Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.

Abstract: A method for migrating a base chip key from a first computer system to a second computer system is disclosed. A first computer system includes a base chip key 1, and a second computer system includes a base chip key 2. Using a first certificate for the base chip key 1, a manufacturer of the second computer system generates a second certificate for the base chip key 1. Similarly, using a first certificate for the base chip key 2, a manufacturer of the first computer system generates a second certificate for the base chip key 2. A first data packet is then sent from the first computer system to the second computer system. The first data packet includes a first random number and all the data required to reproduce the base chip key 1 in the first computer system. The first data packet is also encrypted with the base chip key 1's public key.

Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract: Trusted platform module (TPM) keys are copied to a floppy diskette or fob that is external to the customer device in which the TPM resides, so that if the keys in TPM are zeroed as a result of, e.g., a malicious denial of service attack, they can be copied back from the diskette or fob.

Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract: A data processing system and method are disclosed for protecting data within a hard disk drive included within a data processing system. Data is generated. A signature value is provided which is stored in a signature device. The signature device is capable of being inserted into and removed from a computer system. A textual description of the data is created. The data is encrypted utilizing both the signature value stored on the device and the textual description. The encrypted data is then stored on the hard disk drive. The data processing system does not permanently store encryption keys.

Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract: A tamper detection mechanism for a personal computer (PC) and a method of use thereof is disclosed. Accordingly, a first aspect of the present invention comprises a tamper detection mechanism. The tamper detection mechanism comprises a first Root-of Trust Measurement (RTM) module which is coupled to and fixed within the PC, a second RTM module being removably attached to the PC and a diagnostic program for comparing a copy of the first RTM module with a copy of the second RTM module to determine whether the first RTM module is valid. A second aspect of the present invention comprises a method of provided tamper detection for a PC. The method comprises providing a first RTM module, providing a second RTM module and utilizing a diagnostic program to compare a copy of the first RTM module with the a copy of the second module to determine whether the first RTM module is valid.

Abstract: A system and method for isolating a computer system from entry of a personal identification number (PIN) to a smart card. The system and method includes a computer system that is in communication with an unsecure network to allow a user to engage in a purchase transaction. The system and method also includes a smart card reader in which a smart card is inserted and read. A secure personal-identification-number (PIN) entry device is coupled between the computer system and the smart card reader. The secure PIN entry device is used for entering a correct code for the PIN. Communication between computer system and secure PIN entry device is disconnected until the correct code for the PIN is entered at secure PIN entry device and sent to the smart card in order to authorize use of the smart card for the purchase transaction. In response to the correct code for the PIN being entered and sent to the smart card, communication between computer system and secure PIN entry device is established.

Abstract: A data processing system and method are described for providing a networked printer's physical location. The printer, a server computer system, and client computer systems are coupled together utilizing a network. The server computer system first transmits a command to the printer to disable the print function of the printer. Entry of a physical location of the printer is then permitted. The print function of the printer is reenabled by the server computer system only in response to an entry of the physical location of the printer into the printer.

Abstract: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.

Abstract: A method for migrating a base chip key from a first computer system to a second computer system is disclosed. A first computer system includes a base chip key 1, and a second computer system includes a base chip key 2. Using a first certificate for the base chip key 1, a manufacturer of the second computer system generates a second certificate for the base chip key 1. Similarly, using a first certificate for the base chip key 2, a manufacturer of the first computer system generates a second certificate for the base chip key 2. A first data packet is then sent from the first computer system to the second computer system. The first data packet includes a first random number and all the data required to reproduce the base chip key 1 in the first computer system. The first data packet is also encrypted with the base chip key 1's public key.

Abstract: An I/O controller for a computer system having a plurality of memory devices of different types such as floppy and hard disks, whereinn a single cache memory is employed for all of the memory devices. Each of the memory devices is provided with its own interface device which directs data outputted from the associated memory device onto a common device bus. From the device bus data is transferred to a cache memory via a separate cache bus, and then to a system processor via the same cache bus. Memory space within the cache memory may be allocated among the various memory devices.