Abstract: A method comprises obtaining a set of log files for a software system. The set of log files applies to an extended window. A periodic pattern in a first set of error-event surges in the set of log files is identified. The error-event surges in the first set is identified as event noise. A second set of log files for the software system is obtained. The second set of log files applies to a shortened window. Timeseries analysis on the second set of log files is performed. A particular error-event surge in a detection period in the second set of log files that is abnormal as compared to the shortened window is detected based on the timeseries analysis. That the particular error-event surge does not fit into the periodic pattern is determined, the particular error-event surge is characterized as an anomaly, based on the determining.

Abstract: A method comprises receiving a set of log files that correspond to a detected anomaly in a software system. The set of log files are input into a first classification algorithm. A set of classified log events is received from the first classification algorithm. The set of classified log events is input into a second classification algorithm. A classification of the detected anomaly is obtained from the second classification algorithm.

Abstract: A method comprises obtaining a set of log files for a software system. The set of log files applies to an extended window. A periodic pattern in a first set of error-event surges in the set of log files is identified. The error-event surges in the first set is identified as event noise. A second set of log files for the software system is obtained. The second set of log files applies to a shortened window. Timeseries analysis on the second set of log files is performed. A particular error-event surge in a detection period in the second set of log files that is abnormal as compared to the shortened window is detected based on the timeseries analysis. That the particular error-event surge does not fit into the periodic pattern is determined, the particular error-event surge is characterized as an anomaly, based on the determining.

Abstract: For supervisor password access based on a key press of a hotkey, systems, apparatus, methods, and program products are disclosed. The apparatus may include a processor that monitors for a key press of a hotkey during a up process, that detects a supervisor password access attempt, that allows access to the supervisor password in response to hotkey being pressed during the boot up process, and that denies access to the supervisor password in response to hotkey not being pressed during the boot up process.

Abstract: For supervisor password access based on a key press of a hotkey, systems, apparatus, methods, and program products are disclosed. The apparatus may include a processor that monitors for a key press of a hotkey during a up process, that detects a supervisor password access attempt, that allows access to the supervisor password in response to hotkey being pressed during the boot up process, and that denies access to the supervisor password in response to hotkey not being pressed during the boot up process.

Abstract: A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.

Abstract: An apparatus, system, and method are disclosed for suspend-resume scheduling in conjunction with an operation requiring a suspend-resume cycle of a computer 200, including updating, for purposes of system configuration management, a non-volatile memory 506, such as an electrically erasable programmable read-only memory (“EEPROM”) 702. A control module 402 sends 806 a request to update the EEPROM 702. A suspend module 404 suspends 818 an operating system 204. A standby module 406 prepares 904 the computer 200 to enter a standby state, estimates 914 a sufficient amount of time to enter the standby state, places 916 the estimate into an alarm register 608, and then enters 918 the standby state. An update module 308 exits 1004 the standby state in response to an alarm signal 612, receives the request if present 1008, writes 1012 the EEPROM 702 with the updated information, and resumes 1018 the operating system 204.

Abstract: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

Abstract: A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

Abstract: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

Abstract: An apparatus, system, and method are disclosed for suspend-resume scheduling in conjunction with an operation requiring a suspend-resume cycle of a computer 200, including updating, for purposes of system configuration management, a non-volatile memory 506, such as an electrically erasable programmable read-only memory (“EEPROM”) 702. A control module 402 sends 806 a request to update the EEPROM 702. A suspend module 404 suspends 818 an operating system 204. A standby module 406 prepares 904 the computer 200 to enter a standby state, estimates 914 a sufficient amount of time to enter the standby state, places 916 the estimate into an alarm register 608, and then enters 918 the standby state. An update module 308 exits 1004 the standby state in response to an alarm signal 612, receives the request if present 1008, writes 1012 the EEPROM 702 with the updated information, and resumes 1018 the operating system 204.

Abstract: An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.

Abstract: A method and system for ensuring security-compliant creation and certificate generation for endorsement keys of manufactured TPMs. The endorsement keys are generated by the TPM manufacturer and stored within the TPM. The TPM manufacturer also creates a signing key pair and associated signing key certificate. The signing key pair is also stored within the TPM, while the certificate is provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates a signed endorsement key, which comprises the public endorsement key signed with the public signing key. The credential server matches the public signing key of the endorsement key with a public signing key within the received certificate. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

Abstract: A system and method for securing data on a wireless device. A secured zone is defined by a boundary sensor. A data processing system is coupled to the boundary sensor and a wireless device. If the data processing system detects that the signal strength of the wireless device has fallen below a first predetermined value for longer than a second predetermined value, the data processing system deletes a digital certificate corresponding to the wireless device from memory. Thus, when the wireless device is reintroduced into the secured zone, in response to determining that a digital certificate corresponding to the wireless device is not stored in memory, the disabling module disables the wireless device from operation within the secured zone.

Abstract: A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

Abstract: A method and system for remotely storing a user's admin key to gain access to an intranet is presented. The user's admin key and intranet user identification (ID) are encrypted using an enterprise's public key, and together they are concatenated into a single backup admin file, which is stored in the user's client computer. If the user needs his admin file and is unable to access it in a backup client computer, he sends the encrypted backup admin file to a backup server and his unencrypted intranet user ID to an intranet authentication server. The backup server decrypts the user's single backup admin file to obtain the user's admin key and intranet user ID. If the unencrypted intranet user ID in the authentication server matches the decrypted intranet user ID in the backup server, then the backup server sends the backup client computer the decrypted admin key.

Abstract: A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.

Abstract: A Method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured trusted platform modules. The endorsement keys are generated for the trusted platform module (TPM). The TPM vendor selects an N-byte secret and stores the N-type secret in the trusted platform module along with the endorsement keys. The secret number cannot be read outside of the trusted platform module. The secret number is also provided to the credential server of the original equipment manufacturer. During the endorsement key (EK) credential process, the trusted platform module generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key withy a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the trusted platform module only when a match is confirmed.

Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract: A method for a plurality of key cache managers for a plurality of localities to share cryptographic key storage resources of a security chip, includes: loading an application key into the key storage; and saving a restoration data for the application key by a key cache manager, where the restoration data can be used by the key cache manager to re-load the application key into the key storage if the application key is evicted from the key storage by another key cache manager. The method allows each of a plurality of key cache managers to recognize that its key had been removed from the security chip and to restore its key. The method also allows each key cache manager to evict or destroy any key currently loaded on the security chip without affecting the functionality of other localities.