Abstract: A technique for identifying a user of a device includes receiving a tracking mechanism trigger and capturing (e.g., periodically) identifying information on the user of the device in response to the trigger.

Abstract: An apparatus, system, and method are disclosed for auditing access to secure data. A detection module detects an access to the secure data. A record module records an encrypted log entry describing the access to the secure data. A verification module verifies the secure data is securely stored.

Abstract: A technique for creating a virtual touchscreen includes capturing, with a first infrared camera, a first reflection from an object that is at a known position adjacent a surface associated with a device. A second reflection from the object (at the known position) is captured with a second infrared camera. The first and second reflections are correlated with the known position to provide a two-dimensional position for the object that is calibrated with respect to the surface.

Abstract: Arrangements for employing a system BIOS (basic input/output system) to handle email during a suspended state (such as an “S3” state as will be better understood herebelow). Preferably, the BIOS is employed to “jump” between two suspended images such that, e.g., two more powerful OS's can be employed to manage the mail function.

Abstract: An apparatus, method and system are disclosed for touch and gesture detection. A light source array comprises a plurality of light sources. Each light source of the light source array transmits a light beam across a face of a display in response to being activated. A light sensor array comprises a plurality of light sensors. Each light sensor of the light sensor array detects an intensity of each light beam transmitted across the face of the display in response to being activated. A controller concurrently activates each light source of the light source array with each light sensor of the light sensor array as a source/sensor pair during a detection cycle while other light sources of the light source array and other light sensors of the light sensor array are inactive. The controller further determines a location of a pointer relative to the display from a pattern of light beam intensities for each source/sensor pair.

Abstract: The invention broadly contemplates a security solution for storage devices that is inexpensive and robust. The invention allows a store of system specific data to be used to release the hard disk key of full-disk encryption (FDE) drives. This system specific data is passed to the FDE drives and used to calculate the actual encryption key. This allows for safe disposal of an FDE drive containing confidential data, as the lack of available system specific decryption data makes decryption virtually impossible.

Abstract: In a system with a main memory, a network adapter, and a display, a transaction security module in communication with the network adapter. The transaction security module acts to: establish a secure identification item with an entity which positively identifies the entity; accept an application OS of the entity; and initiate a guest OS with the entity; the network adapter acting to connect with the entity subsequent to initiation of a guest OS; and the display acting to display the secure identification item subsequent to connection with the entity.

Abstract: The employment of a process of applying user-defined defaults to a management engine or analogous arrangement, wherein a system BIOS calls or recalls such defaults, as needed, from NVRAM responsive to the need for a reset of defaults.

Abstract: Method and apparatus for enabling applications on security processors of computer systems. In one aspect, a security processor apparatus includes a processor and a memory coupled to the processor and operative to store a secure table. The secure table stores different certified endorsement keys and different values, each value associated with one of the endorsement keys. Each stored value is derived from a different application that is certified by the associated endorsement key to be executed on the processor.

Abstract: A method for preventing malicious software from execution within a computer system is disclosed. A permutation is performed on a subset of instructions within an application program to yield a permuted sequence of instructions before any actual execution of the application program on the computer system. A permutation sequence number of the permuted sequence of instructions is stored in a permuted instruction pointer table. The permuted sequence of instructions is executed in an execution module that is capable of translating the permuted sequence of instructions to an actual machine code of a processor within the computer system according to the permutation sequence number of the permuted sequence of instructions stored in the permuted instruction pointer table.

Abstract: Embodiments provide for using two encryption keys to encrypt data instead of only one as is customarily used in the industry. According to various embodiments, a default encryption key is generated and is initially used to encrypt data, while a second encryption key is available for generation by an end user. Embodiments provide that data is encrypted with the default key until the user generates their own key, after this event, all data is encrypted with key generated by the user.

Abstract: An exemplary method includes transmitting, via a network interface, at least a currency amount in an attempt to confirm a financial transaction; responsive to the transmitting, receiving a confirmation indicator for the financial transaction; storing at least the currency amount in non-volatile memory; hashing at least the currency amount to generate a hash and storing the hash in a secure non-volatile memory; hashing at least the currency amount stored in the non-volatile memory to generate a verification hash; and in an attempt to verify at least the financial transaction, comparing the verification hash to the hash stored in the secure non-volatile memory. Various other apparatuses, systems, methods, etc., are also disclosed.

