Abstract: A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor.

Abstract: A system and method for monitoring a computer, particularly a pay-per-use computer, uses an isolated computing environment or supervisor. The isolated computing environment boots prior to any boot device associated with an operating system, runs concurrently with the operating system and monitors and measures the computer in operation. Once the isolated computing environment determines the computer is not in compliance with the required policies, the isolated computing environment may either impose an impediment to use such as slowing clock speed or completely disable the operating system. The user may have to return the computer to a service provider to restore it from the offending condition and reset the computer to an operational state.

Abstract: A method and apparatus for assuring delivery of paid advertising to a user may involve asking a question about an advertisement or requiring data about the advertisement to be entered. In one embodiment, a human presence indicator, such as stylized letters, may be displayed during or after the presentation of an advertisement to be copied by a user to indicate presence during the advertisement. When the challenge relating to ad viewing is correctly answered, a value associated with viewing the ad may be credited to a user account, either locally or at a clearinghouse or other repository.

Abstract: A processing unit for use in an electronic device includes standard instruction processing and communication interfaces and also includes functional capability in addition to or in place of those found in an operating system. A secure memory within the processing unit may contain a hardware identifier, policy data, and subsystem functions such as a secure clock, policy management, and policy enforcement. Data in functions within the secure memory are not accessible from outside the processing unit.

Abstract: A pay-per-use or pay-as-you-go computer uses a secure memory to store individual unique program identifiers. Each unique program identifier is associated with a particular hardware or software component, or service, or the entire computer available to a user. By combining the unique program identifier with a computer hardware identifier uniquely identified transactions may be tracked for both billing and reconciliation. Certificates associated with each unique program identifier, and coupled to the hardware identifier, provide a cryptographic basis for mutual verification of messages, requests, configuration instructions, and provisioning.

Abstract: A server in a Shared Resource Computing (SRC) system runs applications and manages licenses for those applications across multiple sessions and/or user terminals. Plug-ins created by an SRC App Store translate the licensing requirements of various applications into terms that can be monitored and enforced by the SRC App Store. When payments are necessary to comply with the licensing requirements, the SRC App Store manages the payments. The SRC App Store also enforces the licensing requirements by providing feedback regarding enforcement consequences.

Abstract: The administration of a shared resource computing environment involves the establishment of direct input/output (I/O) connections between a plurality user interfaces and a single computing device. Each of the user interfaces provides a corresponding computer user with access to the single computing device. One or more desktop sessions are launched in the shared resource computing environment that is implemented on the single computing device. The administration of the shared resource computing environment also includes providing the computer users with concurrent access to the one or more desktop sessions, and managing interaction of the computer users in the one or more desktop sessions.

Abstract: A method and apparatus to distribute a network security service is disclosed. The security software may be distributed across nodes on a network and may use a separate security device that has two channels, one to review network traffic and a second to send updates to other security devices.

Abstract: A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor.

Abstract: A computer with scalable performance level components and selectable software and service options has a user interface that allows individual performance levels to be selected. The scalable performance level components may include a processor, memory, graphics controller, etc. Software and services may include word processing, email, browsing, database access, etc. To support a pay-per-use business model, each selectable item may have a cost associated with it, allowing a user to pay for the services actually selected and that presumably correspond to the task or tasks being performed. An administrator may use a similar user interface to set performance levels for each computer in a network, allowing performance and cost to be set according to a user's requirements.

Abstract: A computer or other electronic device may be used in one of several selectable modes of operation. Computer resources, such as a processor, memory, or a graphics controller, are individually settable for operation at different levels of performance. A mode of operation or performance level is determined by the combination of individual settings for the various resources. Pay-per-use operation is charged at a rate determined by the mode of operation or performance level. Operation in a gaming mode may be charged at a higher rate than operation in web-browsing mode. A metering agent may be associated with each scalable use resource to securely set the performance level and to securely report on metered operation of the resource.

Abstract: A trust provider uses established relationships with a client device and a server of an e-commerce merchant or service provider to assure the identity of each to the other. The e-commerce merchant can request an encrypted token from the client. The client may use a trust-provider key to generate the encrypted token. The server then passes the token to the trust provider, who only accepts tokens from known, authenticated entities. The trust provider then verifies the token and returns a response to the server. The response may include a client verification for use by the server and an encrypted server verification that is forwarded by the server to the client. In this fashion, both the server and client may be authenticated without prior knowledge of each other.