Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract: A method of asset control and workstation computer deployment that utilizes a dual port electronic memory identification RFID tag to hold serial number and hardware and software configuration profiles as well as user information. The RFID tag is mapped into the workstation computer memory space and can also be read and written by wireless radio frequency signalling. Serial numbers and MAC address is stored on the tag by the manufacturer. User information, workstation profile and software image information is stored onto the tag while the computer is being received for forwarding to the final workstation destination without the need to unpack and power up the computer. The information stored on the tag is used to allow automated system configuration and software downloading to the computer.

Abstract: Aspects for increasing control information from a single general purpose input/output (GPIO) mechanism are described. The aspects include establishing a plurality of voltage levels to indicate a plurality of states for association with installed options on a computer system planar. Further included is the determination of which of the installed options is present via the single GPIO. An analog-to-digital (A/D) converter is also included and converts a voltage level signal indicative of installed options on the computer system planar, while a resistor network is utilized to establish the plurality of voltage levels.

Abstract: A data processing system and method are disclosed for providing an access connector which limits access to a network to only authorized client computer systems. The network is controlled by a server computer system. The access connector is provided for physically coupling a client computer system to the network. The access connector is physically coupled to the network. Prior to permitting the client computer system to attempt to establish a client communication link with the network, the client computer system attempts to authenticate itself to the server computer system. In response to the client computer system being unable to authenticate itself to the server computer system, the access connector prohibits the client computer system from establishing a client communication link between the client computer system and the network.

Abstract: A system and method for storing adapter card Option ROM BIOS extensions on the system's DASD and, more particularly, on a partition of the DASD that is generally inaccessible to the operating system. The system may partition the system DASD into a user partition and a hidden partition where the hidden partition is preferably inaccessible to the operating system. BIOS extensions files are stored in the hidden partition. The system BIOS, when executed, identifies the peripheral devices on the system and interrogates the hidden partition for BIOS extension files corresponding to each of the identified devices. If the hidden partition contains a BIOS extension file corresponding to an identified peripheral device, the file is verified for authenticity. If the verification completes successfully, the BIOS extension file is copied into shadow RAM and control is passed to it.

Abstract: A method and system are disclosed for dynamically loading selected BIOS modules and settings from a server computer system to a client computer system according to an identity of a user who is currently utilizing the client computer system. The client computer system is coupled to a server computer system via a network. Selected BIOS modules and settings are associated with a particular user. These BIOS modules and settings are those preferred by the particular user to use in order to customize the client computer system when the client computer system is used by the particular user. The associations among the particular user and the selected BIOS modules and settings are stored in the server computer system. The selected BIOS modules and settings are downloaded from the server computer system to the client computer system when the particular user causes the client computer system to start booting, i.e. when the particular user is the current user.

Abstract: A method for associating a password with a secured public/private key pair is disclosed. A user public/private key pair is first established for a user. The user public/private key pair includes a user public key and a user private key. Then, the user public/private key pair is encrypted along with a random password, utilizing a chip public key. Next, a first password is generated by hashing a pass phrase. Finally, the random password is encrypted along with the first password, also utilizing the chip public key. As a result, a user can assess the user private key to perform an authentication function by providing the pass phrase.

Abstract: A method for associating a pass phrase with a secured public/private key pair is disclosed. A user public/private key pair is first established for a user. The user public/private key pair includes a user public key and a user private key. Then, the user public/private key pair is encrypted along with a random password, utilizing a chip public key. Next, a first symmetric key is generated. The random password is encrypted utilizing the first symmetric key. A first password is generated by hashing a first pass phrase. Finally, the first password is encrypted along with the first symmetric key, also utilizing the chip public key. As a result, a user can access the user private key to perform an authentication function by providing the first pass phrase.

