Abstract: Data of a computer system can be secured from malware. During a Primary Operating System (PrimaryOS) run-time, the system determines if the computer system has been compromised and, if so, a Trusted Operating System (TrustedOS) is launched and assumes control of the hardware resources and the software resources of the computer system. The TrustedOS obtains a cryptographic key that is inaccessible to the PrimaryOS. The TrustedOS uses the cryptographic key to disable writing to a first portion of the storage media that includes the first set of logical block addresses. The PrimaryOS can incrementally back-up files to a second set of logical block addresses on a second portion of the storage media. Control of the hardware resources and the software resources is returned to the PrimaryOS.

Abstract: A method for providing malware protection in connection with processing circuitry including hardware resources and software resources managed by a primary operating system may include providing a trusted operating system to control access to a portion of a local storage area of the hardware resources. In this context, only the trusted operating system is configured to enable writing to the portion of the local storage area. The method may further include storing backup files for the primary operating system in the portion of the local storage area responsive to the trusted operating system granting access to write to the portion of the local storage area.

Abstract: A method for providing malware protection in connection with processing circuitry including hardware resources and software resources managed by a primary operating system may include providing a trusted operating system to control access to a portion of a local storage area of the hardware resources. In this context, only the trusted operating system is configured to enable writing to the portion of the local storage area. The method may further include storing backup files for the primary operating system in the portion of the local storage area responsive to the trusted operating system granting access to write to the portion of the local storage area.

Abstract: A system for preventing redirection loops during collaborative web browsing is provided including: a CPU; a memory in communication with the CPU; instructions stored in the memory and executable by the CPU to prevent redirects encountered during a collaborative web browsing session, the instructions further comprising: instructions enabling a device to join a collaborative web browsing session; instructions enabling detection of a redirection loop based upon a query to a uniform resource locator (URL) history stored in a memory; and instructions enabling termination of the redirect loop; wherein, upon the detection of a redirection loop, the device ignores URL updates of the collaborative web browsing session for a predetermined amount of time.

Abstract: Methods and arrangements for managing a flash drive, hard disk, or connection between the two, in a manner to ensure that sensitive data is not decrypted at any time when it would be vulnerable. Accordingly, in a first implementation, the data may preferably be encrypted as it first goes into a flash drive and decrypted when it comes out of the flash drive. In another implementation, the flash drive may be logically bound to the hard disk, so that they would both use the same encryption key. In yet another implementation, if a hard disk is moved to another system, then the flash drive may also preferably be simultaneously moved.

Abstract: An exemplary method includes transmitting, via a network interface, at least a currency amount in an attempt to confirm a financial transaction; responsive to the transmitting, receiving a confirmation indicator for the financial transaction; storing at least the currency amount in non-volatile memory; hashing at least the currency amount to generate a hash and storing the hash in a secure non-volatile memory; hashing at least the currency amount stored in the non-volatile memory to generate a verification hash; and in an attempt to verify at least the financial transaction, comparing the verification hash to the hash stored in the secure non-volatile memory. Various other apparatuses, systems, methods, etc., are also disclosed.

Abstract: A system for collaborative web browsing is provided comprising: a CPU; a system memory in communication with said CPU; a display medium; and instructions stored in the system memory and executable by the CPU, the instructions comprising: enabling a device to join a collaborative web browsing session; enabling a data navigation module to provide, upon an object appearing upon the display medium being selected by a user, outgoing navigation data that enables a rendering of the object to be distinguished from other objects rendered upon at least one other display medium of at least one other device.

Abstract: Embodiments provide for using two encryption keys to encrypt data instead of only one as is customarily used in the industry. According to various embodiments, a default encryption key is generated and is initially used to encrypt data, while a second encryption key is available for generation by an end user. Embodiments provide that data is encrypted with the default key until the user generates their own key, after this event, all data is encrypted with key generated by the user.

