Abstract: An encryption system can include a first port and a second port. A format translator can be coupled to the first port and the second port to translate a first header format of data received from the first port to a second header format of the second port. The format translator can translate the second header format of data received from the second port to the first header format. An encryptor can receive the data and encrypts the data received from the first port and decrypts the data received from the second port.

Abstract: An environment manager in a computer executes multiple environments concurrently. A user management framework (UMF) virtual machine on the computer runs an authentication domain that supports user profile management of the multiple environments.

Abstract: An event data structure is stored in a non-volatile memory that is electrically isolated from a bus accessible by a processor. In response to an event relating to operation of a controller that is separate from the processor, the controller adds event data for the event into an entry of the event data structure.

Abstract: A computing system and a method of communicating with a virtual trusted runtime BIOS. The computing system can include hardware and a virtual machine monitor. A virtual trusted runtime BIOS can be managed by the virtual machine monitor. A communication channel can communicate with the virtual trusted runtime BIOS. The communication channel can be secured by a secure socket layer.

Abstract: A first non-volatile memory stores a redundant copy of system data that relates to a configuration of at least one physical component of a system, where the first non-volatile memory is accessible by a controller in the system and inaccessible to a processor in the system. It is determined whether system data in a second non-volatile memory accessible by the processor is compromised. In response to determining that the system data in the second non-volatile memory is compromised, the compromised system data in the second non-volatile memory is repaired.

Abstract: A controller that is separate from a processor of the system verifies controller code for execution on the controller. In response to verifying the controller code, the controller verifies a system boot code.

Abstract: A computer-readable storage medium containing software that, when executed by a processor, causes the processor to implement a basic input/output system (BIOS). The BIOS comprises instructions that implement a BIOS core, instructions that implement a user authentication and enforcement engine (AEE), and instructions that implement an extensible interface to a preboot authentication module.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterised by the algorithms and associated parameters that are selected to perform an operation.

Abstract: There is provided a method of providing secure access to data stored in a system memory of a computer system, the computer system comprising a memory controller for writing data to and reading data from the system memory. The method comprises generating a random encryption key each time the computer system is booted and storing the random encryption key in a volatile memory region of the memory controller. The method additionally comprises encrypting data using the random encryption key to create encrypted data, and storing the encrypted data in the system memory. Also provided are a memory subsystem and a computer system for performing the method.

Abstract: Security methods are provided. The method can include comparing a first device identifier (125) disposed within a component (120) with a second device identifier (135) disposed within an immutable memory (130). The component and the immutable memory can be disposed at least partially within an electronic device (110). The method can include starting the electronic device normally if the first device identifier corresponds to the second device identifier. The method can further include providing at least one indicator (150) if the first device identifier fails to correspond to the second device identifier. Security systems are also provided.

Abstract: An environment manager in a computer executes multiple environments concurrently. A user management framework (UMF) virtual machine an the computer runs an authentication domain that supports user profile management of the multiple environments.

Abstract: Exemplary embodiments of the present invention disclosed herein relate to a method of providing a system management command. The method comprises receiving from an authorized requestor information identifying the electronic device and a request to issue a system management command to the electronic device. The method additionally comprises providing, in response to the request, a system management command, information identifying a source of the command as a trusted source and the information identifying the electronic device. Also disclosed are an electronic device and a computer system according to the invention.

Abstract: A trusted component update system comprises verify logic configured to validate integrity of an update to a trusted component of a computing device, and logic disposed in the trusted component and configured to validate integrity of the verify logic.

Abstract: A system comprises a basic-input-output-system (“BIOS”), a disk drive, and a security system configured to prevent unauthenticated access to the disk drive. For each of at least two users out of a plurality of users, the BIOS authenticates the user based on the user's token. The BIOS also accesses secured data based on the authentication, and provides the secured data to the security system without input from the user.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.

Abstract: Fault of a particular module in an electronic device is detected. In response to detecting the fault, an update module is retrieved from a network site over a network to update the particular module, where the network stack is independent of a network stack associated with an operating system in the electronic device.

Abstract: A method for managing a storage device including identifying a lock timing for the storage device when coupling to a device, transitioning the storage device into a locked state in response to detecting the storage device decoupling from the device, and configuring the storage device to remain in the locked state if the storage device is re-coupled to the device after the lock timing has elapsed.

Abstract: A computing system and a method of handling a system management request. The computing system includes a virtual high-privilege mode in a trusted domain managed by the virtual machine monitor. The virtual high-privilege mode handles the system management request.

Abstract: A computing system and a method of communicating with a virtual trusted runtime BIOS. The computing system can include hardware and a virtual machine monitor. A virtual trusted runtime BIOS can be managed by the virtual machine monitor. A communication channel can communicate with the virtual trusted runtime BIOS. The communication channel can be secured by a secure socket layer.

Abstract: An electronic device has a lower power state in which power to a storage device is disabled. Predetermined information stored in a memory is useable to unlock the storage device during a procedure to transition the electronic device from the lower power state to a higher power state. The predetermined information is different from a credential for use in unlocking the storage device.