| Patent application number | Description | Published |
|---|
| 20080228619 | APPARATUS, SYSTEM, AND METHOD FOR ALLOCATING SERVICE REQUESTS - An apparatus, system, and method are disclosed for allocating service requests. A category module categorizes a service request for an information technology support service with a service category. The service request comprises a service requirement. An I/O module communicates the service request to a plurality of providers that are certified to provide the service category and receives bids from the providers. A selection module selects a bid according to a selection policy. A history module may store a history of bid prices and response times. | 09-18-2008 |
| 20080229301 | OUT-OF-BAND PATCH MANAGEMENT SYSTEM - A computer system is disclosed that includes a primary processor and a service processor operable regardless of a power state of the computer system. A non-volatile memory device is communicatively coupled to the primary processor and the service processor. The non-volatile memory device stores firmware which includes a first list of patches required for installation on the computer system and a second list of patches previously installed on the computer system. A comparator module is provided to determine whether there are patches included in the first list that are not included in second list. A boot module is provided to boot a maintenance operating system in the event the first list includes patches not included in the second list. The maintenance operating system is configured to install, on the computer system, patches included in the first list but not the second list. | 09-18-2008 |
| 20080239545 | System and Method to Avoid Disk Lube Pooling - A system and method to avoid disk lube pooling is presented. A track access monitor tracks the number of times that a program accesses a particular track located on a hard drive. When the track access monitor determines that the number of track accesses to a particular track exceed a track access threshold, the track access monitor invokes a sequence of events to scan adjacent tracks in order to uniformly redistribute lubrication over the hard drive. In one embodiment, the track access monitor incrementally performs the adjacent track scanning during hard drive idle periods, such as when the system waits for a password from a user or when the operating system conserves power and idles the hard drive due to lack of activity. | 10-02-2008 |
| 20080244553 | System and Method for Securely Updating Firmware Devices by Using a Hypervisor - A system, method, and program product is provided that receives and processes a firmware update at a computer system. The computer system is executing a hypervisor and one or more guest operating systems, and the firmware update corresponds to a hardware device accessible by the computer system. The hardware device is a type that is programmed using an updateable firmware. The hypervisor operating in the computer system processes the received firmware update by first inhibiting use of the device by each of the guest operating systems. After the guest operating systems have been inhibited from using the device, the firmware in the device is upgraded by the hypervisor using the received firmware update. After the firmware has been upgraded, each of the guest operating systems is allowed use of the device. | 10-02-2008 |
| 20080263378 | System and method for protecting disk drive password when bios causes computer to leave suspend state - To unlock a HDD when a computer is in the suspend state, at both BIOS and the HDD a secret is combined with a password to render a new one-time password. BIOS sends its new one-time password to the HDD which unlocks itself only if a match is found. The new one-time password is then saved as an “old” password for subsequent combination with the secret when coming out of subsequent suspend states. In this way, if a computer is stolen the thief cannot sniff the bus between BIOS and the HDD to obtain a password that is of any use once the computer ever re-enters the suspend state. | 10-23-2008 |
| 20080301675 | System and Method for Graphics Remapping in Hypervisor - A hypervisor operating system instantiates a virtual video driver to a main operating system that supports only one type of graphics adapter. The virtual driver handles graphics remapping among plural different display drivers associated with plural different display monitors to enable a computer to output data on multiple different monitors even though the main O.S. supports only one type of display driver. | 12-04-2008 |
| 20090070598 | System and Method for Secure Data Disposal - A system, method, and program product is provided that initializes expected PCRs stored in a TPM by generating and storing a random number, seeding expected PCRs with the random number, inputting a set of startup code processes to a hash algorithm resulting in a set of hash values, updating the expected PCRs using the set of hash values, and saving the expected PCRs in a nonvolatile data area that is secured by the TPM. Upon reboot, the random number is retrieved from the nonvolatile data area, the PCRs are seeded with the retrieved random number, the startup code processes are input to the hash algorithm process resulting in another set of hash values, the PCRs are updated using the resulting set of hash values, and an encrypted data object is decrypted in response to the PCRs being the same as the expected PCRs. | 03-12-2009 |
| 20090083534 | REMOTE PC BOOTUP VIA A HANDHELD COMMUNICATION DEVICE - A method computer usable medium and computer system circuitry are disclosed for starting or “booting up” a computer from a remote location using a remote command device such as a cellular telephone. The method and system includes a secure means for remotely storing and transmitting security passwords. | 03-26-2009 |
| 20090083555 | REMOTE COMPUTER LOCKDOWN - A method and system are disclosed for placing a computer in a safe and secure lock down state from a remote location using a remote command device such as a cellular telephone. The method and system includes optional security provisions before restarting the computer. | 03-26-2009 |
| 20090089808 | METHODS AND ARRANGEMENTS FOR EFFECTING SUPPLEMENTARY MAIL TRANSFER OR MANAGEMENT - Arrangements for permitting incoming mail to be transferred from a WAN Drive to a notebook computer hard drive under conditions that are not stressful to the hard drive. Preferably, a WAN card is configured to wake a notebook when mail capacity is full or close to full. Mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. In a variant embodiment, the WAN card may preferably be configured to wake a notebook when mail is received at all. Again, mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. Once mail is moved to the hard drive, the system preferably runs an embedded email program that allows the user to employ an existing VPN infrastructure. | 04-02-2009 |
