria. Image data is tracked to the real object in the field of view of the see-through display for implementing an alteration technique on the real object causing its disappearance from the display. A real object may satisfy user disappearance criteria by being associated with subject matter that the user does not wish to see or by not satisfying relevance criteria for a current subject matter of interest to the user. In some embodiments, based on a 3D model of a location of the display device system, an alteration technique may be selected for a real object based on a visibility level associated with the position within the location. Image data for alteration may be prefetched based on a location of the display device system. | 04-18-2013 |
20130154958 | CONTENT SYSTEM WITH SECONDARY TOUCH CONTROLLER - A controller for a content presentation and interaction system which includes a primary content presentation device. The controller includes a tactile control input and a touch screen control input. The tactile control input is responsive to the inputs of a first user and communicatively coupled to the content presentation device. The controller a plurality of tactile input mechanisms and provides a first set of the plurality of control inputs manipulating content. The controller includes a touch screen control input responsive to the inputs of the first user and communicatively coupled to the content presentation device. The second controller is proximate the first controller and provides a second set of the plurality of control inputs. The second set of control inputs includes alternative inputs for at least some of the controls and additional inputs not available using the tactile input mechanisms. | 06-20-2013 |
Patent application number | Description | Published |
20110306426 | Activity Participation Based On User Intent - A method for enabling a user to participate in an activity in a processing device based on user intent is provided. The method includes receiving a wish list of intents from a user on a processing device. The wish list of intents identifies user intent to participate in one or more activities in processing device. A matching list of intents is generated for the user based on the wish list of intents. The matching list of intents includes at least one activity identified by other users such as users in the user's friends list that match an intent in the wish list of intents specified by the user. The activities may include one or more multiplayer games in the gaming system. A selection of one or more other users in the matching list of intents is received from the user. An activity trigger notification associated with the activity may be provided to the user and the other users based on the selection. | 12-15-2011 |
20110320536 | ACCELERATION OF SOCIAL INTERACTIONS - A system and method for facilitating social interactions between different individuals. Information available about each of the individuals engaged in a social interaction is used to provide a “social accelerator” for an interaction between the individuals. Social interactions are improved or accelerated by aggregating available information about individuals participating in an information system. When an interaction event trigger is received, the context of context for possible social interaction between the users around the trigger event is determined. A social accelerator is selected from available interest information common to the participating user and the target user, and the social accelerator is provided to one of the individuals. | 12-29-2011 |
20120327116 | TOTAL FIELD OF VIEW CLASSIFICATION FOR HEAD-MOUNTED DISPLAY - Virtual images are located for display in a head-mounted display (HMD) to provide an augment reality view to an HMD wearer. Sensor data may be collected from on-board sensors provided on an HMD. Additionally, other day may be collected from external sources. Based on the collected sensor data and other data, the position and rotation of the HMD wearer's head relative to the HMD wearer's body and surrounding environment may be determined. After resolving the HMD wearer's head position, the HMD wearer's total field of view (TFOV) may be classified into regions. Virtual images may then be located in the classified TFOV regions to locate the virtual images relative to the HMD wearer's body and surrounding environment. | 12-27-2012 |
20130093789 | TOTAL FIELD OF VIEW CLASSIFICATION FOR HEAD-MOUNTED DISPLAY - Virtual images are located for display in a head-mounted display (HMD) to provide an augment reality view to an HMD wearer. Sensor data may be collected from on-board sensors provided on an HMD. Additionally, other day may be collected from external sources. Based on the collected sensor data and other data, the position and rotation of the HMD wearer's head relative to the HMD wearer's body and surrounding environment may be determined. After resolving the HMD wearer's head position, the HMD wearer's total field of view (TFOV) may be classified into regions. Virtual images may then be located in the classified TFOV regions to locate the virtual images relative to the HMD wearer's body and surrounding environment. | 04-18-2013 |
