Abstract: The invention facilitates remote management of a computer via a network. Remote computer management capability can be updated by providing to a managed computer, for use by software operating on the managed computer to effect management actions, a dynamically loaded library (or other set of instructions and/or data that will not be identified as a new executing process on the managed computer) that includes functionality not previously enabled by the software operating on the managed computer.

Abstract: A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization.

Abstract: The invention facilitates remote management of a computer via a network. Remote computer management in which communication between a managed computer and a remote computer management server is initiated by the managed computer is implemented so that the presence of a proxy server at the site at which the managed computer is located can be detected, and communication from the managed computer to the remote computer management server is routed to a communication port assigned for communication with the proxy server, with instructions to then send the communication to the remote computer management server.

Abstract: The invention facilitates remote management of a computer via a network. Remote computer management in which communication between a managed computer and a remote computer management server is initiated by the managed computer is implemented so that the presence of a proxy server at the site at which the managed computer is located can be detected, and communication from the managed computer to the remote computer management server is routed to a communication port assigned for communication with the proxy server, with instructions to then send the communication to the remote computer management server.

Abstract: A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization.

Abstract: The invention establishes a protected volume on a data storage device associated with a computational device by allowing an operating system of the computational device to boot up to a point (the volume conversion crossover point) at which predetermined functionality of the operating system becomes available, then establishing the protected volume. A copy of the operating system data (cleartext operating system data) that is accessed during boot up prior to the volume conversion crossover point (which can be known by monitoring and recording access to operating system data during boot-up) is stored in an unprotected region of the data storage device. A copy of the cleartext operating system data is also stored in the protected volume. After the protected volume is established, the computational device is reset, causing the operating system to boot up again.

Abstract: The invention provides additional protection for data stored in a data storage device situated within a secure environment by using active erasure to erase the stored data when an intrusion into the secure environment is detected. Active erasure effects erasure of data in a data storage device much more rapidly than passive erasure, so that the erasure of data cannot be prevented by a tamperer before the data is erased. Active erasure also enables data to be rapidly erased without requiring use of a processor (and, in some cases, additional devices) to effect the erasure or other destruction of data, which use is relatively complex and expensive, can be disabled in some situations, and cannot guarantee destruction of data in situations in which insufficient power may be available to operate the processor. The invention has particular utility when used with a volatile data storage device that is situated within a secure environment and connected to a power supply.

Abstract: The invention enables a peripheral device to communicate with a host computing device to enable one or more security operations to be performed by the peripheral device on data stored within the host computing device, data provided from the host computing device to the peripheral device (which can then be, for example, stored in the peripheral device or transmitted to yet another device), or data retrieved by the host computing device from the peripheral device (e.g., data that has been stored in the peripheral device, transmitted to the peripheral device from another device or input to the peripheral device by a person). In particular, the peripheral device can be adapted to enable, in a single integral peripheral device, performance of one or more security operations on data, and a defined interaction with a host computing device that has not previously been integrated with security operations in a single integral device. The defined interactions can provide a variety of types of functionality (e.g.

Abstract: The invention enables a modular, typically portable, device to communicate with a host computing device to enable one or more security operations to be performed by the modular device on data stored within the host computing device, data provided from the host computing device to the modular device (which can then be, for example, stored in the modular device or transmitted to yet another device), or data retrieved by the host computing device from the modular device (e.g., data that has been stored in the modular device, transmitted to the modular device from another device or input to the modular device by a person). In particular, the modular device can include a security module that is adapted to enable performance of one or more security operations on data, and a target module that is adapted to enable a defined interaction with a host computing device. The target module can be embodied by any of a variety of modules having different types of functionality (e.g.