Abstract: An electronic device comprises a biometric module having a contact-based sensor configured to capture a biometric image, the biometric module configured to discharge electrostatic energy from a user of the biometric module before activating the sensor.

Abstract: A web-based interface in an electronic device receives a request to access a function of a Basic Input/Output System.

Abstract: A privileged domain includes a function of a Basic Input/Output System (BIOS). A request to access the function of the BIOS is routed to the privileged domain.

Abstract: An implementation may include a virtual trusted runtime BIOS managed by the virtual machine monitor. A replacement portion of the virtual trusted runtime BIOS may be included. A router can replace an address to a resource of the virtual trusted runtime BIOS with the address to the resource of the replacement portion of the virtual trusted runtime BIOS.

Abstract: A computer system includes an authentication service running in a virtual machine. The authentication service uses the hardware components of the computer system in performing a user authentication process and responds to a remote call from another virtual machine by performing the user authentication process and returning a result.

Abstract: Virtual device control in a computer system is described. Examples include: obtaining a device configuration policy from firmware in the computer system, the device configuration policy defining global access permissions to at least one embedded device in the computer system applied at boot time. Obtaining a virtual device configuration policy established for at least one of a selected user or a selected virtual machine (VM), the virtual device configuration policy defining additional access permissions to the at least one embedded device. Establishing a virtual hardware definition for an instance of the selected VM executing on the computer system based on the global access permissions and the additional access permissions.

Abstract: There is provided a system and method of performing a management operation. An exemplary method comprises receiving a command that comprises information derived from a private key in response to a request to generate the command for an electronic device. The exemplary method also comprises verifying a source of the command using the information derived from the private key and a corresponding public key stored in an immutable memory of the electronic device. The exemplary method additionally comprises performing a management operation corresponding to the command if the verifying of the source of the command determines that the command is from an authorized source.

Abstract: Embodiments provide devices and operations which enable a computing device to access a network. The computing device may execute a basic input/output system (BIOS). In response to the BIOS, the computing device may establish a wireless link with a client device and receive, from the client device, network access information.

Abstract: A storage device includes storage media and a controller to control access of the storage media. The controller receives an erase command used to specify an erase operation of at least one portion of the storage media. The erase command has a control field controllable by a requestor device that submitted the erase command to the storage device, where the control field has one or more portions settable to cause the storage device to perform one or more of: reporting a progress of the erase operation, and modifying an operational state of the erase operation.

Abstract: During a boot block part of a boot procedure in an electronic device having a persistent secondary storage, a feature that prevents access to the persistent secondary storage is disabled. The persistent secondary storage is accessed during the boot block part of the boot procedure to retrieve information to perform a predetermined task.

Abstract: Unlocking a storage device including identifying a platform configuration register value in response to a computing machine powering on, configuring a security component to seal an authorization based on the platform configuration register value and storing a sealed authorization onto non-volatile memory, and unlocking the storage device in response to the computing machine resuming from a sleep state and unsealing the sealed authorization with the security component from the non-volatile memory.

Abstract: An environment manager in a computer executes multiple environments concurrently. A user management framework (UMF) virtual machine an the computer runs an authentication domain that supports user profile management of the multiple environments.

Abstract: Security methods are provided. The method can include comparing a first device identifier (125) disposed within a component (120) with a second device identifier (135) disposed within an immutable memory (130). The component and the immutable memory can be disposed at least partially within an electronic device (110). The method can include starting the electronic device normally if the first device identifier corresponds to the second device identifier. The method can further include providing at least one indicator (150) if the first device identifier fails to correspond to the second device identifier. Security systems are also provided.

Abstract: A method for managing a storage device including identifying a lock timing for the storage device when coupling to a device, transitioning the storage device into a locked state in response to detecting the storage device decoupling from the device, and configuring the storage device to remain in the locked state if the storage device is re-coupled to the device after the lock timing has elapsed.

Abstract: A computer system has first and second password-protectable domains. The first domain has a multi-domain password manager for determining whether a password candidate is valid for both the first domain and the second domain. If so, the password manager submits the password candidate to the second domain.

Abstract: A computer system is provided that comprises a processor and a Basic Input/Output System (BIOS) accessible to the processor. During a boot process, the BIOS determines an integrity measurement for the computer system and modifies the integrity measurement based on a user authentication.

Abstract: There is provided a system and method of performing a management operation. An exemplary method comprises receiving a command that comprises information derived from a private key in response to a request to generate the command for an electronic device. The exemplary method also comprises verifying a source of the command using the information derived from the private key and a corresponding public key stored in an immutable memory of the electronic device. The exemplary method additionally comprises performing a management operation corresponding to the command if the verifying of the source of the command determines that the command is from an authorized source.

Abstract: A computer system includes an authentication service running in a virtual machine. The authentication service uses the hardware components of the computer system in performing a user authentication process and responds to a remote call from another virtual machine by performing the user authentication process and returning a result.

Abstract: A storage device includes storage media and a controller to control access of the storage media. The controller receives an erase command used to specify an erase operation of at least one portion of the storage media. The erase command has a control field controllable by a requestor device that submitted the erase command to the storage device, where the control field has one or more portions settable to cause the storage device to perform one or more of: reporting a progress of the erase operation, and modifying an operational state of the erase operation.

Abstract: In at least some embodiments, a method comprises obtaining a digital certificate that indicates a parameter of a cryptographic token associated with the digital certificate. The method further comprises associating a level of trust with the digital certificate based on the parameter of the cryptographic token.