Abstract: A cooling fan, system and method for controlling cooling fans in a personal computer. A unique series of sensing points is placed on a rotating hub of a cooling fan in order to uniquely identify the particular type of cooling fan. A tachometer sensor mounted in the cooling fan detects the unique series of sensing points as the cooling fan rotates and generates a sequence of pulses corresponding to the detected sending points. This generated pulse signal may be transmitted by the sensor to the fan control code. The fan control code may determine a particular type of cooling fan that the cooling fan is based on the generated pulse signal. Once the fan control code determines the particular type of cooling fan that the cooling fan is, the fan control code uses particular control parameters set for that particular type of cooling fan to control the cooling fan so that it operates optimally.

Abstract: A system and method for access control of a hardfile responsive to a computer system having an operating system is disclosed. The method includes detecting a special boot condition during a pre-boot test of the computer system; and altering, in response to the special boot condition, an operating system access configuration of the hardfile. The system includes a computer system that adjusts an operating system access to a hardfile based upon various boot conditions.

Abstract: During power up initialization, security data such as passwords and other sensitive data which are stored in a lockable memory device are read and copied to protected system management interrupt (SMI) memory space, subject to verification by code running in the SMI memory space that the call to write the security data originates with a trusted entity. Once copied to SMI memory space, the security data is erased from regular system memory and the lockable storage device is hard locked (requiring a reset to unlock) against direct access prior to starting the operating system. The copy of the security data within the SMI memory space is invisible to the operating system. However, the operating system may initiate a call to code running in the SMI memory space to check a password entered by the user, with the SMI code returning a “match” or “no match” indication. The security data may thus be employed after the lockable memory device is hard locked and the operating system is started.

Abstract: A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.

Abstract: Methods and arrangements for capturing information related to operational conditions are disclosed. Embodiments include volatile memory to quickly record operational parameters via, e.g., basic input output system (BIOS) code, system management interrupt (SMI) code and/or executing applications. Many embodiments provide an alternative power source and a voltage switch to protect against loss of the information between storage in the volatile memory and storage in the non-volatile memory. Some embodiments include a read controller that provides access to the volatile memory when primary power is available. The read controller may also offer direct access to the non-volatile memory in case of a catastrophic failure that renders the processing device substantially non-functional. Further embodiments include a second processing device to generate a usage model and/or to perform diagnostics with the operational parameters.

Abstract: A method is disclosed for securely updating system attributes of a client computer with a BIOS and includes signing a public key of a secure server with a private key of the BIOS prior to completion of manufacturing of the client computer to create an encrypted public key and embedded private key stored at the server. The method includes receiving at the server a request packet transmitted from the client computer requesting system attribute modification, encrypting the request packet to create an encrypted packet, and transmitting a return packet to client computer comprising the encrypted packet, the server's public key, and server instructions. The client computer decrypts the request packet using the server's public key and compares it to the original request packet, and if identical, executes the server instructions to modify the client computer's boot block to update client computer's system attributes.

Abstract: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method and system of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from one of the computers in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. Further, the sleeping computer compares a transit value in the incoming packet to a predetermined value stored at the sleeping computer. The transit value indicates how far the data packet has traveled through the network, indicating the approximate origin of the data packet. Knowing the approximate origin of the data packet allows the client system to identify if the data packet originated from an external network.

Abstract: A method and system are disclosed for substituting an anonymous Universal Unique Identifier (UUID) for a computer system's real UUID in order to disguise an identity of the computer system to an application which is requesting a UUID for the client computer system. A storage device is established in the computer system. The storage device includes a primary and a second location. A UUID stored in the primary location is used as a UUID for the computer system. An anonymous UUID is generated. The anonymous UUID does not identify any particular computer system. The anonymous UUID is stored in the primary location within the storage device, and the real UUID is backed up by moving it into the secondary location. Thereafter, the anonymous UUID is provided in response to requests for the computer system's UUID.

Abstract: A hard drive having a protected partition is used in the recovery of a BIOS image for a computer system. An EEPROM is used to store a first BIOS image that is used to boot-up the system and recovery code is used to recover a new BIOS image if the first BIOS image has been corrupted. The new BIOS image is stored in the protected partition of the drive. A recover BIOS command is issued whenever the first BIOS image has been corrupted or a remote or local recover BIOS request is received. When the first BIOS is corrupted, the EEPROM is rewritten with the second BIOS image and the system boots with the rewritten first BIOS image. When a recover BIOS request is received in a data packet sent over a communication link, the data packet is authenticated before the first BIOS image is rewritten.

