Abstract: A method for providing centralized user authorization to allow secure sign-on to a computer system is disclosed. In response to a user attempting to boot up a computer system, a message is sent to a trusted server by a hypervisor within the computer to request a new hard drive password for the computer system. If the user is not authorized to access the computer system, a packet is sent by the trusted server to instruct the hypervisor to stop any boot process on the computer system. If the user is authorized to access the computer system, a packet containing a partial hard drive password is sent by the trusted server to the computer system. The packet is then encrypted with a system public key by the computer system to yield the partial hard drive password. The computer system subsequently combines the partial hard drive password with a user password to generate a new complete hard drive password to continue with the boot process.

Abstract: A procedure and implementations thereof are disclosed that significantly reduce the amount of time necessary to perform a virus scan. A file signature is created each time a file is modified (i.e., with each “file write” to that file). The file signature is inserted, with a date stamp, into the file attributes. The virus scan program checks the previously-created file signature against the virus signature file instead of creating the file signature for every file during the virus scan. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the virus scan program create a new file signature at the time of the running of the virus scan.

Abstract: In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware.

Abstract: An apparatus, system, and method are disclosed for reassigning a client. A selection module selects a second computation module that is hardware compatible with a first computation module. A suspension module suspends a software process for a client executing on the first computation module. An execution state module copies a computation module execution state of the first computation module to the second computation module. A memory map module copies a memory map of a software process image associated with the software process and stored in a first storage system from the first computation module to the second computation module. In one embodiment, a resumption module resumes the software process executing on the second computation module.

Abstract: A method and system are disclosed in which a management module (MM) designates an idle blade in a client blade farm to be an “administrative blade” that has administrator access to the virtual images of all users. The MM identifies when a particular user image is, or is not, in use and conveys this information to the administrative blade. The administrative blade performs virus scans, backups, defrags, patch installs, software upgrades, and other such maintenance functions on user images when they are inactive, thereby eliminating the performance impact to active users.

Abstract: Systems and arrangements for permitting the transmission of fingerprint authentication data to a system remotely, while also permitting the system to employ such data as well as passwords in order to operate a computer system, while ensuring a reliable level of security for any group or organization using such systems and arrangements.

Abstract: Systems and methods for providing multi-language support in a pre-boot environment are supplied. User interface type information, such as keyboard type information and translation tables, are ascertained and provided to the pre-boot environment of the apparatus, allowing the apparatus to properly receive and/or translate multi-language inputs in an appropriate fashion.

Abstract: A client computer system is provided with two operating systems, one of which is a user operating system (UOS) and the other of which is a service operating system (SOS), and a hypervisor. In the event of a hang in the first operating system, the second operating system remains active, out of the awareness of the user of the system, and has reporting and command response capabilities beyond those of prior technology.

Abstract: The employment of a process of applying user-defined defaults to a management engine or analogous arrangement, wherein a system BIOS calls or recalls such defaults, as needed, from NVRAM responsive to the need for a reset of defaults.

Abstract: Arrangements which permit the employment of dedicated user-access management architecture with more than text-based access. Particularly contemplated herein are arrangements for accepting user identifiers that are then communicated to an intermediate user-delineating architecture (i.e., architecture configured for permitting access to encrypted data or sections of a computer on a user-specific basis) in a manner to permit the user-delineating architecture to perform its own task of unlocking data or sections of a computer.

Abstract: A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.

Abstract: Methods and arrangements for ensuring that, when a computer system is stolen or otherwise misplaced, the system is rendered unusable (i.e., locked down). Conventional solutions have required software running on the system to perform the lockdown action, but in accordance with at least one preferred embodiment of the present invention is the linkage of TPM (Trusted Platform Module) and AMT (Active Management Technology) solutions whereby an AMT arrangement can remove secure data or identifiers so that any encrypted data present on the system will become unusable.

Abstract: Arrangements for employing a system BIOS (basic input/output system) to handle email during a suspended state (such as an “S3” state as will be better understood herebelow). Preferably, the BIOS is employed to “jump” between two suspended images such that, e.g., two more powerful OS's can be employed to manage the mail function.

Abstract: In accordance with at least one presently preferred embodiment of the present invention, there is broadly contemplated herein the managing of a POP not solely in the BIOS but at least partly in a more secure location. In accordance with a particularly preferred embodiment of the present invention, this location could be in a NVRAM (non-volatile random access memory) inside a TPM (trusted platform module). Most preferably, this location will contain code that the BIOS preferably will need to access and employ in order to complete the booting of the system.

Abstract: A technique for providing a software patch to an associated computer system includes receiving, at a wireless communication device, a communication. Next, it is determined, at the wireless communication device, whether the communication is associated with a software patch available for the associated computer system. When the communication is associated with the software patch, a notification is sent from the wireless communication device to the associated computer system that the software patch is available.

Abstract: In a system with a main memory, a network adapter, and a display, a transaction security module in communication with the network adapter. The transaction security module acts to: establish a secure identification item with an entity which positively identifies the entity; accept an application OS of the entity; and initiate a guest OS with the entity; the network adapter acting to connect with the entity subsequent to initiation of a guest OS; and the display acting to display the secure identification item subsequent to connection with the entity.

Abstract: Methods and arrangements for managing a flash drive, hard disk, or connection between the two, in a manner to ensure that sensitive data is not decrypted at any time when it would be vulnerable. Accordingly, in a first implementation, the data may preferably be encrypted as it first goes into a flash drive and decrypted when it comes out of the flash drive. In another implementation, the flash drive may be logically bound to the hard disk, so that they would both use the same encryption key. In yet another implementation, if a hard disk is moved to another system, then the flash drive may also preferably be simultaneously moved.

Abstract: An arrangement for facilitating remote booting in diskless client systems as just described. To this end, there is broadly contemplated herein the employment of a hypervisor that can freely accommodate a variety of booting arrangements for a given OS. This then ensures that few if any modifications, especially costly ones, would need to be made to the OS to ensure greater versatility.

Abstract: A mobile device, such as a laptop or notebook computer, capable of booting from at least two environments. If a remote environment is present, the mobile device may boot from the remote environment. The mobile device may also boot from the local environment.

Abstract: Methods and arrangements for facilitating and streamlining patch management in “road warrior” and analogous contexts. Particularly, there are broadly contemplated herein, in accordance with at least one presently preferred embodiment of the present invention, methods and arrangements for facilitating determinations of suitable times for enabling system updates and/or downloads.