Abstract: A method is provided for determining with a first device, staleness of attestation measurements at a second device. The method includes booting up the second device at a first time, the second device having a communication portion, a security portion, a basic input/output system and a trusted protection module. Further, the method includes generating an initial counter based on the booting up of the second device at the first time. A current counter is then generated based on a second time after the first time. The method additionally includes providing a request to the second device from the first device, the request requesting booting information and current information, the booting information being based on the initial counter, the current information being based on the current counter. Still further, the method includes providing a response to the first device from the second device, the response including the booting information and the current information.

Abstract: A method for providing a secure single sign-on to a computer system is disclosed. Pre-boot passwords are initially stored in a secure storage area of a smart card. The operating system password, which has been encrypted to a blob, is stored in a non-secure area of the smart card. After the smart card has been inserted in a computer system, a user is prompted for a Personal Identification Number (PIN) of the smart card. In response to a correct smart card PIN entry, the blob stored in the non-secure storage area of the smart card is decrypted to provide the operating system password, and the operating system password along with the pre-boot passwords stored in the secure storage area of the smart card are then utilized to log on to the computer system.

Abstract: An apparatus, method and system are disclosed for touch and gesture detection. A light source array comprises a plurality of light sources. Each light source of the light source array transmits a light beam across a face of a display in response to being activated. A light sensor array comprises a plurality of light sensors. Each light sensor of the light sensor array detects an intensity of each light beam transmitted across the face of the display in response to being activated. A controller concurrently activates each light source of the light source array with each light sensor of the light sensor array as a source/sensor pair during a detection cycle while other light sources of the light source array and other light sensors of the light sensor array are inactive. The controller further determines a location of a pointer relative to the display from a pattern of light beam intensities for each source/sensor pair.

Abstract: A method for managing shared passwords on a multi-user computer system is disclosed. A set of shared passwords and an administrator internal key are initially generated. After the receipt of an administrator external key, the administrator internal key is encrypted with the administrator external key. For each user level within the computer system, an internal key is generated by hashing the administrator internal key. For each user level within the computer system, each of the shared passwords encrypted with a respective one of the internal keys. The internal keys and the encrypted shared passwords are then stored in a non-volatile storage device.

Abstract: A method for protecting Security Accounts Manager (SAM) files within a Windows® operating system is disclosed. A SAM file encryption key is generated by encrypting a SAM file via a syskey utility provided within the Windows® operating system. The SAM file encryption key is then stored in a virtual floppy disk by selecting an option to store SAM file encryption key to a floppy disk under the syskey utility. A blob is generated by performing a Trusted Platform Module (TPM) Seal command against the SAM file encryption key along with a value stored in a Performance Control Register and a TPM Storage Root Key. The blob is stored in a non-volatile storage area of a computer.

Abstract: The invention broadly contemplates a security solution for storage devices that is inexpensive and robust. The invention allows a store of system specific data to be used to release the hard disk key of full-disk encryption (FDE) drives. This system specific data is passed to the FDE drives and used to calculate the actual encryption key. This allows for safe disposal of an FDE drive containing confidential data, as the lack of available system specific decryption data makes decryption virtually impossible.

Abstract: Executable files are extended with a file signature containing a header containing validation data. This header may be added to an existing executable and linking format (ELF) header, added as a new section, or placed in a file's extended attribute store. The header contains results of all previous validation checks that have been performed. The file signature is inserted, with a date stamp, into the file attributes. On execution, the system checks the previously-created file signature against a current file signature, instead of creating the file signature for every file during the execution process. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the execution program create a new file signature at the time of execution.

Abstract: A procedure and implementations thereof are disclosed that significantly reduce the amount of time necessary to perform a virus scan. A file signature is created each time a file is modified (i.e., with each “file write” to that file). The file signature is inserted, with a date stamp, into the file attributes. The virus scan program checks the previously-created file signature against the virus signature file instead of creating the file signature for every file during the virus scan. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the virus scan program create a new file signature at the time of the running of the virus scan.