Abstract: A method, system and computer readable medium containing programming instructions for detecting a tamper event in a computer system having an embedded security system (ESS), a trusted operating system, and a plurality of devices is disclosed. The method, system and computer readable medium of the present invention provide for receiving a tamper signal in the ESS, and locking the tamper signal in the ESS. According to the method, system and computer readable medium of the present invention, the trusted operating system is capable of detecting the tamper signal in the ESS.

Abstract: A method, system and computer readable medium containing programming instructions for booting a computer system having a plurality of devices is disclosed. They include provisions for initiating a boot sequence in the computer system and determining whether a device of the plurality of devices is either a bootable device or a nonbootable device. If the device is a nonbootable device, a clean restart of the boot sequence is performed, wherein the nonbootable device is bypassed during the clean restart.

Abstract: A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.

Abstract: A data processing system and method including a server computer system coupled to a client computer system utilizing a network are described for causing an initially powered-off client computer system to power-on only in response to a receipt of an authenticated wake network packet. The client computer system is capable of receiving a wake network packet while the client is powered-off. The client computer system determines if the received wake network packet is a valid wake network packet while the client is powered-off. The client computer system powers-on only in response to a determination that the wake network packet is a valid wake network packet. The client computer system powers-on only in response to authenticated wake network packets.

Abstract: A data processing system and method are described for permitting a portable computer to automatically detect the presence of a printer within a remote area, and responsive to the detection, automatically establishing a communications link with the printer. The portable computer is physically disconnected from the printer. The portable computer transmits a wireless query signal to the remote area. In response to a printer physically located within the remote area receiving the wireless query signal, the printer transmits a wireless reply signal to the remote area. In response to the portable computer receiving the wireless reply signal, the computer automatically establishes a communications link with the printer so that the computer may utilize the printer to print information. The communications link may be established with a printer for which the computer does not include a printer driver necessary for communicating with the printer.

Abstract: A data processing system and method are described for permitting a server computer system to perform remote diagnostics on a malfunctioning client computer system coupled to the server computer system utilizing a network. The server computer system transmits a diagnostic command to the malfunctioning client computer system utilizing the network. A network adapter operating as a bus controller for an internal bus within the malfunctioning client computer system executes the diagnostic command. The network adapter transmits a result of the execution of the diagnostic command to the server computer system. In this manner, the diagnostic command is executed within a malfunctioning client computer system by a remote, server computer system.

Abstract: A data processing system and method of password protecting the boot of a data processing system are disclosed. According to the method, in response to an attempt to boot the data processing system utilizing a boot device, the boot device is interrogated for a password. If the boot device supplies password information corresponding to that of a trusted boot device, the data processing system boots utilizing the boot device. If, however, the boot device does not supply password information corresponding to that of a trusted boot device, booting from the boot device is inhibited. In a preferred embodiment, the password information comprises a unique combination of the boot device's manufacturer-supplied model and serial numbers.

Abstract: A method and system are disclosed for substituting an anonymous Universal Unique Identifier (UUID) for a computer system's real UUID in order to disguise an identity of the computer system to an application which is requesting a UUID for the client computer system. A storage device is established in the computer system. The storage device includes a primary and a second location. A UUID stored in the primary location is used as a UUID for the computer system. An anonymous UUID is generated. The anonymous UUID does not identify any particular computer system. The anonymous UUID is stored in the primary location within the storage device, and the real UUID is backed up by moving it into the secondary location. Thereafter, the anonymous UUID is provided in response to requests for the computer system's UUID.

Abstract: A method and system for programming a computer board including a nonvolatile storage is disclosed. The nonvolatile storage is for storing a program. The method and system include providing a peripheral controller coupled with the nonvolatile storage and coupling the peripheral controller with a host system. The method and system further include allowing the system board to be recognized by the host system as a peripheral. The method and system further include loading the program from the host system to the nonvolatile storage.

Abstract: A method and system are disclosed for dynamically loading selected BIOS modules and settings from a server computer system to a client computer system according to an identity of a user who is currently utilizing the client computer system. The client computer system is coupled to a server computer system via a network. Selected BIOS modules and settings are associated with a particular user. These BIOS modules and settings are those preferred by the particular user to use in order to customize the client computer system when the client computer system is used by the particular user. The associations among the particular user and the selected BIOS modules and settings are stored in the server computer system. The selected BIOS modules and settings are downloaded from the server computer system to the client computer system when the particular user causes the client computer system to start booting, i.e. when the particular user is the current user.