Abstract: A method and system for providing an event driven hardfile image in a computer system is disclosed. The computer system includes a hardfile, a hardfile adapter, a master boot record and an operating system. The method and system include providing an extended physical partition table describing a plurality of partitions on the hardfile and defining at least one image using a utility. Each image corresponds to at least a portion of the plurality of partitions and to a corresponding event. An image is to be mapped to the master boot record in response to an occurrence of the corresponding event. The method and system also include providing an event driven table including each of the at least one image.

Abstract: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from an administration system in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. If the incoming packet matches the particular data sequence associated with the sleeping computer, the sleeping computer transmits a reply message to the administration system. Upon receiving the reply, the administration system modifies the reply message in a predetermined manner and transmits the modified reply to the sleeping computer.

Abstract: A method, system and computer readable medium containing programming instructions for booting a computer system having a plurality of devices is disclosed. They include provisions for initiating a boot sequence in the computer system and determining whether a device of the plurality of devices is either a bootable device or a nonbootable device. If the device is a nonbootable device, a clean restart of the boot sequence is performed, wherein the nonbootable device is bypassed during the clean restart.

Abstract: A computer system processor incorporates a special S-latch which may only be set by secure signals. One state of the S-latch sets the processor into a secure mode where it only executes instructions and not commands from an In Circuit Emulator (ICE) unit. A second state of the S-latch sets the processor into a non-secure mode. A non-volatile random access memory (NVRAM) is written with secure data which can only be read by boot block code stored in a BIOS storage device. The boot block code is operable to read the secure data in the NVRAM and set the S-latch to an appropriate security state. If the boot block code cannot set the S-latch, then remaining boot up with BIOS data is stopped. On boot up the boot block code reads the NVRAM and sets the S-latch into the appropriate security state.

Abstract: A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract: A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised.

Abstract: A method and system are disclosed for substituting an anonymous media access controller (MAC) address for a client computer system's real MAC address in order to disguise an identity of the client computer system when the client computer system is utilizing a network. The client computer system is coupled to a server computer system via the network. A primary storage device is established for storing a MAC address. A MAC address which is stored in the primary storage device is utilized as a network address for the client computer system when the client computer system is utilizing the network. An anonymous MAC address is generated. The anonymous MAC address is not associated with any particular client computer system. The anonymous MAC address is then stored in the primary storage device. The client computer system utilizes the anonymous MAC address as the network address for the client computer system when the client computer system is utilizing the network.

Abstract: Authentication of an entity remotely managing a data processing system is enabled to allow changes by the remote entity to hard-locked critical security information normally accessible only during the POST and only to trusted entities such as the system BIOS. The remote entity builds a change request and generates a hash from the change request with a current password appended. The change request and the hash are stored in a lockable non-volatile buffer which, once locked, requires a system reset to access. During the next POST, a trusted entity such as the system BIOS reads the change request, generates an authentication hash from the change request and the current password within the hard-locked security information, and compares the buffered hash with the generated hash. If a match is determined, the security information is updated; otherwise a tamper error is reported.

Abstract: Disclosed is a method for reducing power-up time and avoiding customer-induced failures of computer systems during power-up. An intrusion switch, which is connected to the inside frame of the computer system is utilized. The intrusion switch signals the BIOS of the computer system whenever the cover of the computer's system unit is opened. The BIOS controls the POST operation during power-up of the computer system. During an initial power-up of the computer system, the POST configuration code examines and configures the hardware and sets the applicable registers, etc. At the end of the POST configuration code, the register values are stored in non-volatile storage. During a subsequent power-up of the computer system, a check is made to see if the cover of the system had been opened. When the cover has not been opened, the BIOS assumes that no changed has occurred in the hardware configuration and the BIOS restores the register values from non-volatile storage without completing the POST operation.

Abstract: A method for remotely powering up a computer, includes: receiving a telephone call by a device coupled to a powered down computer; determining an originator's telephone number for the telephone call; determining if the originator's telephone number matches one of a plurality of authorized telephone numbers; and powering up the computer if the originator's telephone number matches one of the plurality of authorized telephone numbers. The method and system utilizes the well known “Caller-ID” technology to determine the originator's telephone number for a telephone call received by a modem coupled to the computer. If there is no match, the computer remains in a powered down state. In this manner, the system discriminates between the received telephone calls, and avoids powering up the computer when the received call is not for this purpose. This avoids wasting power.

Abstract: The disclosed methods enable users to securably modify system attributes of completed computer systems, without requiring that the system be returned to their manufacturer or that the system be “overhauled.” The methods of the present invention permit manufacturing cost savings and efficiencies, while allowing existing built inventory to be modified to meet current market demands without the need to recall built systems back to the origin of manufacture.