20130169682 | TOUCH AND SOCIAL CUES AS INPUTS INTO A COMPUTER - A system for automatically displaying virtual objects within a mixed reality environment is described. In some embodiments, a see-through head-mounted display device (HMD) identifies a real object (e.g., a person or book) within a field of view of the HMD, detects one or more interactions associated with real object, and automatically displays virtual objects associated with the real object if the one or more interactions involve touching or satisfy one or more social rules stored in a social rules database. The one or more social rules may be used to infer a particular social relationship by considering the distance to another person, the type of environment (e.g., at home or work), and particular physical interactions (e.g., handshakes or hugs). The virtual objects displayed on the HMD may depend on the particular social relationship inferred (e.g., a friend or acquaintance). | 07-04-2013 |
Patent application number | Description | Published |
20110150872 | SOLUBLE HETERODIMERIC CYTOKINE RECEPTOR - A soluble receptor that binds to IL-20 having two polypeptide subunits, IL-22R and IL-20RB. The two subunits are preferably linked together. In one embodiment one subunit is fused to the constant region of the light chain of an immunoglobulin, and the other subunit is fused to the constant region of the heavy chain of the immunoglobulin. The light chain and the heavy chain are connected via a disulfide bond. | 06-23-2011 |
20130302795 | CYTOKINE ZALPHA11 LIGAND - Antibodies that bind to polypeptides and peptides comprising the sequence of zalpha11 Ligand as shown in SEQ ID NO: 2 are described. The antibodies may bind the full length sequence of 162 amino acid residues or a fragment thereof, including a mature polypeptide of 131 amino acid residues and smaller polypeptide and peptide sequences. The antibodies may include antibodies that are polyclonal, monoclonal, murine, humanized or neutralizing. Methods for producing the antibodies are also described. | 11-14-2013 |
20150080721 | DETECTION OF TUMOR MICROENVIRONMENT WITH CHLOROTOXIN CONJUGATES - The present disclosure provides methods for detecting a tumor microenvironment, a peritumoral tissue, or a portion thereof using a chlorotoxin conjugate. Also provided are chlorotoxin peptides and variants thereof conjugated to a detectable label for use in detecting a tumor microenvironment, a peritumoral tissue, or a portion thereof. | 03-19-2015 |
Patent application number | Description | Published |
20130302332 | METHOD FOR TREATING INFLAMMATION - A method for treating IL-20 induced inflammation. An antagonist to IL-20 is administered to treat inflammation and associated diseases. The antagonist can be an antibody that binds to IL-20 or its receptor or a soluble receptor that binds to IL-20. Examples of such diseases are adult respiratory disease, psoriasis, eczema, contact dermatitis, atopic dermatitis, septic shock, multiple organ failure, inflammatory lung injury, bacterial pneumonia, inflammatory bowel disease, rheumatoid arthritis, asthma, ulcerative colitis and Crohn's disease. | 11-14-2013 |
20140271645 | METHOD FOR TREATING INFLAMMATION - A method for treating IL-20 induced inflammation. An antagonist to IL-20 is administered to treat inflammation and associated diseases. The antagonist can be an antibody that binds to IL-20 or its receptor or a soluble receptor that binds to IL-20. Examples of such diseases are adult respiratory disease, psoriasis, eczema, contact dermatitis, atopic dermatitis, septic shock, multiple organ failure, inflammatory lung injury, bacterial pneumonia, inflammatory bowel disease, rheumatoid arthritis, asthma, ulcerative colitis and Crohn's disease. | 09-18-2014 |
Patent application number | Description | Published |
20120084850 | TRUSTWORTHY DEVICE CLAIMS FOR ENTERPRISE APPLICATIONS - Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality. | 04-05-2012 |
20120084851 | TRUSTWORTHY DEVICE CLAIMS AS A SERVICE - Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issues may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet. | 04-05-2012 |
20130061299 | DISTRIBUTED COMPUTER SYSTEMS WITH TIME-DEPENDENT CREDENTIALS - A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential. | 03-07-2013 |
Patent application number | Description | Published |
20090178129 | SELECTIVE AUTHORIZATION BASED ON AUTHENTICATION INPUT ATTRIBUTES - Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input. | 07-09-2009 |
20100071048 | SERVICE BINDING - Embodiments for performing service binding between a client and a target server are disclosed. In accordance with one embodiment, a clear text client service binding value is received from a client at the target server, the client service binding value is compared to a server service binding value, and a communication channel is formed between the client and the target server when the client service binding value matches the server service binding value. | 03-18-2010 |
20110088085 | PROTECTING PASSWORD FROM ATTACK - A password may be provided along with a validation code, which can help prevent the password from being sent to the wrong recipient. When a password is created, a validation code may be created based on (a) the password, and (b) the identity of the target of authentication (TA) to which the password is intended to be sent. When a user is requested to provide a password, validation component intercepts the request and asks the user to enter both the password and validation code. The validation component then re-calculates the validation code based on the entered password and on the TA that is requesting the password. If the re-calculated validation code matches the validation code entered by the user, then the password is released to the user agent that the user uses to communicate with the TA, and the user agent sends the password to the requesting TA. | 04-14-2011 |