Abstract: A method and system are disclosed for substituting an anonymous media access controller (MAC) address for a client computer system's real MAC address in order to disguise an identity of the client computer system when the client computer system is utilizing a network. The client computer system is coupled to a server computer system via the network. A primary storage device is established for storing a MAC address. A MAC address which is stored in the primary storage device is utilized as a network address for the client computer system when the client computer system is utilizing the network. An anonymous MAC address is generated. The anonymous MAC address is not associated with any particular client computer system. The anonymous MAC address is then stored in the primary storage device. The client computer system utilizes the anonymous MAC address as the network address for the client computer system when the client computer system is utilizing the network.

Abstract: A data processing system and method including a server computer system and a client computer system coupled together utilizing a network are described for permitting the client computer system to temporarily prohibit remote management of the client computer system. The client computer system sets a remote override condition in the client computer system for temporarily prohibiting remote management of the client. The client temporarily prohibits all attempts to manage the client remotely utilizing the network when the remote override condition is set.

Abstract: A system and method for connecting a computer terminal (e.g., a personal computer) to a data transmission network with the appropriate settings for connection obtained from the network if the terminal has been moved and the settings are not appropriate for the new location. The system and method involve detecting that the terminal has been removed from the data transmission network, and, if the terminal has been moved, checking to determine whether the previous settings are appropriate for use in the new location. If the settings are appropriate, then the previous settings are used; if not, new settings for the terminal are obtained from the network, using a program such as the IBM's Dynamic Host Connection Program (DHCP), with the details on the settings (or connection) maintained at both the network and the computer terminal and updated when a new or changed connection to the data transmission network is made.

Abstract: A method and system for securing access to a keyboard driver in a host computer. The host computer includes a host processor that manages communication between a keyboard driver and a keyboard attached to the host computer. In accordance with a method of the present invention, a packet is received on a bus that connects the keyboard to the host processor. A determining is made of whether or not the packet originated from the keyboard. In response to determining that the packet originated from the keyboard, a independent bus traffic monitor processor sets an input secure bit which is then read by the host processor to selectively provide access to the keyboard driver in accordance with verification that the keyboard originated the packet.

Abstract: A client on a network is provided with auxiliary low power logic, at the network adoptor, that is always active and simulates network traffic (e.g., Ethernet format) normally sent under control of the main client system processor(s). This logic collects client status information and reports to the network manager, even when the system CPU is powered down, information which allows the network manager to exercise broader control and perform maintenance and upgrades which would otherwise require a dialog with the user and/or limit maintenance and reconfiguration of the client system to off-hours activity.

Abstract: A data processing system and method are described for remotely rendering a client computer system inoperable. The client computer system is coupled, to a server computer system utilizing a network. The client computer system is initially powered off. The server computer system transmits a signal to the client computer system utilizing the network to prohibit the client computer system from becoming operable. In response to a receipt of the signal by the client computer system, the client computer system is prohibited from becoming operable. The server computer system remotely renders the client computer system inoperable. Alternatively, the client computer system is capable of receiving wireless signals transmitted by the server computer system. The server computer transmits a wireless signal to the client computer system to prohibit the client computer system from becoming operable.

Abstract: A data processing system and method are described for remotely accessing a client computer system's individual initialization settings. The client computer system is coupled to a server computer system to form a local area network. The server computer system transmits a command to the client computer system to access a selected one of the client computer system's initialization settings. In response to a receipt of this command by the client computer system, the client computer system accesses only selected ones of the initialization settings. The client computer system may be powered off while the initialization setting is accessed.

Abstract: A data processing system and method are described for permitting a server computer system to remotely initiate a boot block recovery from a failure of a client computer system to successfully complete execution of POST. The client computer system is coupled to a server computer system utilizing a network. The client computer system fails to successfully complete executing POST. Thereafter, the server computer system transmits a recovery POST code to the client computer system utilizing the network. The client computer system executes POST utilizing the recovery POST code, wherein the client computer system is capable of successfully completing execution of POST utilizing the recovery POST code received remotely from the server computer system.

Abstract: A data processing system and method are described for permitting a server computer system coupled to a client computer system utilizing a network to remotely modify operation of the client computer system's network hardware. A counter is established within the client computer system for counting a plurality of network events. A counter threshold is established. Upon the counter reaching the counter threshold, the client computer system's network hardware transmits a message to the server computer system including network statistics information. The network statistics information includes an indication of the counter reaching the counter threshold. In response to a receipt of the message, the server computer system determines whether to modify the operation of the client's network hardware. In response to a determination to modify operation of the network hardware, the server remotely modifies operation of the client's network hardware.

Abstract: A client on a network is provided with auxiliary low power logic, at the network adaptor, that is always active and simulates network traffic (e.g., Ethernet format) normally sent under control of the main client system processor(s). This logic collects client status information and reports to the network manager, even when the system CPU is powered down, information which allows the network manager to exercise broader control and perform maintenance and upgrades which would otherwise require a dialog with the user and/or limit maintenance and reconfiguration of the client system to off-hours activity.