Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: In order to provide a more efficient persistent storage device, one or more long-term storage media are included along with a non-volatile memory. In one embodiment, one portion of the non-volatile memory is used as a write buffer and a read cache for writes and reads to the long-term storage media. Interfaces are provided for controlling the use of the non-volatile memory as a write buffer and a read cache. Additionally, a portion of the non-volatile memory is used to provide a direct mapping for specified sectors of the long-term storage media. Descriptive data regarding the persistent storage device is stored in another portion of the non-volatile memory.

Abstract: A security module is used to perform an audit of both a computer memory and the computer's processor status. The security module may assert itself as a bus master to read the computer memory without dependence on a program running on the computer. In addition, using a separate hardware path, the security module may access processor register data using a debug port. The security module may collect both memory and processor status information without the use of any of the computer resources being measured, avoiding either alteration of the data by the measurement tool or tampering with the data while being collected.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.

Abstract: A computer is configured for either full operation with metering or limited mode operation. When in limited mode operation, the system memory may be partitioned into active and restricted memory. The active memory may be limited to an amount needed to execute a limited mode operation application. The remaining restricted memory may be made inaccessible to the computer's processor. To verify the restricted memory remains unused, it may be filled with a pattern and the pattern periodically verified to determine that unauthorized programs are not using the restricted memory.

Abstract: A method and system for auxiliary display of information for a computing device. An auxiliary display is integrated with a computing system to provide an area where notifications can be peripherally presented off-screen. Whenever a background task sends a notification to the main display of the system, the notification may be redirected to appear instead on the auxiliary display. A user may then glance at the notification appearing on the auxiliary display to be informed of the message without interruption from the current task onscreen. Any type of information may be presented on the auxiliary display including incoming communications, meeting reminders, system alerts, and information from Internet subscription services. The auxiliary display may be placed on the central processor chassis or on the monitor border along with LED indicator lights to provide simple peripheral-vision notification. By pressing a button, a user may obtain additional detailed follow-up information.

Abstract: A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer.

Abstract: Techniques are disclosed herein for allowing sharing of notes and ideas between electronic devices. The presence of a number of electronic devices is determined. A determination is made that the electronic devices are to be part of a shared workspace. A shared workspace is generated for the electronic devices. The shared workspace is displayed on a display screen of at least one of the electronic devices. The shared workspace that is displayed may be based on the capabilities of the electronic device. The shared workspace that is displayed may reflect the location of the electronic devices.

Abstract: A context-aware mobile device such as a cell phone automatically determines appropriate user interface (UI) settings to implement at different times and/or locations. A behavior of the mobile device is tracked by determining locations visited and UI settings which are manually configured by the user. Patterns in the movement and UI settings relative to one another and to time are detected. When a particular location or time is subsequently reached which corresponds to the pattern, an appropriate UI setting can be implemented, thereby relieving the user of this task. Locations can be detected by electromagnetic signals at different locations, such as from a Wi-Fi network, Bluetooth network, RF or infrared beacon, or a wireless point-of-sale terminal. An identifier from the signals such as an SSID can be stored. Labels for locations can be automatically assigned, or the user can be prompted to provide a label for commonly visited locations.

Abstract: A mobile device such as a cell phone is used to remotely control an electronic appliance such as a television or personal computer. In a setup phase, the mobile device captures an image of the electronic appliance and identifies and stores scale-invariant features of the image. A user interface configuration such as a virtual keypad configuration, and a communication protocol, can be associated with the stored data. Subsequently, in an implementation phase, another image of the electronic appliance is captured and compared to the stored features in a library to identify a match. In response, the associated user interface configuration and communication protocol are implemented to control the electronic appliance. In a polling and reply process, the mobile device captures a picture of a display of the electronic device and compares it to image data which is transmitted by the electronic appliance.

Abstract: The claimed subject matter relates to a display that is physically separable and to an associated architecture that can facilitate data mobility or collaboration in connection with the separable display. In particular, the separable display can be configured as an apparent unitary or singular UI for an associated multi-node computer, yet for which portion of the separable display can be physically decoupled. The multi-node computer can include a set of computing nodes, each of which can potentially operate autonomously, yet also in unison with other nodes to form a collective multiprocessor computing platform. Moreover, each of the computing nodes can be embedded in and distributed throughout the separable display. Accordingly, when a portion of the separable display is decoupled from a remainder of the separable display, both the portion and the remainder can include some subset of the computing nodes, and can therefore maintain the UI.

Abstract: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.

Abstract: An improved system and method for using a file system to automatically backup a file in persistent storage is provided. A storage aggregator may organize nonvolatile memory for use in aggregate to store backup copies of a file. A file system filter driver may receive a request from an application for storing a file and may access a policy to determining whether to create a backup copy of the file and what type of backup to apply to the file. A generational file handler may create and manage a set of generational files as backup copies of a particular application file. And a recovery user interface may be provided to retrieve one or more backup copies, such as the set of generational files, for inspection by a user to recover whatever copy of the file may be desired by the user.

Abstract: A network security system for protecting computing devices connected to a communication network from identified security threats is presented. A security service published security information intended for network security modules in the communication network. A network security module is interposed, either logically or physically, between a computer and the communication network. The security information comprises security measures which, when implemented by a network security module, protect the corresponding computer from an identified security threat to the computer.

Abstract: The claimed subject matter provides a system and/or a method that facilitates authentication of a user in a surface computing environment. A device or authentication object can be carried by a user and employed to retain authentication information. An authentication component can obtain the authentication information from the device and analyze the information to verify an identity of the user. A touch input component can ascertain if a touch input is authentication by associating touch input with the user. In addition, authentication information can be employed to establish a secure communications channel for transfer of user data.

Abstract: The claimed subject matter relates to architectures that can provide rich features associated with information-based collaborative searches by leveraging a multi-touch surface computing-based display. In particular, a first architecture can include a multi-touch surface configured to support interactivity with multiple collocated users simultaneously. Based upon such interaction, the first architecture can transmit to a search engine a multiuser surface identifier and a set of search terms input by collocated users that share a collaborative task. In response, the architecture can receive a set of search results from a second architecture, and present those results to the multi-touch surface in a variety of ways. The second architecture can relate to a search engine that can process the search terms to generate corresponding search results and also process information associated with the multiuser surface identifier.

Abstract: A method and system for configuring a new device are disclosed. The method includes using a host system to create a configuration file including data useable to configure the new device. A portable storage device is interfaced to the host and the configuration file is transferred to the storage device. The storage device is then interfaced to the new device and the configuration file is transferred to the new device. The configuration file is optionally used to configure the new device for communication over a network. A method for configuring the new device using a direct connection between the new device and a system bus of the host is also disclosed.

Abstract: A security circuit in a computer monitors data busses that support memory capable of booting the computer during the computer reset/boot cycle. When activity oil one of the data busses indicates the computer is booting from a non-authorized memory location, the security circuit disrupts the computer, for example, by causing a reset. Execution from the non-authorized memory location may occur when an initial jump address at a known location, such as the top of memory, is re-programmed to a memory location having a rogue BIOS program.

Abstract: A display device for use with a computer adapted for operation in an unrestricted use mode and a limited function mode and a method for enforcing a limited function mode display is disclosed. The display device enters a limited function mode when a condition of non-compliance with an operating policy is discovered by the computer. Additionally, the display device may also enter a limited function mode upon powering up or when connections to the computer and/or selected components of the display are disabled or disconnected. When in the limited function mode, the display may support a limited function interface for use in correcting the condition of non-compliance.