Abstract: Described is a technology by which a computing device is booted into a normal mode of operation or a limited mode of operation, depending on whether the computing device was operating correctly (e.g., with respect to policy) prior to a reboot. The reboot may be forced. Examples of incorrect state include an overdue payment on a leased computer, or improper execution of certain important software. A metering mechanism evaluates the state of the computing device, and when an incorrect state is detected, configures the computing device for operation in the limited mode, by setting the computing device to boot via one boot path (e.g., a limited-mode BIOS) instead of another boot path (e.g., a normal-mode BIOS). A BIOS selector switches to the limited BIOS on the next reboot, wherein the computing device is restricted to the limited mode of operation (regardless of subsequent reboots) until the correct state is restored.

Abstract: A method and apparatus for measuring data presentation is measured for authenticity and accuracy using a cryptographic capability. The data may include both presentation data and metadata related to measuring and reporting results of outputting the presentation data. After measurement, the presentation data may be presented to an output device. The output device may be a display, a sound device or other computer output. Related statistics may be collected, for example, user identity, computer identity, time, duration, and interference from other sources. In the case of displayed presentation data, unblocked viewing area, and presentation data area size may also be collected. In an exemplary embodiment, the presence of a user and/or user interaction with the presentation data may be recorded and reported. The recorded data may be securely reported to a participating host or server, by a secure channel and/or by signing and/or encrypting.

Abstract: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.

Abstract: A trigger engine and infrastructure for event registration and handling that is reliable, secure and scalable. Transactional authenticated and/or encrypted messages (e.g., via MSMQ) are used to transport events across each server. A stable recovery mechanism is provided wherein the recovery path is nearly identical to the normal path. A trigger engine may concentrate multiple similar requests into a single base request for event notification, and upon receipt of the base event, access tables maintained in the trigger engine to track which client registered for which type of notification. In this manner, only the base event request is registered remotely, reducing the number of events that need to be communicated to remote servers. Identical event requests from clients may also be concentrated into a base event request, and events distributed to those clients when appropriate. Duplicate base event requests are blocked locally and thus only the first such one ever reaches the remote server.

Abstract: A stereo-endoscope is provided having a hollow shank with two axially parallel optical channels, which channels run through the hollow shank and respectively form at least a section of an image path to respective oculars of a binocular observation device arranged on the proximal end of the hollow shank. Moreover, the stereo-endoscope includes a camera connection, and one of the optical channels also forms at least one section of an image path to the camera connection.

Abstract: A dynamic software provisioning system allows provisioning software on a number of different computing devices based upon a desired business process. The dynamic software provisioning system allows a user to request usage of the operating system for a specific period of time, for a specific amount of usage, or in any other desired manner from an operating system provisioning service or from a third party. The provisioning service processes the request from the user or from the third party to provision the use of the operating system and in response to the request provisions use of the operating system for a specific device specified by the request. The dynamic software activation system also includes a local provisioning module located on the device using the operating system, wherein the local provisioning module activates and deactivates the operating system based on instructions received from the provisioning service.

Abstract: A method and apparatus to distribute a network security service is disclosed. The security software may be distributed across nodes on a network and may use a separate security device that has two channels, one to review network traffic and a second to send updates to other security devices.

Abstract: A method and apparatus is provided for managing a plurality of devices in a federated network and a sub-network within the federated network. The devices in the sub-network may have a functional capability of performing a function associated with the federated network. For example, the federated network may include devices for providing data content such as media content and the sub-network may include devices for controlling the presentation of the data content. In addition, a constellation of devices is provided that may share data content such as media data. At least some of the devices in the constellation may form a sub-network.

Abstract: A computer is modified to add a memory management module between a memory controller and memory. The module may control or intercept signals between the memory controller and the memory to disable a portion or all of the computer's normal function. The memory management module may be a discrete device or may be part of the memory controller itself.

