Abstract: A method, computer program product and system for enabling a client device in a client device/data center environment to resume from sleep state more quickly. The resource in the server blade used for suspending the activity of the computing state of the client device in order to enter the client device in a sleep state is not reallocated for a period of time. If the client device indicates to the server blade to resume the client device from sleep state prior to the ending of that period of time, then the server blade reinitializes the computing state using the same resource as used in suspending the computing state of the client device. By using the same resource, steps traditionally implemented in resuming the client device from sleep state are avoided thereby reducing the time in resuming the client device from sleep state.

Abstract: A method for using non-addressable memory of a computer system is disclosed. Any system memory above an addressable memory limit of a computer system (i.e., non-addressable memory) is initially converted to a disk cache by a hypervisor. In response to a read request, the hypervisor intercepts the read request, and then sends the data for the read request from the disk cache to a read requestor if the data for the read request is available in the disk cache. In response to a write request, the hypervisor intercepts the write request, and then writes the data for the write request to the disk cache and updating corresponding disk cache tables.

Abstract: A method for providing centralized user authorization to allow secure sign-on to a computer system is disclosed. In response to a user attempting to boot up a computer system, a message is sent to a trusted server by a hypervisor within the computer to request a new hard drive password for the computer system. If the user is not authorized to access the computer system, a packet is sent by the trusted server to instruct the hypervisor to stop any boot process on the computer system. If the user is authorized to access the computer system, a packet containing a partial hard drive password is sent by the trusted server to the computer system. The packet is then encrypted with a system public key by the computer system to yield the partial hard drive password. The computer system subsequently combines the partial hard drive password with a user password to generate a new complete hard drive password to continue with the boot process.

Abstract: A method, computer program product and system for enabling a client device in a client device/data center environment to resume from sleep state more quickly. The resource in the server blade used for suspending the activity of the computing state of the client device in order to enter the client device in a sleep state is not reallocated for a period of time. If the client device indicates to the server blade to resume the client device from sleep state prior to the ending of that period of time, then the server blade reinitializes the computing state using the same resource as used in suspending the computing state of the client device. By using the same resource, steps traditionally implemented in resuming the client device from sleep state are avoided thereby reducing the time in resuming the client device from sleep state.

Abstract: A method and system for remotely isolating faults in computer network devices coupled to a computer network. A plurality of first computer units are coupled to the computer network. The plurality of first computer units are located on a user side of the computer network. A plurality of second computer units are coupled to the computer network. The plurality of second computer units are located on a service provider side of the network. One of the plurality of second computer units is designated to provide computing services to one of the plurality of first computer units. One of the plurality of first computer units experiencing a fault communicating with its designated second computer unit uses another of the plurality of first computer units as a proxy computer unit to remotely isolate the fault.

Abstract: A method for providing a secure single sign-on to a computer system is disclosed. Pre-boot passwords are initially stored in a secure storage area of a smart card. The operating system password, which has been encrypted to a blob, is stored in a non-secure area of the smart card. After the smart card has been inserted in a computer system, a user is prompted for a Personal Identification Number (PIN) of the smart card. In response to a correct smart card PIN entry, the blob stored in the non-secure storage area of the smart card is decrypted to provide the operating system password, and the operating system password along with the pre-boot passwords stored in the secure storage area of the smart card are then utilized to log on to the computer system.

Abstract: A method for preventing unauthorized modifications to a rental computer system is disclosed. During boot up of the rental computer system, a determination is made whether or not a time-day card is bound to the rental computer system. If the time-day card is bound to the rental computer system, another determination is made whether or not a time/date value on the time-day card is less than a secure time/date value stored in a secure storage location during the most recent power down. If the time/date value on the time-day card is not less than the secure time/date value, yet another determination is made whether or not the time/date value is less than an end time/date rental value. If the time/date value is less than the end time/date rental value, the rental computer system continues to boot.

Abstract: A method for protecting Security Accounts Manager (SAM) files within a Windows® operating system is disclosed. A SAM file encryption key is generated by encrypting a SAM file via a syskey utility provided within the Windows® operating system. The SAM file encryption key is then stored in a virtual floppy disk by selecting an option to store SAM file encryption key to a floppy disk under the syskey utility. A blob is generated by performing a Trusted Platform Module (TPM) Seal command against the SAM file encryption key along with a value stored in a Performance Control Register and a TPM Storage Root Key. The blob is stored in a non-volatile storage area of a computer.

Abstract: A hard disk drive unit includes a microprocessor programmed to erase data stored within the drive unit if it is determined that a process potentially leading to a misuse of the data stored within the drive unit, and if secure disposal configuration data stored in nonvolatile storage within the drive indicates that the data is to be erased. Such a process includes initializing the drive unit for operation without providing a password matching a password stored in the drive unit, initializing the drive unit in a system not having CMOS configuration data matching the drive unit, and determining that a failure rate within the drive unit exceeds a threshold level.

Abstract: A client computer system is provided with two operating systems, one of which is a user operating system (UOS) and the other of which is a service operating system (SOS), and a hypervisor. In the event of a hang in the first operating system, the second operating system remains active, out of the awareness of the user of the system, and has reporting and command response capabilities beyond those of prior technology.

