Abstract: A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device causes on a first boot, the host computer system to recognize hardware devices connected thereto, and to configure hardware configuration files of the portable desktop O/S in accordance with the recognized hardware. Once the hardware configuration files have been configured, the system is rebooted. On the second boot, the host computer determines that the portable desktop has been configured for its hardware, and initiates start-up of the portable desktop.

Abstract: Techniques for recovering from unexpected removal of (or other unexpected power loss) a flash memory device from a computer system. An interpolated device driver notes whenever the flash memory device is unexpectedly removed, or otherwise unexpectedly powers off or enters a locked state. If the flash memory device is reinserted, the interpolated device driver reinitializes the flash memory device, and satisfies any flash memory device security protocol, so the flash memory device and the computer system can be restored to their status just before unexpected removal. The interpolated device driver caches requests to the flash memory device, and when status is restored to just before removal, replays those requests to the flash memory device, so the flash memory device responds to those requests as if it had ever been removed. The computer system does not notice any break in service by the flash memory device due to removal and reinsertion.

Abstract: A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.

Abstract: A security protocol for use by computing devices communicating over an unsecured network is described. The security protocol makes use of secure data provided to a peripheral memory device from a server via a secure connection. When the peripheral memory device is coupled to a computing device that attempts to establish a secure connection to the server, the secure data is used to verify that the server is authentic. Similarly, the secure data assists the server in verifying that the request to access the server is not being made by a malicious third party.

Abstract: A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device once authenticated provides access to a portable desktop application that provides a beat signal to the portable desktop device. In an absence of the beat signal, the portable desktop device prevents access to the portable desktop application and/or data associated therewith.

Abstract: Disclosed is a method of improving electronic security by establishing a path between a user and a secure transaction appliance. The secure transaction appliance receiving information destined for the user which includes a tagged portion, said tagged portion triggering the secure transaction appliance to forward the information to the computer from which the request was issued, and to seeking an electronic signature to verify the content or transaction by transmitting a watermark, tagged portion of the content, or similar electronic content. The secure trusted path providing the user with the tagged portion incorporating additional elements such as a watermark, or in some embodiments only the additional elements, upon a personalized security device associated with the user making interception or manipulation more complex and difficult.

Abstract: The present invention relates to a method and device for scanning of data for signatures prior to storage. First data are received at a storage device for storage therein. Upon receipt the first data are stored in a temporary storage medium for storing other than guaranteed previously scanned data. Using a processor of the storage device, the first data are compared with at least a predetermined signature and a comparison result is determined in dependence thereupon. In dependence upon the comparison result the first data are provided to the scanned data memory when the comparison result is indicative of other than a match or the first data are other than provided to the scanned data memory when the comparison result is indicative of a match. The method and the device according to the invention substantially reduce the risk that a file infected with a computer virus is transferred from one computer to another via a portable storage medium.

Abstract: A method and apparatus are disclosed wherein a portable memory storage device is provided for interfacing with a communications port of the computer system. During operating system start up of the operating system of the computer, fields relating to security of the operating system are prompted for. The portable memory store retrieves from memory therein data for populating said fields and provides same to the computer system mimicking a data entry device other than a portable memory store.

Abstract: A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device causes on a first boot, the host computer system to recognize hardware devices connected thereto, and to configure hardware configuration files of the portable desktop O/S in accordance with the recognized hardware. Once the hardware configuration files have been configured, the system is rebooted. On the second boot, the host computer determines that the portable desktop has been configured for its hardware, and initiates start-up of the portable desktop.

Abstract: A method comprises providing first user authentication data of a user and comparing the first user authentication data to first stored template data. When the comparison is indicative of a match, a first session is provided, which supports one of user access for retrieving first data that are stored within a peripheral memory storage device and user access for modifying a data content of the peripheral memory storage device. The first session does not support the other one of user access for retrieving first data that are stored within the peripheral memory storage device and user access for modifying a data content of the peripheral memory storage device. During the first session, second user authentication data of the same user is provided and compared to second stored template data.

Abstract: A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate.

