Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: An electronic device can be locked and secured by activating a hardware locking mechanism on the device. The locking mechanism is controlled by a locking policy that is defined and implemented from the client side. If the locking mechanism is activated, then the device operates in a limited mode of operation instead of in a normal mode of operation. The locking mechanism can be deactivated, placing the device into the normal mode of operation, when a specified condition is satisfied.

Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A system for managing a subscription-based computer independent of an operating system of the computer may include a security module that accesses, decrements, and stores subscription data during operation of the subscription-based computer. Additionally, the system may include a network module in communication with the security module and comprising a network stack, a web server, and a user interface in an operating system independent format. A web browser of the computer may request the user interface from the network stack. The interface may be populated with the subscription data, and a network driver may retrieve the populated user interface from the network module. The populated interface may then be sent to the web server to be served back to the requesting web browser.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: To protect against software piracy, a storage media has a cryptographically protected area that stores software to be installed onto a target device, such as a computer. The storage media may include a non-secure area holding boot files and an installation program. The installation program may gather target device-specific data for use by a certifying authority in generating a key that allows access to the secure area of the storage media only during the installation process. In this manner, a user never has access to the raw installation files, limiting the ability to copy and distribute those files for installation on non-authorized computers. The certifying authority may also prepare target device-specific data applied to the software before installation to create a custom software image that will only execute on the target device and that can be verified by the host OS prior to execution, allowing integrity confirmation.

Abstract: An electronic device can be locked and secured by activating a hardware locking mechanism on the device. The locking mechanism is controlled by a locking policy that is defined and implemented from the client side. If the locking mechanism is activated, then the device operates in a limited mode of operation instead of in a normal mode of operation. The locking mechanism can be deactivated, placing the device into the normal mode of operation, when a specified condition is satisfied.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer.

Abstract: A system for managing a subscription-based computer independent of an operating system of the computer may include a security module that accesses, decrements, and stores subscription data during operation of the subscription-based computer. Additionally, the system may include a network module in communication with the security module and comprising a network stack, a web server, and a user interface in an operating system independent format. A web browser of the computer may request the user interface from the network stack. The interface may be populated with the subscription data, and a network driver may retrieve the populated user interface from the network module. The populated interface may then be sent to the web server to be served back to the requesting web browser.

Abstract: A form of removable memory, such as a universal serial bus (USB) flash device (UFD), may allow secure storage of and access to a time balance of a pay-per-use or subscription computing system. A computing device may establish a secure connection to a portable secure computing device to access a stored time balance or other device-enabling, exhaustible data. During operation, the device may deplete the balance. Upon reaching a threshold depletion of the balance, the user may add more data to continue device use. The device may include a processor and a secure memory including identification and subscription data. Further, the device may store configuration data that may be used by the computer to bind the device to a particular subscription service or internet service provider.

Abstract: A method and apparatus for assuring delivery of paid advertising to a user may involve asking a question about an advertisement or requiring data about the advertisement to be entered. In one embodiment, a human presence indicator, such as stylized letters, may be displayed during or after the presentation of an advertisement to be copied by a user to indicate presence during the advertisement. When the challenge relating to ad viewing is correctly answered, a value associated with viewing the ad may be credited to a user account, either locally or at a clearinghouse or other repository.

Abstract: Embodiments of the present invention are directed at identifying an idle state for a processor that minimizes power consumption. In accordance with one embodiment, a method for identifying a target idle state that does not require a linear progression into any intermediate states is provided. More specifically the method includes collecting data from a plurality of data sources that describes activities occurring on the computer and/or attributes of the hardware platform. Then, using the collected data, a target idle state for the processor is calculated. Finally, if the current idle state of the processor is different than the target idle state, the method causes the idle state of the processor to be changed to the target idle state.

Abstract: A system and method for providing authentication of remotely collected external sensor measures is presented. Physiological measures are collected from a source situated remotely from a repository for accumulating such collected physiological measures. An identification of the source from which the physiological measures were collected is determined against authentication data that uniquely identifies a specific patient. The physiological measures are forwarded to the repository upon authenticating the patient identification as originating from the specific patient.

Abstract: Processor power management capabilities that enable an operating system kernel to interact with a plurality of ACPI-compliant computing devices to manage processor power using a generic processor description is described. Specifications of power processor management capabilities of processor types are stored in data structures, i.e., objects. Each object contains a control value field and a control mask field and may also contain a status value field and a status mask field. The kernel loads a generic processor driver and objects for each processor type enabling the kernel to respond to power management events such as, but are not limited to, processor utilization and processor operating temperature events. In response to a power management event, the kernel calculates a desired processor performance state; sets bits in the control mask field to describe the desired processor performance state; and passes the control mask to the generic processor driver which controls the processor.

Abstract: A method of domain modeling for use in generating a computer application. The method includes selecting a generic signature for a general domain element type, creating a specific signature for a specific domain element within the domain element type, and saving the specific signature to a memory for use in the computer application. The generic signature including a plurality of attributes. Creating the specific signature includes populating each of the plurality of attributes with a specific attribute datum.