Abstract: A computer is provided with an isolated computing environment. The isolated computing environment is adapted to allow initial programming for use in manufacturing, distribution and sales. The isolated computing environment further allows an authenticated source or authenticated code to update the isolated computing environment with code and configuration data for use in the end-user environment. To encourage final updating, the computer may be placed in a limited-function mode until authorized code is installed and operational. A method and apparatus are disclosed for the sanctioning and secure update of the isolated computing environment.

Abstract: Techniques are described for generating a license for software installed on a device. An entitlement certificate is generated including one or more entitlements describing license characteristics of the software. The one or more entitlements are determined in accordance with first information about the software. The first information includes at least one of a purchase token and package information. A binding certificate in accordance with a binding type for the software is generated. A license in accordance with said binding certificate and said entitlement certificate is generated. The binding certificate identifies an entity to which the license is bound.

Abstract: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.

Abstract: A pay-per-use or metered-use computer uses a balance manager to monitor usage and update a value balance according to a first usage schedule when the computer is in active use. When the activity level of the computer is reduced below a threshold, the balance manager may update the value balance according to a second usage schedule. Activity level of the computer is determined by monitoring the activity level of a one or more components of the computer including input devices, communication controllers, and the processing unit. Rules can be applied to determine when to switch between usage schedules and if credits to the value balance should be made.

Abstract: A computer is adapted for use in different operating modes by configuring an output controller, such as a graphics processing unit, to screen output signals prior to presenting them to the output device. A secure environment in the output controller verifies a digital signature or a hash of the output signal to determine whether the output signal is compatible with the current mode of operation. Thus only authorized output signals are presented when the computer is operating in a limited function mode, such as when metered usage time is expired. The apparatus and method also disclose similar output signal screening for determining whether the computer should be returned from a standby, or no-metering, mode to an active, or metered mode.

Abstract: Technologies for transient personal preference customization of environments, devices and systems based on user preference data. Such technologies enable users to maintain personal preference data on mobile or other devices, such as cell phones, personal data assistants (“PDA”), or the like, such that the data can be transferred to devices and systems capable of conforming parameters under their control to the preferences expressed in the data. For example, a frequent traveler may define preferences regarding room temperature, ambient lighting, music style, and the like and maintain these preferences in a mobile device such as a cell phone. Upon arrival at a hotel room, for example, the systems of the hotel may access the preference data and adjust the parameters of the room, and the devices and systems in the room, to conform to the user's preferences while the user is in the room or checked into the hotel.

Abstract: A system and method for maintaining persistent data during an unexpected power loss uses a memory controller and a supplemental power source. An entity running on the computer, for example, an application program, a utility, the operating system or other entity, may identify data for preservation using an application program interface. The application program interface may be provided by the memory controller. A sensor determines when an unexpected power loss has occurred and signals the memory controller. Using power from the supplemental power source, i.e. a battery or capacitor, the memory controller copies the identified data to a non-volatile memory. The memory controller may set a flag to indicate that preserved data is available for later recovery.

Abstract: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.

Abstract: A method and apparatus is provided for managing a plurality of devices in a federated network and a sub-network within the federated network. The devices in the sub-network may have a functional capability of performing a function associated with the federated network. For example, the federated network may include devices for providing data content such as media content and the sub-network may include devices for controlling the presentation of the data content. In addition, a constellation of devices is provided that may share data content such as media data. At least some of the devices in the constellation may form a sub-network.

Abstract: A method and system is provided for determining reliability of data from a network or federated device. In one example, data from different devices in the network are compared and a relationship between the devices is determined. The reliability may be based on the relationship of the devices and/or similarity of data from the devices. In another example, reliability of devices and/or data from the devices may be based on a historical reliability of the devices.

Abstract: A method and apparatus is provided for coordinating devices in a federated network of devices. A server may determine policies for coordinating the devices and may send messages to devices in the federated network for providing a service. The policies for providing the service among the federated devices may be based on properties of the devices or relative locations of the devices. For example, the federated devices may provide media data and control of the media data to a user. Provision of the media data and/or control of the media data may change from one device to another in the federated network based on policies from the server.