Patent application number | Description | Published |
20080313489 | FLASH MEMORY-HOSTED LOCAL AND REMOTE OUT-OF-SERVICE PLATFORM MANAGEABILITY - A method, apparatus, and system are disclosed. In one embodiment, the method determines whether one or more manageability conditions are present in a computer system, and then invokes an out-of-service manageability remediation environment stored within a portion of a flash device in the computer system when one or more manageability conditions are present. | 12-18-2008 |
20090089887 | Theft-deterrence method and apparatus for processor based devices - A manageability engine of a processor based device and a host theft-deterrence agent of the processor based device, jointly implement a theft-deterrence protocol with a theft-deterrence service, remotely disposed from the processor based device, to deter theft of the processor based device. The host theft-deterrence agent is configured to operate in a processor operated application execution environment of the processor based device, and the manageability engine is configured to operate outside the application execution environment. | 04-02-2009 |
20090248583 | DEVICE, SYSTEM, AND METHOD FOR SECURE ONLINE TRANSACTIONS - A device, system, and method for providing an Internet webpage using a primary operating system for conducting an online transaction and for providing an interface associated with the Internet webpage using a secondary operating system. The data entered by a user into the interface may be inaccessible to the primary operating system. The secondary operating system may verify the data entered by the user, for example, by comparing the entered data with secret data. The secret data may correspond to an account. The secret data may be stored in a hardware location of a computing device. When the data entered by the user is verified, a request may be transmitted to a server associated with the account. In response to the transmitting, a transaction specific code may be received for completing the online transaction. Other embodiments are described and claimed. | 10-01-2009 |
20090249462 | METHOD, APPARATUS, AND SYSTEM FOR SENDING CREDENTIALS SECURELY - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed. | 10-01-2009 |
20090249463 | METHOD AND APPARATUS FOR SECURED EMBEDDED DEVICE COMMUNICATION - In a computing device that includes a host operating system and a management engine separate from the host operating system, if the primary operating system is not operating, a management engine may obtain from a credential server via a first network connection logon information for a secured network and the management engine connects to the secure network through a secured connection using the logon information. If the operating system is operating the operating system provides the logon information to the management engine. Certificate verification may be performed by a remote server on behalf of the management engine. Other embodiments are disclosed and claimed. | 10-01-2009 |
20090282265 | METHOD AND APPARATUS FOR PREVENTING ACCESS TO ENCRYPTED DATA IN A NODE - A method of preventing access of data in a node quickly and securely when the node is lost or stolen. The data is first encrypted using an encryption algorithm with a cryptographic key-material. Heuristic methods of detecting un-authorized access to the node are implemented to generate a theft-trigger. The theft-trigger is received and sent to a central authority. The validity of the trigger is verified and the central authority sends an acknowledgement of the trigger. When approval is given from the central authority, access to the data is prevented by deleting or concealing some cryptographic key-material. | 11-12-2009 |
20090287938 | METHOD AND APPARATUS WITH CHIPSET-BASED PROTECTION FOR LOCAL AND REMOTE AUTHENTICATION OF BOOTING FROM PERIPHERAL DEVICES - Method and apparatus enabling a computing system to deter or thwart unauthorized boot-up from peripheral devices are disclosed herein. In various embodiments, a monitoring module and a managing module are employed cooperating with each other to authorize users in booting up the computing system from peripheral devices. | 11-19-2009 |
20090292924 | MECHANISM FOR DETECTING HUMAN PRESENCE USING AUTHENTICATED INPUT ACTIVITY - When a service request associated with an initiated online service transaction is received, an attestation identifying a human-input activity is requested. Upon receiving a signature attesting the human-input activity, the previously initiated service transaction is authenticated based at least in part on the signature. | 11-26-2009 |
20100023782 | CRYPTOGRAPHIC KEY-TO-POLICY ASSOCIATION AND ENFORCEMENT FOR SECURE KEY-MANAGEMENT AND POLICY EXECUTION - Key-to-policy association and hardware-based policy enforcement for file/folder encryption (FFE) and/or full-disk encryption (FDE) are provided. A CPU independent microprocessor (CIM) is coupled to a platform and provides a secure storage service, secure non-volatile storage, secure policy enforcement engine, and system interface for communication with platform components independent of the CPU. The CIM stores a key and its associated policies by generating a hardware-derived key to wrap the key prior to securely storing it in non-volatile storage on the CIM. Upon receiving a request for key-access by an application, policy status and credentials are verified before the key is returned. | 01-28-2010 |
