Abstract: Various embodiments herein each include at least one of systems, methods, and software for SST secure boot device order modification. One such embodiment, in the form of a method performed by a server, includes, receiving a request from a mobile device app to modify a boot order of a computer controlling operation of an SST. The method proceeds by authenticating the request. When the request is authenticated, the server performing the method then sends a command to the SST to modify the boot order of the SST.

Abstract: A computing system and method has a pre-boot operating system stored in an encrypted form according to a first key on a first portion of a non-volatile data storage drive and a main operating system stored in an encrypted form according to a second key on a second portion of the non-volatile data storage drive. A system built in operating system (BIOS) chip is configured to initiate a first authentication process, obtain the first key after successful completion of the first authentication process, load and decrypt the pre-boot operating system into dynamic memory, and cause the pre-boot operating system to run. The pre-boot operating system is configured to initiate a second authentication process, obtain the second key after successful completion of the second authentication process, load and decrypt the main operating system into dynamic memory, and cause the main operating system to run.

Abstract: A computing system and method has a pre-boot operating system stored in an encrypted form according to a first key on a first portion of a non-volatile data storage drive and a main operating system stored in an encrypted form according to a second key on a second portion of the non-volatile data storage drive. A system built in operating system (BIOS) chip is configured to initiate a first authentication process, obtain the first key after successful completion of the first authentication process, load and decrypt the pre-boot operating system into dynamic memory, and cause the pre-boot operating system to run. The pre-boot operating system is configured to initiate a second authentication process, obtain the second key after successful completion of the second authentication process, load and decrypt the main operating system into dynamic memory, and cause the main operating system to run.

Abstract: A Basic Input/Output System (BIOS) agent on a Self-Service Terminal (SST) coordinates with a BIOS credential manager that determines when to communicate a BIOS credential for the SST and when to re-generate and re-set a new BIOS credential for the SST.

Abstract: An input peripheral agent intercepts input commands on a host machine and enforces policy conditions and whitelist conditions before deciding whether to permit the commands to be processed by an operating system of the host or whether to ignore the commands on the host machine. In an embodiment, the policy conditions and whitelist conditions can be dynamically changed by a remote network manager without changing, stopping, and/or restarting the input peripheral agent and/or the host machine.

Abstract: Various embodiments herein each include at least one of systems, methods, and software for computer pre-boot security verification. Some embodiments are implemented during a boot sequence of a computer that controls Self-Service Terminal (SST) operation before a main Operating System (OS) of the computer is loaded. One such embodiment in the form of a method includes starting a pre-boot OS upon start of a computer that controls operation of an SST and identifying any variances between a current state of the computer and data representative of a reference state within a computing environment of the pre-boot OS. This example method further includes performing at least one remedial action when any variance is identified and launching a main OS and stopping and unloading the pre-boot OS when no variance is identified.

Abstract: A Basic Input/Output System (BIOS) agent on a Self-Service Terminal (SST) coordinates with a BIOS credential manager that determines when to communicate a BIOS credential for the SST and when to re-generate and re-set a new BIOS credential for the SST.

Abstract: A Basic Input/Output System (BIOS) agent on a Self-Service Terminal (SST) coordinates with a BIOS credential manager that determines when to communicate a BIOS credential for the SST and when to re-generate and re-set a new BIOS credential for the SST.

Abstract: During a pre-boot cycle of a device an algorithm is obtain from a first portion of the hard drive. The algorithm is executed to obtain a key. The key is used to decrypt a second portion of the hard drive to obtain a second key. The second key is used to dynamically decrypt a third portion of the hard drive. A new randomly generated version of the algorithm is produced. The new version of the algorithm is stored in the first portion of the hard drive. The new version of the algorithm is executed to produce a new randomly generated version of the key. The new version of the key is used to re-encrypt the second portion of the hard drive having the second key.

Abstract: A Basic Input/Output System (BIOS) agent on a Self-Service Terminal (SST) coordinates with a BIOS credential manager that determines when to communicate a BIOS credential for the SST and when to re-generate and re-set a new BIOS credential for the SST.

Abstract: An input peripheral agent intercepts input commands on a host machine and enforces policy conditions and whitelist conditions before deciding whether to permit the commands to be processed by an operating system of the host or whether to ignore the commands on the host machine. In an embodiment, the policy conditions and whitelist conditions can be dynamically changed by a remote network manager without changing, stopping, and/or restarting the input peripheral agent and/or the host machine.

Abstract: During a pre-boot cycle of a device an algorithm is obtain from a first portion of the hard drive. The algorithm is executed to obtain a key. The key is used to decrypt a second portion of the hard drive to obtain a second key. The second key is used to dynamically decrypt a third portion of the hard drive. A new randomly generated version of the algorithm is produced. The new version of the algorithm is stored in the first portion of the hard drive. The new version of the algorithm is executed to produce a new randomly generated version of the key. The new version of the key is used to re-encrypt the second portion of the hard drive having the second key.

Abstract: Various embodiments herein each include at least one of systems, methods, and software for computer pre-boot security verification. Some embodiments are implemented during a boot sequence of a computer that controls Self-Service Terminal (SST) operation before a main Operating System (OS) of the computer is loaded. One such embodiment in the form of a method includes starting a pre-boot OS upon start of a computer that controls operation of an SST and identifying any variances between a current state of the computer and data representative of a reference state within a computing environment of the pre-boot OS. This example method further includes performing at least one remedial action when any variance is identified and launching a main OS and stopping and unloading the pre-boot OS when no variance is identified.

Abstract: Various embodiments herein each include at least one of systems, methods, and software for SST secure boot device order modification. One such embodiment, in the form of a method performed by a server, includes, receiving a request from a mobile device app to modify a boot order of a computer controlling operation of an SST. The method proceeds by authenticating the request. When the request is authenticated, the server performing the method then sends a command to the SST to modify the boot order of the SST.

Abstract: A navigation system and method which provides direction to visitors in buildings or groups of buildings. The system includes a check-in computer for recording identification information and destination information of a person upon entry into a building, for interrogating a wireless communicator associated with the person to obtain a wireless identifier, and for storing the identification information, the destination information, and the wireless identifier in a record. The system further includes a plurality of navigation stations for receiving the wireless identifier along a route of the person, for determining directions to a next navigation station along the route based upon the destination information in the record, and for providing the directions to the person.

Abstract: A navigation system and method which provides direction to visitors in buildings or groups of buildings. The system includes a check-in computer for recording identification information and destination information of a person upon entry into a building, for interrogating a wireless communicator associated with the person to obtain a wireless identifier, and for storing the identification information, the destination information, and the wireless identifier in a record. The system further includes a plurality of navigation stations for receiving the wireless identifier along a route of the person, for determining directions to a next navigation station along the route based upon the destination information in the record, and for providing the directions to the person.