Abstract: A secured communication channel is established between two or more information handling systems by defining attributes for encrypting information with physical inputs made at touch devices of the information handling systems. Inputting the physical gesture at a touch device of each information handling system allows evaluation of one or more attributes at each information handling system so that the shared secret of the physical gesture form the basis for encrypted communications. The touch device includes touch screens or touch pads and the attributes include gesture speed, plural distinct gesture touch points, movement of touch points relative to each other, or other attributes that are determinable from physical gesture inputs at each information handling system.

Abstract: A secured communication channel is established between two or more information handling systems by defining attributes for encrypting information with physical inputs made at touch devices of the information handling systems. Inputting the physical gesture at a touch device of each information handling system allows evaluation of one or more attributes at each information handling system so that the shared secret of the physical gesture form the basis for encrypted communications. The touch device includes touch screens or touch pads and the attributes include gesture speed, plural distinct gesture touch points, movement of touch points relative to each other, or other attributes that are determinable from physical gesture inputs at each information handling system.

Abstract: A method supports secure input/output (I/O) communications between an I/O device and a data processing system via a keyboard, video, and mouse (KVM) switch. An example embodiment includes the operations of establishing a first secure communication channel between the KVM switch and the I/O device and establishing a second secure communication channel between the KVM switch and the data processing system. In addition, I/O data may be received at the KVM switch from the I/O device via the first secure communication channel. In response to receipt of the I/O data from the I/O device, the I/O data may be transmitted from the KVM switch to the data processing system via the second secure communication channel. Embodiments may also include support for non-secure channels between the KVM switch and non-secured I/O devices, non-secured data processing systems, or both.

Abstract: Methods and systems are disclosed for ultra-wideband (UWB) secure wireless device pairing. Secure pairing between devices for secure UWB communications is conducted over in-band UWB communications to provide secure pairing without requiring a visual confirmation through a graphical user interface (GUI), in particular, for wireless personal area network (WPAN) communications. The secure in-band pairing of wireless UWB devices over a UWB radio link provides considerable advantages over prior secure pairing techniques.

Abstract: A method and apparatus for ensuring the security of a particular configuration of hardware and software for an information handling system that is assembled using a “build-to-order” system. The present invention ensures the security and integrity of data on an information handling system from the point of manufacture to the final destination at the customer's facility. The information handling system is then manufactured with the operating system and a predetermined set of software being installed thereon. A manifest file is constructed comprising a predetermined set of data files and configuration information. The manifest file is digitally signed with at least one digital key. When the information handling system performs its initial boot, a second digital key, securely stored in a Trusted Platform Module (TPM), is used to extract information from the manifest file and the existing data files and configuration information is compared to the information contained in the manifest file.

Abstract: A software activation method is disclosed which uses a two-key paradigm. The method provides increased piracy protection while providing a relatively straight forward process for a user to satisfy a license claim.

Abstract: A method and system for modifying a computer's registry so that it is easily cleansed of spyware and other web-installed software. The registry is structured like an ACID type database, and is partitioned so that metadata associated with web-installed software are stored in a special partitioned. The registry also has revision control, so that prior versions can be retrieved and used if the current registry is corrupted.

Abstract: A method to boot a computer system only to a secured network is disclosed. In accordance with one embodiment, a method to boot a client only to a secured network, includes connecting the client to a secured network server through the secured network, wherein the secured network server functions as an access control list manager and includes an authorization table listing clients authorized to boot an operating system (OS) only if the client is connected to the secured network server. The method further includes transmitting a claim over the secured network from the client to the secured network server such that the client requests authorization to boot. The method further includes validating at the secured network server the claim against the authorization table. The method further includes determining whether the response denies or permits the client authorization to boot the OS.

Abstract: A method and apparatus for improved handling of messages transmitted over a plurality of wireless and wired networks. Electronic mail transmitted by a mail source via an internet connection is received by a server that is operably connected to an intranet that is protected by a firewall. The server adds a timestamp to the incoming email and forwards the email to first information handling system. The server also relays the email to a network operations center (NOC) that transmits a copy of the email via a wireless transmitter. The present invention provides a method and apparatus to selectively prevent transmission of the relayed email by the NOC by sending a cancellation signal to the NOC or by suppressing the relay of the email to the NOC, thereby providing a cost saving and increased efficiency of bandwidth utilization.

Abstract: A method and apparatus for ensuring the security of a particular configuration of hardware and software for an information handling system that is assembled using a “build-to-order” system. The present invention ensures the security and integrity of data on an information handling system from the point of manufacture to the final destination at the customer's facility. The information handling system is then manufactured with the operating system and a predetermined set of software being installed thereon. A manifest file is constructed comprising a predetermined set of data files and configuration information. The manifest file is electronically signed with at least one electronic key. When the information handling system performs its initial boot, a second electronic key is used to extract information from the manifest file and the existing data files and configuration information is compared to the information contained in the manifest file.

Abstract: A system and method for securing access to memory modules includes a memory module, a virtual memory module, a boot module, and a gatekeeper. The boot module accepts a key and requests for the memory module and provides the requests and the key to the virtual memory module. The virtual memory module is externally accessible by the boot module and accepts the provided key and the requests from the boot module and transmits the requests and the provided key from the boot module to the gatekeeper. The gatekeeper regulates access to the memory module allowing no other components to directly access the memory module. The gatekeeper receives the provided key from the virtual memory module and the gatekeeper authenticates the provided key by comparing it with a stored key stored in secure location. Upon proper authentication of the provided key, the gatekeeper executes the request in the memory module.