20100082955 | VERIFICATION OF CHIPSET FIRMWARE UPDATES - In general, in one aspect, the disclosure describes an apparatus that includes updatable non-volatile memory to store firmware and non-updateable non-volatile memory to store an interrupt sequence. The apparatus includes a chip interface to receive an interrupt instruction from management firmware. Receipt of the interrupt instruction controls access to and initiation of the interrupt sequence. After initiation of the interrupt sequence the apparatus may receive a firmware update and/or validate the firmware is from a valid source. The validation of the firmware may include utilizing the management firmware to verify the cryptographic signature for the firmware. | 04-01-2010 |
20100162368 | Method, apparatus and system for remote management of mobile devices - An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon's to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible. | 06-24-2010 |
20100169965 | Enabling a service to return lost laptops - A method, system, and computer-readable storage medium for providing a unique identifier for a computer system and a message from a service external to the computer system, such as a laptop return service, for display when the computer system is powered on. The computer system is configured to restrict functionality until the service authorizes restoration of full functionality of the computer system. The message includes contact information for the laptop return service and, when the service is contacted, the service sends an instruction to return the computer system to full functionality. Other embodiments are described and claimed. | 07-01-2010 |
20120272057 | Method and Apparatus for Secured Embedded Device Communication - In a computing device that includes a host operating system and a management engine separate from the host operating system, if the primary operating system is not operating, a management engine may obtain from a credential server via a first network connection logon information for a secured network and the management engine connects to the secure network through a secured connection using the logon information. If the operating system is operating the operating system provides the logon information to the management engine. Certificate verification may be performed by a remote server on behalf of the management engine. Other embodiments are disclosed and claimed. | 10-25-2012 |
20120284499 | METHOD AND APPARATUS WITH CHIPSET-BASED PROTECTION FOR LOCAL AND REMOTE AUTHENTICATION OF BOOTING FROM PERIPHERAL DEVICES - Method and apparatus enabling a computing system to deter or thwart unauthorized boot-up from peripheral devices are disclosed herein. In various embodiments, a monitoring module and a managing module are employed cooperating with each other to authorize users in booting up the computing system from peripheral devices. | 11-08-2012 |
20130007466 | PROTECTING KEYSTROKES RECEIVED FROM A KEYBOARD IN A PLATFORM CONTAINING EMBEDDED CONTROLLERS - Systems and methods of managing keystroke data in embedded keyboard environments may involve transferring a mode request from a management controller to an embedded controller of a keyboard via a dedicated communication channel. Keystroke activity can be detected at the keyboard, and keystroke data may be transferred from the embedded controller to the management controller via the dedicated communication channel in response to the keystroke activity and the mode request. In addition, the management controller may be used to encrypt the keystroke data, wherein the encrypted keystroke data can be transmitted from the management controller to an off-platform service via a network controller. | 01-03-2013 |
20130091590 | ENABLING A SERVICE TO RETURN LOST LAPTOPS - A method, system, and computer-readable storage medium for providing a unique identifier for a computer system and a message from a service external to the computer system, such as a laptop return service, for display when the computer system is powered on. The computer system is configured to restrict functionality until the service authorizes restoration of full functionality of the computer system. The message includes contact information for the laptop return service and, when the service is contacted, the service sends an instruction to return the computer system to full functionality. Other embodiments are described and claimed. | 04-11-2013 |
20130125218 | METHOD, APPARATUS AND SYSTEM FOR REMOTE MANAGEMENT OF MOBILE DEVICES - An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon's to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible. | 05-16-2013 |