20110307711 | DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT - Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner. | 12-15-2011 |
20120204020 | SELF REGULATION OF THE SUBJECT OF ATTESTATION - Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication. | 08-09-2012 |
20120297455 | TARGET-BASED ACCESS CHECK INDEPENDENT OF ACCESS REQUEST - A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource. | 11-22-2012 |
20130125199 | TESTING ACCESS POLICIES - A policy that governs access to a resource may be tested against real-world access requests before being used to control access to the resource. In one example, access to a resource is governed by a policy, referred to as an effective policy. When the policy is to be modified or replaced, the modification or replacement may become a test policy. When a request is made to access the resource, the request may be evaluated under both the effective policy and the test policy. Whether access is granted is determined under the effective policy, but the decision that would be made under the test policy is noted, and may be logged. If the test policy is determined to behave acceptably when confronted with real-world access requests, then the current effective policy may be replaced with the test policy. | 05-16-2013 |
20130205360 | PROTECTING USER CREDENTIALS FROM A COMPUTING DEVICE - Protecting user credentials from a computing device includes establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider. | 08-08-2013 |
20130339729 | NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS - A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity. | 12-19-2013 |
20140040890 | TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINE CLONING - Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine. | 02-06-2014 |
20140129817 | DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT - Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner. | 05-08-2014 |
20140173286 | Input Challenge Based Authentication - Input challenge based authentication techniques are described in which data regarding a user's input signature is employed for authentication of the user to access resources. Different users have distinct input signatures that are indicative of the manner in which each individual user provides input including at least typing characteristics and timing data. Data regarding input signatures may be captured from user interaction with computing devices and associated with user accounts. Once sufficient data regarding a user's input signature is captured, access to a user account may be controlled at least in part based on the input signature. To do so, an input challenge that indicates a non-secret pattern of input is presented to the user in connection with an authentication sequence. The user reproduces the non-secret pattern of input and selective access to the user account is granted depending upon whether or not the reproduction matches the input signature. | 06-19-2014 |
20140304506 | NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS - A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity. | 10-09-2014 |
Patent application number | Description | Published |
20120110644 | GLOBALLY VALID MEASURED OPERATING SYSTEM LAUNCH WITH HIBERNATION SUPPORT - An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations. | 05-03-2012 |
20120131661 | BACK-END CONSTRAINED DELEGATION MODEL - A client can communicate with a middle tier, which can then, in turn, communicate with a back end tier to access information and resources on behalf of the client within the context of a system that can scale well. Each individual back end can establish a policy that defines which computing device can delegate to that back end. That policy can be enforced by a domain controller within the same administrative domain as the particular back end. When a middle tier requests to delegate to a back end, the domain controller to which that request was directed can either apply the policy, or, if the domain controller is in a different domain than the targeted back end, it can direct the middle tier to a domain controller in a different domain and can sign relevant information that the middle tier can utilize when communicating with that different domain controller. | 05-24-2012 |
20120167158 | SCOPED RESOURCE AUTHORIZATION POLICIES - Resource authorization policies and resource scopes may be defined separately, thereby decoupling a set of authorization rules from the scope of resources to which those rules apply. In one example, a resource includes anything that can be used in a computing environment (e.g., a file, a device, etc.). A scope describes a set of resources (e.g., all files in folder X, all files labeled “Y”, etc.). Policies describe what can be done with a resource (e.g., “read-only,” “read/write,” “delete, if requestor is a member of the admin group,” etc.). When scopes and policies have been defined, they may be linked, thereby indicating that the policy applies to any resource within the scope. When a request for the resource is made, the request is evaluated against all policies associated with scopes that contain the resource. If the conditions specified in the policies apply, then the request may be granted. | 06-28-2012 |