Abstract: Electronic transactions employing prior art approaches of digital certificates and authentification are subject to attacks resulting in fraudulent transactions and abuse of identity information. Disclosed is a method of improving electronic security by establishing a secure trusted path between a user and an institution seeking an electronic signature to verify a transaction before any request for signature and completing electronic transaction activities occurs. The secure trusted path providing the user with a predetermined portion of the request from the institution for a signature upon a personalized device that cannot be intercepted or manipulated by malware to verify that the request as displayed upon the user's primary computing device is valid.

Abstract: The present invention relates to a method and device for scanning of data for signatures prior to storage. First data are received at a storage device for storage therein. Upon receipt the first data are stored in a temporary storage medium for storing other than guaranteed previously scanned data. Using a processor of the storage device, the first data are compared with at least a predetermined signature and a comparison result is determined in dependence thereupon. In dependence upon the comparison result the first data are provided to the scanned data memory when the comparison result is indicative of other than a match or the first data are other than provided to the scanned data memory when the comparison result is indicative of a match. The method and the device according to the invention substantially reduce the risk that a file infected with a computer virus is transferred from one computer to another via a portable storage medium.

Abstract: A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.

Abstract: Booting an operating system that includes a secure preboot environment that performs integrity checks against security threats. A computer system boots to a preboot environment, which performs integrity checks and other anti-malware operations. Once the preboot environment finishes, the system reboots into a regular environment. The preboot environment can reside on a secure portion of a flash memory, with a computer system booting therefrom; or the preboot environment can reside securely in the computer system. The preboot environment includes integrity checks for a regular environment, and anti-malware programming. Once the preboot environment is done, the computer system reboots into a regular environment, such as from the flash memory or on the computer system. The integrity checks confirm that files in the regular environment are unchanged or uninfected. The integrity checks include determining the accuracy of a trusted system configuration on the computer system, such as using a TPM.

Abstract: Bootability of a computer system with multiple LUNs. A flash device powers-on into a default LUN, from which the system boots, maintaining any other LUNs unavailable. The first LUN reconfigures the system to remove itself as the available LUN, to load a second LUN as the only available LUN, and to reboot the computer system into the newly available second LUN. The second LUN reconfigures the system to load any additional LUNs, such as removable storage on the flash drive. Upon reconfiguration, the system includes multiple LUNs. The second LUN includes an interpolated LUN driver, which exposes additional LUNs before operation of other device drivers. The interpolated LUN driver takes control during boot-up, exposing any available LUNs before the regular environment's operating system.

Abstract: Techniques for recovering from unexpected removal of (or other unexpected power loss) a flash memory device from a computer system. An interpolated device driver notes whenever the flash memory device is unexpectedly removed, or otherwise unexpectedly powers off or enters a locked state. If the flash memory device is reinserted, the interpolated device driver reinitializes the flash memory device, and satisfies any flash memory device security protocol, so the flash memory device and the computer system can be restored to their status just before unexpected removal. The interpolated device driver caches requests to the flash memory device, and when status is restored to just before removal, replays those requests to the flash memory device, so the flash memory device responds to those requests as if it had ever been removed. The computer system does not notice any break in service by the flash memory device due to removal and reinsertion.

Abstract: A method and apparatus are disclosed wherein a portable memory storage device is provided for interfacing with a communications port of the computer system. During operating system start up of the operating system of the computer, fields relating to security of the operating system are prompted for. The portable memory store retrieves from memory therein data for populating said fields and provides same to the computer system mimicking a data entry device other than a portable memory store.

Abstract: A method and apparatus are disclosed wherein a portable memory storage device is provided for interfacing with a communications port of the computer system. During operating system start up of the operating system of the computer, fields relating to security of the operating system are prompted for. The portable memory store retrieves from memory therein data for populating said fields and provides same to the computer system mimicking a data entry device other than a portable memory store.

Abstract: The present invention relates to a method and device for scanning of data for signatures prior to storage. First data are received at a storage device for storage therein. Upon receipt the first data are stored in a temporary storage medium for storing other than guaranteed previously scanned data. Using a processor of the storage device, the first data are compared with at least a predetermined signature and a comparison result is determined in dependence thereupon. In dependence upon the comparison result the first data are provided to the scanned data memory when the comparison result is indicative of other than a match or the first data are other than provided to the scanned data memory when the comparison result is indicative of a match. The method and the device according to the invention substantially reduce the risk that a file infected with a computer virus is transferred from one computer to another via a portable storage medium.