Abstract: A system for preventing redirection loops during collaborative web browsing is provided including: a CPU; a memory in communication with the CPU; instructions stored in the memory and executable by the CPU to prevent redirects encountered during a collaborative web browsing session, the instructions further comprising: instructions enabling a device to join a collaborative web browsing session; instructions enabling detection of a redirection loop based upon a query to a uniform resource locator (URL) history stored in a memory; and instructions enabling termination of the redirect loop; wherein, upon the detection of a redirection loop, the device ignores URL updates of the collaborative web browsing session for a predetermined amount of time.

Abstract: The invention includes a method, apparatus, and program storage device for providing a combined tap sequence and camera based user interface. The invention provides, among other features, an apparatus comprising: an accelerometer; a laser light generating module; wherein the laser light generating module provides a plane of laser light over a surface coupled to the accelerometer; at least one camera; at least one processor; and a memory; wherein the memory stores instructions, executable by the at least one processor, enabling the apparatus to ascertain an occurrence of an input event utilizing inputs from the accelerometer and a location of the input event utilizing inputs from the at least one camera.

Abstract: In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware.

Abstract: A technique for cataloging documents based on user activity includes assigning documents to a relevant document list based on activity of a user of a device. In this case, at least two of the documents are associated with different applications. The technique then provides the relevant document list to the user.

Abstract: A system for preventing redirection loops during collaborative web browsing is provided comprising: a CPU; a memory in communication with the CPU; instructions stored in the memory and executable by the CPU to prevent redirects encountered during a collaborative web browsing session, the instructions further comprising: instructions enabling a device to join a collaborative web browsing session; instructions enabling detection of a redirection loop; and instructions enabling termination of the redirect loop.

Abstract: Methods and arrangements for ensuring that, when a computer system is stolen or otherwise misplaced, the system is rendered unusable (i.e., locked down). Conventional solutions have required software running on the system to perform the lockdown action, but in accordance with at least one preferred embodiment of the present invention is the linkage of TPM (Trusted Platform Module) and AMT (Active Management Technology) solutions whereby an AMT arrangement can remove secure data or identifiers so that any encrypted data present on the system will become unusable.

Abstract: A method for preventing malicious software from execution within a computer system is disclosed. Before any actual execution of an application program on a computer system, the application program needs to be cross-compiled to yield a set of cross-compiled code of the application program. The set of cross-compiled code of the application program can then be executed in an execution module that is capable of recognizing and translating the set of cross-compiled code of the application program to the actual machine code of the processor.

Abstract: A method is provided for determining with a first device, staleness of attestation measurements at a second device. The method includes booting up the second device at a first time, the second device having a communication portion, a security portion, a basic input/output system and a trusted protection module. Further, the method includes generating an initial counter based on the booting up of the second device at the first time. A current counter is then generated based on a second time after the first time. The method additionally includes providing a request to the second device from the first device, the request requesting booting information and current information, the booting information being based on the initial counter, the current information being based on the current counter. Still further, the method includes providing a response to the first device from the second device, the response including the booting information and the current information.

Abstract: Systems and arrangements for permitting the transmission of fingerprint authentication data to a system remotely, while also permitting the system to employ such data as well as passwords in order to operate a computer system, while ensuring a reliable level of security for any group or organization using such systems and arrangements.

Abstract: The instant invention broadly contemplates an energy saving subsystem comprising a secondary CPU that utilizes less power than a main CPU, thereby allowing an electronic device (e.g. a laptop PC) having the secondary CPU to use less power and run for longer periods of time on a limited power supply. Thus, the invention permits the electronic device to be utilized for extended periods and extends the battery life.

Abstract: In accordance with at least one presently preferred embodiment of the present invention, there is broadly contemplated herein the managing of a POP not solely in the BIOS but at least partly in a more secure location. In accordance with a particularly preferred embodiment of the present invention, this location could be in a NVRAM (non-volatile random access memory) inside a TPM (trusted platform module). Most preferably, this location will contain code that the BIOS preferably will need to access and employ in order to complete the booting of the system.

Abstract: A technique for controlling operation of a device with a virtual touchscreen includes defining an area of a surface, associated with the device, as the virtual touchscreen. An operation within the device is then initiated based on activity within the virtual touchscreen. An overlay may be provided, on a display screen of the device, to indicate a location of the virtual touchscreen with respect to, for example, a keyboard of the device.