20130347063 | HANDLING CLAIMS TRAVERSING SECURITY BOUNDARIES - Sharing security claims across different security contexts. A method includes, for a first security context, identifying a first set of security claims. The method further includes for the first security context identifying a second set of security claims from the first set of security claims that is allowed to be sent from the first security context. The first set of security claims is modified to create the second set of security claims. For a second security context, security claim requirements are identified. The second set of security claims is modified to satisfy the security claim requirements for the second security context. | 12-26-2013 |
20150078550 | SECURITY PROCESSING UNIT WITH CONFIGURABLE ACCESS CONTROL - A security processing unit is configured to manage cryptographic keys. In some instances, the security processing unit may comprise a co-processing unit that includes memory, one or more processors, and other components to perform operations in a secure environment. A component that is external to the security processing unit may communicate with the security processing unit to generate a cryptographic key, manage access to a cryptographic key, encrypt/decrypt data with a cryptographic key, or otherwise utilize a cryptographic key. The external component may comprise a central processing unit, an application, and/or any other hardware or software component that is located outside the security processing unit. | 03-19-2015 |
20150082048 | KEYING INFRASTRUCTURE - A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived. | 03-19-2015 |
Patent application number | Description | Published |
20130179414 | MECHANISMS FOR CONNECTING FILES BETWEEN APPLICATIONS - The claimed subject matter provides for systems and/or methods for accessing and/or updating files by a first application in which the first application does not have direct accessibility to said file. In some embodiments, file host applications that are not directly accessible to said first application may be connected to through a file picker extensibility point that enable the first application to acquire files through an operating system user experience. In these various embodiments, the system may provide for one or more of the following functionalities: (1) refreshing content that is controlled by a file host application; (2) updating content that is controlled by a file host application; (3) exporting files from an application to a file host application; (4) a user interface for export operations and file host application intervention and (5) a file host extensibility point provided by the operating system. | 07-11-2013 |
20140324776 | FILE MANAGEMENT WITH PLACEHOLDERS - Aspects of the subject matter described herein relate to file system placeholders. In aspects, placeholders may be used by a client to represent remote file system objects. The placeholders may include metadata and may also include none, some, or all of the content of the represented remote file system objects. In conjunction with local file system metadata, the placeholders allow a file system namespace to be navigated and may also allow other operations to be performed on the file system objects even when the client is offline with respect to the remote file system. After connectivity is re-established with the remote file system, the placeholders may be used in synchronizing changes. | 10-30-2014 |
20140324777 | SEARCHING AND PLACEHOLDERS - Aspects of the subject matter described herein relate to file system placeholders. In aspects, placeholders may be used by a client to represent remote file system objects. The placeholders may include metadata, searchable text, and may also include none, some, or all of the content of the represented remote file system objects. Search data from the placeholders is integrated into a local search database of the client such that the client is able to satisfy queries and identify relevant local and remote file system objects even when the client is offline with respect to remote storage. | 10-30-2014 |
20140324945 | HYDRATION AND DEHYDRATION WITH PLACEHOLDERS - Aspects of the subject matter described herein relate to file system placeholders. In aspects, placeholders may be used by a client to represent remote file system objects. The placeholders may include metadata and may also include none, some, or all of the content of the represented remote file system objects. In conjunction with placeholders and based on one or more factors, a client may hydrate or dehydrate file system objects of the client to follow user directives, inferred user intent, and storage policies of the client. | 10-30-2014 |
20140330874 | STREAMING CONTENT AND PLACEHOLDERS - Aspects of the subject matter described herein relate to file system placeholders. In aspects, placeholders may be used by a client to represent remote file system objects. The placeholders may include metadata and may also include none, some, or all of the content of the represented remote file system objects. In response to a request to access content of a file system object represented by a placeholder, a client may obtain needed data from a remote storage system and stream or not stream the data to the requesting application based on whether the requesting application is capable of streaming the data. | 11-06-2014 |