20140007072 | MECHANISM FOR FACILITATING DYNAMIC AND TRUSTED CLOUD-BASED EXTENSION UPGRADES FOR COMPUTING SYSTEMS | 01-02-2014 |
20140007221 | SECURE IMAGE AUTHENTICATION | 01-02-2014 |
20140025575 | TECHNIQUES FOR OUT-OF-BAND TRANSACTION VERIFICATION - Various embodiments are generally directed to cooperation among networked devices to seek out-of-band verification that an online transaction is requested by a person authorized to do so. An apparatus comprises a processor circuit and a storage communicatively coupled to the processor circuit and storing a sequence of instructions operative on the processor circuit to receive a transaction request requesting performance of a transaction via a first communications channel from a transaction device; transmit a verification request to another computing device via a second communications channel; receive a response to the verification request via the second communications channel; and perform the transaction in response to an indication in the response that the transaction has been verified. Other embodiments are described and claimed herein. | 01-23-2014 |
20140032896 | SECURE COMMUNICATION USING PHYSICAL PROXIMITY - Systems and methods may provide for implementing a secure communication using physical proximity. In one example, the method may include transmitting an encrypted first communication including a sensitive information file, decrypting the encrypted first communication to generate a decrypted first communication including the sensitive information file displaying the decrypted first communication, capturing a version of the decrypted first communication displayed on the intermediary device, and extracting the sensitive information file at a user device. | 01-30-2014 |
20140115662 | Mechanism for Detecting Human Presence Using Authenticated Input Activity Timestamps - When a service request associated with an initiated online service transaction is received, an attestation identifying a human-input activity is requested. Upon receiving a signature attesting the human-input activity, the previously initiated service transaction is authenticated based at least in part on the signature. | 04-24-2014 |
20140187152 | SECURE TRANSFER OF WHITEBOARD CONTENT - Technologies for securely transferring whiteboard content data from a smart whiteboard device to another smart whiteboard device are disclosed. The smart whiteboard device may securely transfer the whiteboard content data to a mobile device. In response to receiving the whiteboard content data from the smart whiteboard device, the mobile device may transfer the received whiteboard content data to the other smart whiteboard device. The other smart whiteboard device may display the transferred whiteboard content data and enable manipulation thereof. | 07-03-2014 |
20140201030 | DYNAMIC PAYMENT SERVICE - Systems and methods may provide for implementing a dynamic payment service. In one example, the method may generate a request communication including purchase detail information relating to an item to request credit from a vendor to conduct a transaction relating to the item, determine a scope of credit to be issued to conduct the transaction relating to the item based on the purchase detail information, and generate a payment communication including the transaction information to complete the transaction relating to the item. | 07-17-2014 |
20140201568 | Flash Memory-Hosted Local and Remote Out-of-Service Platform Manageability - A method, apparatus, and system are disclosed. In one embodiment, the method determines whether one or more manageability conditions are present in a computer system, and then invokes an out-of-service manageability remediation environment stored within a portion of a flash device in the computer system when one or more manageability conditions are present. | 07-17-2014 |
20140337918 | CONTEXT BASED SWITCHING TO A SECURE OPERATING SYSTEM ENVIRONMENT - Generally, this disclosure provides devices, systems, methods and computer readable media for context based switching to a secure OS environment including cloud based data synchronization and filtration. The device may include a storage controller to provide access to the secure OS stored in an initially provisioned state; a context determination module to monitor web site access, classify a transaction between the device and the website and identify a match between the web site and a list of web sites associated with secure OS operation or a match between the transaction classification and a list of transaction types associated with secure OS operation; and an OS switching module to switch from a main OS to the secure OS in response to the identified match. The switch may include updating state data associated with the secure OS, the state data received from a secure cloud-based data synchronization server. | 11-13-2014 |
20140380447 | Method, Apparatus, and System for Sending Credentials Securely - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed. | 12-25-2014 |