Abstract: A method for controlling file access on computer systems is disclosed. Initially, a virtual machine manager (VMM) is provided in a computer system. In response to a write request, the VMM determines whether or not a location field is valid. If the location field is not valid, then the VMM writes the write request information to a storage device; but if the location field is valid, then the VMM encrypts the write request information before writing the write request information to the storage device. In response to a read request, the VMM again determines whether or not a location field is valid. If the location field is not valid, then the VMM sends the read request information to a read requester; but, if the location field is valid, then the VMM decrypts the read request information before sending the read request information to the read requester.

Abstract: Hypervisors are a new technology in the industry that enable multiple Operating Systems to co-exist on a single client. The use of a hypervisor provides a novel approach to determining the operability of an Operating System. Each Operating System is a virtualized Operating System, with its own IP address. According to a preferred embodiment, the capability Operating System has an application that is a monitor program that runs and provides information that is sent to the maintenance Operating System. The monitor program sends a status packet at regular intervals, which contains system power state and is a confirmation that the system is not hung. If the maintenance Operating System does not receive a packet at a regular interval, or in response to a query, then the maintenance Operating System will be aware that the capability Operating System is hung and will take appropriate measures.

Abstract: Hypervisors are a new technology in the industry that enable multiple Operating Systems to co-exist on a single client. The use of a hypervisor provides a novel approach to thermal fan control. The hypervisor is able to fire up a maintenance Operating System on demand or have it running from the powering of the computer. The maintenance Operating System continuously monitors the status of the user Operating System and determines if the system is within the desired fan noise profile by measuring noise levels using means well known in the art. If the system seems to be drifting out of the desired profile, the maintenance Operating System will determine what type of action is required and choose the most appropriate course of action. These actions can be performed by either the maintenance Operating System or the hypervisor, as appropriate.

Abstract: A method is provided of uniquely binding, through connection, a subsystem device having restricted information space for storing code, to a system having a structure for generating and delivering a unique code to identify the system to the information storage space in the subsystem. The method comprises determining if the information storage space in the subsystem has information therein when the subsystem is connected to the system. If no information is contained in the information storage space in the subsystem, the system writes the unique code from the system to the information storage space in the subsystem. If information is in the information storage space, that information is compared with the unique code in the system, and operation of the system is allowed if, and only if, the information in the information storage space matches the unique code generated by the system. A structure for performing this method is also provided.

Abstract: A method, computer program product and system for reducing the boot time of a client device in a client device/data center environment. A profile of the client device, which includes information regarding the usage characteristics of the client device, may be created. A confidence level indicating the likelihood that the client device is going to be booted may be determined based on the client device's profile. The confidence level and the utilization of the resources of the server blades in the data center may be examined in determining whether to have an appropriate server blade perform an action involved in booting the operating system of the client device. If the appropriate server blade performs such an action, e.g., pre-booting the client device's operating system, prior to the user of the client device attempting to boot its operating system, then the boot time may be reduced.

Abstract: There are many files in the current generation of computers, especially on the hardfile, that are not used or used only infrequently during operation. For instance, the system may contain many help text files which may never be accessed. The same applies to the DLL's. Also, some files are accessed only during a boot cycle. The present invention provides a method and program to track the locations of files in a computer which have been accessed so that, when an error occurs, only the files that need to be tested are diagnostically tested for errors, thus saving time and resources.

Abstract: The present invention comprises a method and system for configuring the language of a BIOS of a computer system. The method and system comprise providing a plurality of BIOS images in the computer system, each of the plurality of BIOS images being related to a particular language, selecting one of the pluralities of BIOS images based on the language supported by the computer system and utilizing the selected BIOS to configure the computer system. Through the use of the method and system in accordance with the present invention, the language being supported by the computer system is determined when the computer system is booted up as opposed to when the computer system is being built. This results in an increase in manufacturing productivity since original equipment manufacturers can build computer systems without having to worry about language restrictions.

Abstract: Disclosed is a method for reducing power-up time and avoiding customer-induced failures of computer systems during power-up. An intrusion switch, which is connected to the inside frame of the computer system is utilized. The intrusion switch signals the BIOS of the computer system whenever the cover of the computer's system unit is opened. The BIOS controls the POST operation during power-up of the computer system. During an initial power-up of the computer system, the POST configuration code examines and configures the hardware and sets the applicable registers, etc. At the end of the POST configuration code, the register values are stored in non-volatile storage. During a subsequent power-up of the computer system, a check is made to see if the cover of the system had been opened. When the cover has not been opened, the BIOS assumes that no changed has occurred in the hardware configuration and the BIOS restores the register values from non-volatile storage without completing the POST operation.

Abstract: A data processing system and method are disclosed for efficiently maintaining security during a booting of the system. The system includes a plurality of boot devices. One of a plurality of password requirements are specified separately for each of the plurality of boot devices. In response to an attempt to boot the system utilizing one of the plurality of boot devices, a determination is made regarding whether a first of the plurality of password requirements is specified for the one of the plurality of boot devices. In response to a determination that the first of the plurality of password requirements is specified for the one of said plurality of boot devices, a correct entry of a password is required prior to permitting the system to boot utilizing the one of the plurality of boot devices.

Abstract: Described is a computer system which is coupled to a remote computer via a data communication link. The computer system has a normally closed enclosure and is capable of securing data retained within the system against unauthorized access. The computer system includes an erasable memory element mounted within the enclosure for selective activation to active and inactive states and for receiving and storing a security password when in the active state. A manually operable option switch is mounted within the enclosure. The option switch is operatively connected with the erasable memory element and manually settable by a user of the computer system for setting the erasable memory element to the active and inactive states.