| Patent application number | Description | Published |
|---|
| 20080244569 | System and Method for Reporting the Trusted State of a Virtual Machine - A system, method, and program product is provided that executes a start sequence of an information handling system that includes a hardware based TPM. Multiple PCRs are stored in the TPM and are initialized to a predetermined state when the start sequence commences. During execution of the start sequence, software modules, including a hypervisor, are loaded the system's memory. PCR values resulting from the loading of the software modules are calculated. The resulting PCR values are compared with expected PCR values. If the PCR values match the expected PCR values, then a virtual environment is created under the hypervisor. The virtual environment includes a VM and a virtual trust platform module (vTPM) that is used by the virtual machine to satisfy the virtual machines TPM requests. | 10-02-2008 |
| 20080263378 | System and method for protecting disk drive password when bios causes computer to leave suspend state - To unlock a HDD when a computer is in the suspend state, at both BIOS and the HDD a secret is combined with a password to render a new one-time password. BIOS sends its new one-time password to the HDD which unlocks itself only if a match is found. The new one-time password is then saved as an “old” password for subsequent combination with the secret when coming out of subsequent suspend states. In this way, if a computer is stolen the thief cannot sniff the bus between BIOS and the HDD to obtain a password that is of any use once the computer ever re-enters the suspend state. | 10-23-2008 |
| 20090083534 | REMOTE PC BOOTUP VIA A HANDHELD COMMUNICATION DEVICE - A method computer usable medium and computer system circuitry are disclosed for starting or “booting up” a computer from a remote location using a remote command device such as a cellular telephone. The method and system includes a secure means for remotely storing and transmitting security passwords. | 03-26-2009 |
| 20090083539 | Method for Securely Creating an Endorsement Certificate in an Insecure Environment - A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed. | 03-26-2009 |
| 20090083555 | REMOTE COMPUTER LOCKDOWN - A method and system are disclosed for placing a computer in a safe and secure lock down state from a remote location using a remote command device such as a cellular telephone. The method and system includes optional security provisions before restarting the computer. | 03-26-2009 |
| 20090119785 | System and Method for Secure Usage of Peripheral Devices Using Shared Secrets - A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented. | 05-07-2009 |
| 20090178033 | System and Method to Update Device Driver or Firmware Using a Hypervisor Environment Without System Shutdown - A system, method, and program product is provided that has a virtualized environment provided by a hypervisor. In the virtualized environment, one or more guest operating systems operate simultaneously with a privileged operating system. One of the guest operating systems identifies a device software update, such as a device driver or firmware update, corresponding to a hardware device that is attached to the computer system. The hypervisor is used to notify the privileged operating system of the device software update. When the privileged operating system is notified of the update, the privileged operating system uses one or more techniques to deny the guest operating systems access to the device. The privileged operating system then updates the device software update. After the device software update has been applied, the privileged operating system resumes access between the guest operating systems and the hardware device. | 07-09-2009 |
| 20090205044 | APPARATUS, SYSTEM, AND METHOD FOR SECURE HARD DRIVE SIGNED AUDIT - An apparatus, system, and method are disclosed for secure hard disk signed audit. The apparatus is provided with a plurality of modules configured to functionally execute the necessary steps of monitoring interactions with an audited system, detecting an interrupt event corresponding to an auditable interaction, and logging an audit record for the auditable interaction in response to the interrupt event, wherein the audit record is logged in an access-restricted portion of a portion-securable hard disk. These modules in the described embodiments include a gate module, a detection module, and a logging module. | 08-13-2009 |
| 20090222635 | System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory - A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process. | 09-03-2009 |
| 20090222915 | System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory - A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory. | 09-03-2009 |
| 20090241032 | APPARATUS, SYSTEM, AND METHOD FOR UNIFORM RESOURCE LOCATOR SHARING - An apparatus, system, and method are disclosed for URL sharing. A link module links a plurality of user browsing sessions in a URL sharing session. A select module selects a user browsing session. A communication module communicates a URL for the selected user browsing session to each linked user browsing session. A display module displays the URL and corresponding web page of the selected user browsing session at each user browsing session. | 09-24-2009 |
