Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract: A method and system are described for permitting a dumb device having no operating system to create and transmit a network packet utilizing a network. The dumb device is coupled to a client computer system utilizing the network. A network interface is established within the dumb device. In response to an event, the dumb device generates an internal output signal. The output signal is received within the dumb device by the network interface. In response to a receipt of the output signal, the network interface creates and transmits a network packet including an indication of the event to the client computer system, wherein a dumb device having no operating system creates and transmits a network packet.

Abstract: A method for managing business information by a first business entity using a server system is provided. The server system is coupled to a centralized database and at least one client system. The method includes receiving at the server system business information relating to at least one second business entity through the client system, calculating business information based on the business information previously entered through the client system, generating a plurality of reports based on the business information, validating the business information contained in the reports, and storing the business information and the generated reports in the centralized database.

Abstract: A wireless communication network comprising: (1) a plurality of mobile devices each configured to receive a beacon being broadcasted within the network and determine based on information transmitted within the beacon whether the mobile device is supported within the network; and (2) one or more access devices configured to broadcast the beacon within the network. Each of the mobile devices has a transmitting mechanism for communicating with the one or more access device. However, only those mobile devices that are supported by the network respond to the receipt of the beacon. Thus, no transmission occurs from the mobile devices until the device is identified as being supported by the network. These mobile devices instantiating a communication path with the one or more access devices and request an authentication from the one or more access devices. In this manner, a handshake mechanism is established between the access devices and the mobile devices that are supported by the network.

Abstract: A tamper detection mechanism for a personal computer (PC) and a method of use thereof is disclosed. Accordingly, a first aspect of the present invention comprises a tamper detection mechanism. The tamper detection mechanism comprises a first Root-of Trust Measurement (RTM) module which is coupled to and fixed within the PC, a second RTM module being removably attached to the PC and a diagnostic program for comparing a copy of the first RTM module with a copy of the second RTM module to determine whether the first RTM module is valid. A second aspect of the present invention comprises a method of provided tamper detection for a PC. The method comprises providing a first RTM module, providing a second RTM module and utilizing a diagnostic program to compare a copy of the first RTM module with the a copy of the second module to determine whether the first RTM module is valid.

Abstract: An embedded security subsystem, and method for implementing the same, which provide secure controllability of a data security device within a data processing system. The embedded security subsystem of the present invention includes a persistent enable flag for providing control access to the data security device, wherein the persistent enable flag is accessible only in response to a power-on reset cycle of the data processing system. The persistent enable flag is read-only accessible to runtime program instructions. A pending state change flag that is write accessible by runtime program instructions is utilized for setting an intended next state of the persistent enable flag such that control access to the data security device is enabled only during a subsequent power-on reset of said data processing system.

Abstract: A remote mobile unit (MU) including a radio device is provided with an ability to communicate through a LAN by remote association with an access point (AP) that is out of range for communication with the radio device of the remote MU. The remote MU transmits a quest frames that is received and retransmitted by one or more intermediate MUs until a connection is made with the AP. Each of the intermediate MUs adds an identifying address to the request, forming a path that is used in both directions to transmit a response from the AP to the remote MU and to transmit data between the AP and the MU.

Abstract: A data processing system and method including a docking station and a portable computer capable of being coupled to the docking station are disclosed for securing the docking station, the portable computer, and for securing the attachment of the docking station to the portable computer. The portable computer is coupled to the docking station. A disconnection password is established. When the portable computer is disconnected from the docking station, a user is prompted for the disconnection password. The portable computer is disabled in response to a failure to correctly enter the disconnection password, wherein the portable computer is inoperable without a correct entry of the disconnection password. When a portable computer is connected to the docking station, a correct entry of a connection password is required. In response to a failure to correctly enter the connection password, access to the docking station is prohibited.

Abstract: A method and system for managing cryptology keys in a TCPA subsystem such as a Trusted Platform Module (TPM). The TPM encrypts/decrypts data being communicated with a processing system. Internal to the TPM is limited memory for storing cryptology private keys used in the encryption/decryption. Under the TCPA specification, the keys are hierarchical, such that a parent key must be in the TPM to load into the TPM the requested child cryptology private key. Thus there is an expense associated with replacing an existing key. This expense is determined by the probability that the evicted key will be needed and thus re-stored in the future and the likelihood that ancestor keys will have to be loaded into the TPM in order to load the requested child key. The present invention presents a method for determining this expense, in order to determine which key should be evicted.

