Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract: A docking station system for use with a computer system which includes an externally accessible PC Card interface for transferring signals conforming to the PC Card standard to a docking station enclosure. The docking station enclosure includes a PC Card connector that connects to and passes interface signals between the PC Card interface of the computer system and the docking station enclosure. The docking station enclosure further includes an ISA bus structure conforming to the ISA bus standard. Additionally, the docking station enclosure incorporates conversion logic which is connected to receive signals from the computer system via the PC Card connector, and converts these received signals to signals for operating the ISA bus structure. The computer system includes conversion logic which is connected to receive signals from the docking station enclosure via the PC Card connector, and to convert these signals to system interrupt requests.

Abstract: A control unit transmits an ultrasonic signal having a distinctive characteristic within a controlled area. A protected unit stores two passwords in a non-volatile memory; a Power On Password (POP) and a Privileged Access Password (PAP). If the protected unit is removed from the controlled area, the PAP must be entered in order to re-boot the protected unit. In another embodiment, if the protected unit is removed from the controlled area, either the PAP must be entered in order to re-boot the protected unit, or the protected unit must be returned to the controlled area. Matching “token” generators may be used in both the control unit and the protected unit for added security, and the tokens may be encrypted for additional security.

Abstract: A data processing system and method are disclosed for providing an access connector which limits access to a network to only authorized client computer systems. The network is controlled by a server computer system. The access connector is provided for physically coupling a client computer system to the network. The access connector is physically coupled to the network. Prior to permitting the client computer system to attempt to establish a client communication link with the network, the client computer system attempts to authenticate itself to the server computer system. In response to the client computer system being unable to authenticate itself to the server computer system, the access connector prohibits the client computer system from establishing a client communication link between the client computer system and the network.

Abstract: A system for checking the level of system security on a PC platform is disclosed. The system comprises of a Radio Frequency Identification (RFID) unit. The RFID unit scans a PC platform and extracts relevant security information from its Basic Input/Output System (BIOS). The extracted information is analyzed by a data processing system connected to the RFID unit to determine if the security access available on the PC platform is adequate. A threshold adequacy level is established by a system manager. When the security on the PC is inadequate, a signal is generated to alert the network manager and/or the user of the PC to upgrade the PC's security.

Abstract: A method for associating a password with a secured public/private key pair is disclosed. A user public/private key pair is first established for a user. The user public/private key pair includes a user public key and a user private key. Then, the user public/private key pair is encrypted along with a random password, utilizing a chip public key. Next, a first password is generated by hashing a pass phrase. Finally, the random password is encrypted along with the first password, also utilizing the chip public key. As a result, a user can assess the user private key to perform an authentication function by providing the pass phrase.

Abstract: A method for associating a pass phrase with a secured public/private key pair is disclosed. A user public/private key pair is first established for a user. The user public/private key pair includes a user public key and a user private key. Then, the user public/private key pair is encrypted along with a random password, utilizing a chip public key. Next, a first symmetric key is generated. The random password is encrypted utilizing the first symmetric key. A first password is generated by hashing a first pass phrase. Finally, the first password is encrypted along with the first symmetric key, also utilizing the chip public key. As a result, a user can access the user private key to perform an authentication function by providing the first pass phrase.

Abstract: A data processing system and method are disclosed for protecting data within a hard disk drive included within a data processing system. Data is generated. A signature value is provided which is stored in a signature device. The signature device is capable of being inserted into and removed from a computer system. A textual description of the data is created. The data is encrypted utilizing both the signature value stored on the device and the textual description. The encrypted data is then stored on the hard disk drive. The data processing system does not permanently store encryption keys.

Abstract: The disclosed methods provide a reliable and secure method of automatically backing up a client's data on a personal computer by using excess storage capacity on a set of one or more predetermined computers, without the need for dedicated servers, server disks, removable storage media, or intervention by a user to assist with the storage devices. The methods of the present invention permit a user, be it an individual or a large company, to inexpensively and securely back up information without the need to acquire additional expensive hardware.