| 20090119785 | System and Method for Secure Usage of Peripheral Devices Using Shared Secrets - A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented. | 05-07-2009 |
| 20090178033 | System and Method to Update Device Driver or Firmware Using a Hypervisor Environment Without System Shutdown - A system, method, and program product is provided that has a virtualized environment provided by a hypervisor. In the virtualized environment, one or more guest operating systems operate simultaneously with a privileged operating system. One of the guest operating systems identifies a device software update, such as a device driver or firmware update, corresponding to a hardware device that is attached to the computer system. The hypervisor is used to notify the privileged operating system of the device software update. When the privileged operating system is notified of the update, the privileged operating system uses one or more techniques to deny the guest operating systems access to the device. The privileged operating system then updates the device software update. After the device software update has been applied, the privileged operating system resumes access between the guest operating systems and the hardware device. | 07-09-2009 |
| 20090204822 | REDUCING THE BOOT TIME OF A TCPA BASED COMPUTING SYSTEM WHEN THE CORE ROOT OF TRUST MEASUREMENT IS EMBEDDED IN THE BOOT BLOCK CODE - A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time. | 08-13-2009 |
| 20090205044 | APPARATUS, SYSTEM, AND METHOD FOR SECURE HARD DRIVE SIGNED AUDIT - An apparatus, system, and method are disclosed for secure hard disk signed audit. The apparatus is provided with a plurality of modules configured to functionally execute the necessary steps of monitoring interactions with an audited system, detecting an interrupt event corresponding to an auditable interaction, and logging an audit record for the auditable interaction in response to the interrupt event, wherein the audit record is logged in an access-restricted portion of a portion-securable hard disk. These modules in the described embodiments include a gate module, a detection module, and a logging module. | 08-13-2009 |
| 20090222635 | System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory - A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process. | 09-03-2009 |
| 20090222915 | System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory - A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory. | 09-03-2009 |
| 20090241103 | System and Method to Update Firmware on a Hybrid Drive - A system, method, and program product is provided that updates the firmware on a hybrid drive by reserving a memory area within the hybrid disk drive's nonvolatile memory buffer. The firmware update is then stored in the reserved memory area. The next time the platters of the hybrid disk drive spin up, the firmware update that is stored in the reserved memory area is identified. The identified update is then written to a firmware memory of a firmware that controls the operation of the hybrid drive. In one embodiment, the update is written to the firmware memory by flashing the firmware's memory. After the firmware is updated, the hybrid drive is reset. Resetting of the hybrid drive includes executing the updated firmware. | 09-24-2009 |
| 20090249434 | APPARATUS, SYSTEM, AND METHOD FOR PRE-BOOT POLICY MODIFICATION - An apparatus, system, and method are disclosed for pre-boot policy modification. A key module exchanges a key with a server in a secure environment. A communication module receives a policy encoded with the key. A decode module decodes the encoded policy using the key and saves the policy setting prior to booting an operating system on the computer. An update module boots the computer using the policy. | 10-01-2009 |
| 20100027151 | SECURE DATA DISPOSAL FOR DISK DRIVE - When a disk sector is written to, a bit for the sector is set indicating that the sector will require secure data disposal (SDD) to be run on it. To save time during end of life disposal, SDD is executed only on sectors whose bits indicate that they have been written to. SDD can be executed on each dirty sector in one operation at end of life or incrementally during use as disk activity permits. | 02-04-2010 |
| 20100083366 | Blocking Computer System Ports on Per User Basis - An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted. | 04-01-2010 |
| 20100115256 | METHOD, APPARATUS, AND SYSTEM FOR QUIESCING A BOOT ENVIRONMENT - An apparatus, system, and method are disclosed for quiescing a boot environment. A reservation module reserves a portion of a first storage device. A store module stores an update boot image to the reserved portion. A detection module detects the update boot image stored on the first storage device when the computer boots and executes the update boot image in place of a standard boot image in response to detecting the update boot image. The update boot image places a computer in a known quiescent state. | 05-06-2010 |
| 20100122250 | Apparatus, System, and Method for Granting Hypervisor Privileges - An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer | 05-13-2010 |
| 20100146317 | Apparatus, System, and Method for Power Management Utilizing Multiple Processor Types - An apparatus, system, and method are disclosed for computer system power management. A control module | 06-10-2010 |
| 20100205375 | METHOD, APPARATUS, AND SYSTEM OF FORWARD CACHING FOR A MANAGED CLIENT - A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance. | 08-12-2010 |
| 20100217968 | Apparatus, System, and Method for Accurate Automated Scheduling of Computer Suspend and Resume - An apparatus, system, and method are disclosed for suspend-resume scheduling in conjunction with an operation requiring a suspend-resume cycle of a computer | 08-26-2010 |
| 20110026157 | SECURE DATA DISPOSAL FOR DISK DRIVE - When a disk sector is written to, a bit for the sector is set indicating that the sector will require secure data disposal (SDD) to be run on it To saw time during end of life disposal, SDD is executed only on sectors whose bits indicate that they have been written to. SDD can be executed on each dirty sector in one operation at end of life or incrementally during use as disk activity permits. | 02-03-2011 |