Abstract: A computing system includes a motherboard including one or more connection subsystems, each of which includes a port connector and a device interface circuit conditioning signals transmitted or received through the port connector. The port connector includes a connection-sensing terminal, which is connected to ground through a cable, and which is allowed to float to a voltage supplied through a pull-up resistor when the cable is disconnected. The motherboard also includes a main voltage plane supplying electrical power to a separate voltage plane for each device interface circuit only when a cable is connected to the port connector which is also connected to the device interface circuit.

Abstract: A system and method for isolating a computer system from entry of a personal identification number (PIN) to a smart card. The system and method includes a computer system that is in communication with an unsecure network to allow a user to engage in a purchase transaction. The system and method also includes a smart card reader in which a smart card is inserted and read. A secure personal-identification-number (PIN) entry device is coupled between the computer system and the smart card reader. The secure PIN entry device is used for entering a correct code for the PIN. Communication between computer system and secure PIN entry device is disconnected until the correct code for the PIN is entered at secure PIN entry device and sent to the smart card in order to authorize use of the smart card for the purchase transaction. In response to the correct code for the PIN being entered and sent to the smart card, communication between computer system and secure PIN entry device is established.

Abstract: A system and method for storing adapter card Option ROM BIOS extensions on the system's DASD and, more particularly, on a partition of the DASD that is generally inaccessible to the operating system. The system may partition the system DASD into a user partition and a hidden partition where the hidden partition is preferably inaccessible to the operating system. BIOS extensions files are stored in the hidden partition. The system BIOS, when executed, identifies the peripheral devices on the system and interrogates the hidden partition for BIOS extension files corresponding to each of the identified devices. If the hidden partition contains a BIOS extension file corresponding to an identified peripheral device, the file is verified for authenticity. If the verification completes successfully, the BIOS extension file is copied into shadow RAM and control is passed to it.

Abstract: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.

Abstract: A method and system for providing a default offering for a product is disclosed. The product is offered in a plurality of business segments and includes a plurality of components. The method and system include allowing a customer to select at least one business segment of the plurality of business segments. The customer is also allowed to select at least one performance level for at least one of the plurality of components. The method and system also include dynamically determining at least one default offering determined based on the at least one business segment and the at least one performance level.

Abstract: A method and system for configuring an operating system in a computer system including language selection during bootup rather than at manufacture. A first aspect of the method and system comprises providing a plurality of operating system images in the computer system, each of the plurality of operating system images being based upon a particular language, selecting one of the plurality of operating system images based on the language supported by the computer system and loading the selected operating system image into the computer system. A second aspect of the method and system comprises providing a language-independent operating system image in the computer system, determining a language supported by the computer system, loading the language-independent operating system image into the computer system, and associating the language supported by the computer system with the language-independent operating system image.

Abstract: The present invention comprises a method and system for configuring the language of a BIOS of a computer system. The method and system comprise providing a plurality of BIOS images in the computer system, each of the plurality of BIOS images being related to a particular language, selecting one of the pluralities of BIOS images based on the language supported by the computer system and utilizing the selected BIOS to configure the computer system. Through the use of the method and system in accordance with the present invention, the language being supported by the computer system is determined when the computer system is booted up as opposed to when the computer system is being built. This results in an increase in manufacturing productivity since original equipment manufacturers can build computer systems without having to worry about language restrictions.

Abstract: A data processing system and method are disclosed for authenticating a client computer system to a secure network prior to permitting the client computer system to attempt to log-on to the network. The secure network is controlled by a server computer system. A unique identifier is established which identifies the client computer system. The unique identifier is encrypted. Prior to permitting the client computer system to attempt to log-on to the secure network, the client computer system transmits the encrypted identifier to the server computer system. Also prior to permitting the client computer system to attempt to log-on to the network, the server computer system utilizes the unique identifier to determine whether to permit the client computer system to attempt to log-on to the network. The client computer system is authenticated prior to permitting the client computer system to attempt to log-on to the network.

Abstract: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.

Abstract: An apparatus and method for exclusively binding data to a data processing system. The logical binding apparatus of the present invention includes a detachable circuit device mounted within a system planar. Data to be bound within the system planar is stored in a memory device within the detachable circuit device. A battery signal is applied from the system planar to a binding pin on the detachable circuit device, wherein the binding pin is applied to the input of a binding latch. The binding latch remains in a reset state while the battery signal is applied. Upon removal of said binding signal from the binding pin, the binding latch is set thus signaling a processing unit within the detachable circuit device to remove the data from the memory device.

Abstract: A method and system for authentication in a computer system is disclosed. The method and system of the present invention includes registering a biometric template in the computer system, thereafter, verifying the authenticity of the registered biometric template and then comparing the biometric template with a biometric image of the user if the biometric template is authentic. If the user's biometric image matches the biometric template, the computer system will continue to boot.