| 20090241164 | System and Method for Protecting Assets Using Wide Area Network Connection - A system, method, and program product is provided that detects whether a network adapter has been removed from a computer system. If the network adapter, such as a wireless network adapter, has been removed from the computer system, then a tamper evident indicator (e.g., bit) is set in a nonvolatile memory area of the computer system. In addition, a hard drive password is set to a different password according to a hard drive password policy. The hard drive password controls access to files stored on the hard drive. In one embodiment, the power-on password is also changed to a new password so that the user has to enter the new power-on password when initializing the computer system in order to access the files stored on the computer system. | 09-24-2009 |
| 20090249434 | APPARATUS, SYSTEM, AND METHOD FOR PRE-BOOT POLICY MODIFICATION - An apparatus, system, and method are disclosed for pre-boot policy modification. A key module exchanges a key with a server in a secure environment. A communication module receives a policy encoded with the key. A decode module decodes the encoded policy using the key and saves the policy setting prior to booting an operating system on the computer. An update module boots the computer using the policy. | 10-01-2009 |
| 20100039387 | Slate Wireless Keyboard Connection and Proximity Display Enhancement for Visible Display Area - An approach is provided that identifies when a wireless keyboard unit is connected to an information handling system that includes a display screen that is partially blocked when the keyboard is attached. A determination is made as to the size of the visible portion of the display screen. Items are displayed on the visible portion of the display screen. The approach refrains from displaying items on the blocked portion of the display screen. The user is able to move the wireless keyboard, the movement of the keyboard resulting in a changed size of the visible portion of the display screen. After the keyboard is repositioned, the visual items are re-displayed on the visible portion of the display screen so that the items fit in the changed size of the visible portion of the display screen. | 02-18-2010 |
| 20100058082 | MAINTAINING NETWORK LINK DURING SUSPEND STATE - A low power processor in a computer is kept energized in a suspend state in which a main processor of the computer is deenergized. The low power processor maintains a network connection by sending keepalive packets as required by the network communication protocol. | 03-04-2010 |
| 20100083366 | Blocking Computer System Ports on Per User Basis - An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted. | 04-01-2010 |
| 20100106994 | METHOD, APPARATUS, AND SYSTEM FOR ADAPTING POWER CONSUMPTION - A method, apparatus, and system are disclosed for adapting power consumption. A recording module records a usage record for each component within a computer at scheduled audit times. The usage record comprises a usage level, an application list, a time stamp, a network access point, a computation category, a time category, and a location category. A scenario module creates a plurality of usage scenarios. Each usage scenario comprises a unique combination of a specified computation category, a specified time category, and a specified location category. A profile module creates a power setting profile for each usage scenario. Each power setting profile specifies a target power status for each component of the computer. A scenario detection module detects a first usage scenario. An adjustment module sets a power status of each component to the first usage scenario target power status for the component. | 04-29-2010 |
| 20100115256 | METHOD, APPARATUS, AND SYSTEM FOR QUIESCING A BOOT ENVIRONMENT - An apparatus, system, and method are disclosed for quiescing a boot environment. A reservation module reserves a portion of a first storage device. A store module stores an update boot image to the reserved portion. A detection module detects the update boot image stored on the first storage device when the computer boots and executes the update boot image in place of a standard boot image in response to detecting the update boot image. The update boot image places a computer in a known quiescent state. | 05-06-2010 |
| 20100122250 | Apparatus, System, and Method for Granting Hypervisor Privileges - An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer | 05-13-2010 |
| 20100146317 | Apparatus, System, and Method for Power Management Utilizing Multiple Processor Types - An apparatus, system, and method are disclosed for computer system power management. A control module | 06-10-2010 |
| 20100158253 | System and Method for Generalized Authentication - A system, method, and program product is provided that uses environments to control access to encryption keys. A request for an encryption key and an environment identifier is received. If the encryption key is not associated with the environment identifier, the request is denied. If they are associated, the system receives user-supplied environment authentication data items from a user. Examples of environment authentication data include passwords, user identifiers, user biometric data (e.g., fingerprint scan, etc.), smart cards, and the like. The system retrieves stored environment authentication data items from a secure (e.g., encrypted) storage location. The retrieved stored environment authentication data items correspond to the environment identifier that was received. The received environment authentication data items are authenticated using the retrieved stored environment authentication data items. If the authentication is successful, the user is allowed use of the requested encryption key, otherwise, the request is denied. | 06-24-2010 |
| 20100205375 | METHOD, APPARATUS, AND SYSTEM OF FORWARD CACHING FOR A MANAGED CLIENT - A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance. | 08-12-2010 |