Abstract: A data processing system and method are disclosed for prohibiting an unauthorized user from modifying a priority level associated with a client computer system. The priority level is utilized by a client computer system during transmission of the client's data over a network. One of a plurality of priority levels is associated with the client computer system. The plurality of priority levels includes a higher priority level and a lower priority level. The client computer system associates the priority level with the data transmitted by the client computer system over the network. The data associated with the higher priority level is typically transmitted prior to data associated with the lower priority level. In response to an attempt to modify the associated priority level, the client determines whether the attempt is being made by an approved user. In response to a determination that the attempt is not being made by an approved user, the attempted modification of the priority level is prohibited.

Abstract: A data processing system and method are disclosed for protecting data within a hard disk drive included within a data processing system. Data is generated. A signature value is provided which is stored in a signature device. The signature device is capable of being inserted into and removed from a computer system. A textual description of the data is created. The data is encrypted utilizing both the signature value stored on the device and the textual description. The encrypted data is then stored on the hard disk drive. The data processing system does not permanently store encryption keys.

Abstract: The battery life of batteries of a mobile device operating in a wireless network is optimized by dynamically changing symbol rates and bits per symbol and selecting one for communicating based upon the source providing power to the mobile device.

Abstract: Apparatus and method provides dynamic load balancing of network bandwidth between access points in an 802.11 wireless LAN. The access point generates and monitors average bandwidth utilization of client devices connected to said access point. The average bandwidth utilization for each client device is aggregated and selected clients are forced to roam to other access points if the aggregate bandwidth is equal or exceeds a threshold.

Abstract: A data processing system and method are described for providing a dynamically assigned network address to a client computer system. The data processing system includes a server computer system coupled to the network. An access port is provided which is coupled to the network. The computer system is coupled to the network utilizing the access port. The computer system is then powered on. The computer system requires a network address in order to communicate utilizing the network. The computer system initially has no stored network address each time prior to being powered on. A dynamic network address is provided to the computer system utilizing only the access port each time the computer system is powering on.

Abstract: A computer system and method of operation in which a second input device which requires a second authenticating input in order to enable recognition of an authenticating input from a conventional keyboard is selectively interposed between the keyboard and a security element associated with the system motherboard.

Abstract: Enhanced security in controlling access to data files stored in a read/write storage device is achieved in that the storage device may be specifically linked to a specific computer system, and linked in such a way that access will be granted only when a series of exchanges exemplary of that linkage occurs. Access to data stored in a read/write storage device is to be granted only when the device is associated with a specific computer system and further only when appropriate password entry is verified by the storage device. Trusted Computing Platform capabilities of the system are used in implementing the enhancement of security.

Abstract: A method and system are described for activating a password requirement in a computer system included within a data processing system. A wireless signal is transmitted to the computer system such that computer system receives the signal. In response to a receipt of the wireless signal, a requirement that a password be entered is activated. Thereafter, a correct entry of a password is required prior to the computer system being fully operable.

Abstract: A data processing system and method are disclosed for permitting only preregistered client computer hardware to access a service executing on a remote server computer system. A log-in token is established including a unique identifier which identifies a particular client computer hardware. The client computer hardware logs-on to the server computer system. Subsequent to the client computer hardware logging-on to the server computer system, the client computer hardware attempts to access the service. During the attempt, the client computer hardware transmits the log-in token to the server computer system. The server computer system utilizes the unique identifier included within the log-in token to determine if the client computer hardware is registered to access the service. In response to a determination that the client computer hardware is registered to access the service, the server computer system permits the client computer hardware to access the service.

Abstract: Enhanced security in controlling access to data files stored in a read/write storage device is achieved in that the storage device may be specifically linked to a specific computer system, and linked in such a way that access will be granted only when a series of exchanges exemplary of that linkage occurs. Access to data stored in a read/write storage device is to be granted only when the device is associated with a specific computer system and further only when appropriate password entry is verified by the storage device.

Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract: A method and system are described for permitting a dumb device having no operating system to create and transmit a network packet utilizing a network. The dumb device is coupled to a client computer system utilizing the network. A network interface is established within the dumb device. In response to an event, the dumb device generates an internal output signal. The output signal is received within the dumb device by the network interface. In response to a receipt of the output signal, the network interface creates and transmits a network packet including an indication of the event to the client computer system, wherein a dumb device having no operating system creates and transmits a network packet.