Abstract: A method and apparatus for sharing bandwidth among a plurality of end users increases the bandwidth available to each user. A source signal originating from one user terminal is directed through a master bandwidth sharing device that is connected to a local telecommunications line. The master bandwidth sharing device wirelessly communicates with slave bandwidth sharing devices, each having a connection to a local telecommunications line, and aggregates the available bandwidth of the multiple telecommunications lines. Frequent and regular arbitration of the bandwidth sharing process evaluates the continued availability of slave telecommunications lines and either reconfigures the bandwidth sharing depending on bandwidth availability or terminates the wireless connection upon receipt of a release signal.

Abstract: In a network of workstations implementing a grid for sharing workstation resources while maintaining local workstation workloads, grid workloads are assigned to workstations depending on how busy they are with the local workload. CPU utilization is monitored at each workstation and grid workload is only accepted if it can be handled without impacting the interactive performance of the workstation and in alignment with the workstation user's preferences. Also, grid workloads may be categorized by the extent to which they tie up workstation resources and this categorization used as further input to the grid workload assignment process.

Abstract: A data processing system-based password protection system protects a resource with an access password that may be user selected. The access password and an encryption key unique to the resource are stored in non-volatile storage at a data processing system, where the encryption key is at least partially derived from unique information associated with the resource. In response to receipt of an attempted access password at the data processing system, access to the resource is permitted if the attempted access password matches the stored access password. However, in response to an indication that the access password has been forgotten, an encrypted access password generated at the data processing system from the stored access password utilizing the encryption key is output from the data processing system. The access password can thereafter be recovered from the encrypted access password and the unique information.

Abstract: A computer system, method of operation, and program product which gives a clear indication to a user when a computer system has transitioned to a trusted state.

Abstract: A computer system and method of operation in which a second input device which requires a second authenticating input in order to enable recognition of an authenticating input from a conventional keyboard is selectively interposed between the keyboard and a security element associated with the system motherboard.

Abstract: Enhanced security in controlling access to data files stored in a read/write storage device is achieved in that the storage device may be specifically linked to a specific computer system, and linked in such a way that access will be granted only when a series of exchanges exemplary of that linkage occurs. Access to data stored in a read/write storage device is to be granted only when the device is associated with a specific computer system and further only when appropriate password entry is verified by the storage device. Trusted Computing Platform capabilities of the system are used in implementing the enhancement of security.

Abstract: A data processing system and method are disclosed for permitting only preregistered client computer hardware to access a service executing on a remote server computer system. A log-in token is established including a unique identifier which identifies a particular client computer hardware. The client computer hardware logs-on to the server computer system. Subsequent to the client computer hardware logging-on to the server computer system, the client computer hardware attempts to access the service. During the attempt, the client computer hardware transmits the log-in token to the server computer system. The server computer system utilizes the unique identifier included within the log-in token to determine if the client computer hardware is registered to access the service. In response to a determination that the client computer hardware is registered to access the service, the server computer system permits the client computer hardware to access the service.

Abstract: Enhanced security in controlling access to data files stored in a read/write storage device is achieved in that the storage device may be specifically linked to a specific computer system, and linked in such a way that access will be granted only when a series of exchanges exemplary of that linkage occurs. Access to data stored in a read/write storage device is to be granted only when the device is associated with a specific computer system and further only when appropriate password entry is verified by the storage device.

Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract: Direct money transfer between users of a computer aided transaction service such as an auction is accomplished by the use of a common money transfer agent, with which both parties will have established accounts. Security of such transactions is assured by embedding encryption characteristics into data strings exchanged and in which the identities of the parties and details of the transaction are reflected.

Abstract: A computing system includes a security register, in which a flag bit is set whenever a clock pulse and scan code are transmitted from the microcontroller in the system keyboard. The presence of this flag bit indicates that an associated code, which is stored in an output buffer of the keyboard/auxiliary device controller of the system has been sent by the keyboard, as a result of a keystroke, instead of by a program executing within the CPU of the system. The security register is read and reset as the associated code is read from the output buffer. An application program can use the data from the security register to determine if data has come from the surreptitious entry of data through keystroke emulation.