Abstract: A system comprises storage and a basic input/output system (BIOS) stored in the storage and adapted to be executed by a processor. The BIOS has an associated setting. The system receives an encrypted value that comprises an encrypted hash of a request to alter at least one of the BIOS and the setting. A first key is used to encrypt the value. The processor uses a second key corresponding to the first key to authenticate said request.

Abstract: A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor.

Abstract: A system comprises a basic-input-output-system (“BIOS”), a disk drive, and a security system configured to prevent unauthenticated access to the disk drive. For each of at least two users out of a plurality of users, the BIOS authenticates the user based on the user's token. The BIOS also accesses secured data based on the authentication, and provides the secured data to the security system without input from the user.

Abstract: A virtual user authentication system comprising a virtual machine manager (VMM) communicatively coupled to a user operating system (OS) and a service OS, the VMM configured to receive keystroke input destined for an application executing on the user OS and communicate the keystroke input to the service OS, the keystroke input processed by the service OS.

Abstract: There is provided a method of providing secure access to data stored in a system memory of a computer system, the computer system comprising a memory controller for writing data to and reading data from the system memory. The method comprises generating a random encryption key each time the computer system is booted and storing the random encryption key in a volatile memory region of the memory controller. The method additionally comprises encrypting data using the random encryption key to create encrypted data, and storing the encrypted data in the system memory. Also provided are a memory subsystem and a computer system for performing the method.

Abstract: A method and apparatus for improved digital recording and presentation of broadcast information is disclosed. Received broadcast data, which may include video, audio, private, or other data, relating to one or more particular content programs, is presented from an input section to a buffer and recorded directly onto a storage device without any intelligent parsing, such as indexing, and without any manipulation by intermediate hardware or software functions. Upon normal presentation, statistics may be generated to determine the ideal number of frames to skip, the number of bytes to seek, and the size of data files to read from the storage device during time-shifted presentation. Algorithms and processes are provided to dynamically optimize time-shifted presentation.

Abstract: A method and apparatus for improved digital recording and presentation of broadcast information is disclosed. Received broadcast data, which may include video, audio, private, or other data, relating to one or more particular content programs, is presented from an input section to a buffer and recorded directly onto a storage device without any intelligent parsing, such as indexing, and without any manipulation by intermediate hardware or software functions. Upon normal presentation, statistics may be generated to determine the ideal number of frames to skip, the number of bytes to seek, and the size of data files to read from the storage device during time-shifted presentation. Algorithms and processes are provided to dynamically optimize time-shifted presentation.

Abstract: A system comprises a processor which executes an operating system and an application. The system also comprises a keyboard coupled to the processor. The keyboard and application share a shared secret that is used to encode keyboard data provided from the keyboard to the application. The shared secret is not known or accessible to the operating system.

Abstract: A method and apparatus for improved digital recording and presentation of broadcast information is disclosed. Received broadcast data, which may include video, audio, private, or other data, relating to one or more particular content programs, is presented from an input section to a buffer and recorded directly onto a storage device without any intelligent parsing, such as indexing, and without any manipulation by intermediate hardware or software functions. Upon normal presentation, statistics are generated to determine the ideal number of frames to skip, the number of bytes to seek, and the size of data files to read from storage during time-shifted presentation. Algorithms and processes are provided to dynamically optimize time-shifted presentation. In this way, data may be captured to the storage device more efficiently and economically, and the time-shifted presentation operations can easily be performed in a smoother, more nuanced manner with the application of appropriate probabilistic algorithms.

Abstract: A computer security system comprises a self-managed device having an authentication system for controlling access to the self-managed device by a user. The system also comprises a security module adapted to authenticate an identity of the user and, in response to user authentication, automatically generate, transparently to the user, device credential data verifiable by the authentication system to enable user access to the self-managed device.

Abstract: In one embodiment a computer system, comprises a processor, a trusted platform module comprising at least one platform configuration register, a basic input/output system, and logic to unseal at least one current key in the trusted platform module, initiate an update to the basic input/output system, obtain, with the update, at least a component of one expected value for a platform configuration register in the trusted platform module, seal at least one key using the at least one expected value for a platform configuration register, and install the basic input/output system update.

Abstract: A computer system is provided, the computer system having a processor and a system memory coupled to the processor. The computer system also includes a Basic Input/Output System (BIOS) in communication with the processor. The BIOS selectively scrubs the system memory during a shutdown process of the computer system.

Abstract: In one embodiment a computer system comprises a processor and a memory module coupled to the processor and comprising logic instructions stored in a computer readable medium. The logic instructions, when executed, configure the processor to initiate, in a client computing device, a service request, in response to the service request, initiate a request for a location attestation certificate, and complete the client service request when the location attestation certificate is granted.

Abstract: A system for sharing a trusted platform module (TPM) comprises a TPM operable to execute an operating system (OS)-level process, the TPM operable to pause the execution of the OS-level process and execute a non-OS-level process.

Abstract: A biometric security system comprises a token generator executable by a processor and configured to combine biometric information with a security payload to form a security token, the security payload usable to verify integrity of the biometric information.

Abstract: A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor.

Abstract: A system comprises a first operating environment and a second operating environment. The first and second operating environments exchange information in encrypted form using a shared encryption key (K3). The first and second operating environments cooperate to change said encryption key K3 using another shared encryption key (K4). The encryption key K4 is changed upon the encryption key K3 being changed.

Abstract: A method and apparatus for improved digital recording and presentation of broadcast information is disclosed. Received broadcast data, which may include video, audio, private, or other data, relating to one or more particular content programs, is presented from an input section to a buffer and recorded directly onto a storage device without any intelligent parsing, such as indexing, and without any manipulation by intermediate hardware or software functions. Upon normal presentation, statistics are generated to determine the ideal number of frames to skip, the number of bytes to seek, and the size of data files to read from storage during time-shifted presentation. Algorithms and processes are provided to dynamically optimize time-shifted presentation. In this way, data may be captured to the storage device more efficiently and economically, and the time-shifted presentation operations can easily be performed in a smoother, more nuanced manner with the application of appropriate probabilistic algorithms.

Abstract: A virtual user authentication system comprising a virtual machine manager (VMM) communicatively coupled to a user operating system (OS) and a service OS, the VMM configured to receive keystroke input destined for an application executing on the user OS and communicate the keystroke input to the service OS, the keystroke input processed by the service OS.

Abstract: A trusted platform field upgrade system comprises a trusted platform module (TPM) having a volatile memory, the volatile memory having a flag for verifying physical presence in a non-ownership state of the TPM, the TPM configured to enable a field upgrade to the TPM in an operating system (OS) environment based on assertion of the physical presence flag.