Abstract: A method and system for wirelessly connecting a client device to a wireless network's access point. When a first client device detects a Wireless Broadcast Storm During Active Scan Association (WBSDAASA) caused by a large block of other client devices attempting to simultaneously wirelessly connect to the access point using an active scan, the first client device switches to either a passive scan or a random roam active scan to connect the first client device to the access point. The first client device is thus able to avoid a connection live-lock caused by the WBSDAASA.

Abstract: An apparatus, system, and method are disclosed for rapid wireless network association. The apparatus includes a logic unit containing a plurality of modules configured to functionally execute the necessary steps of conducting a preliminary full band search on a predefined frequency spectrum to identify the frequency of an active communication channel, investigate the availability of the active communication channels identified during the preliminary search, and associate with a wireless network device on the available active communication channel. These modules in the described embodiments include a search module, an investigation module, and an association module. Beneficially such an apparatus, system, and method provide for more efficient searching, scanning, and association than typically found in wireless networks.

Abstract: When a first blade server that is servicing a client computer becomes congested, service is transferred to a second blade server potentially in a different blade center by freezing the first blade and client and then sending, to the second blade server, a pointer to the currently addressed location in the client's virtual storage and an exact memory map in the first blade server that is associated with the client computer, along with the client's IP address. These are used to reconstruct the state of the first blade in the second blade, at which time the second blade resumes service to the client.

Abstract: The present invention adds a procedure to the operating system file subsystem of a processing system that significantly reduces the amount of time necessary to verify the validity of executable files. Each executable is extended with a file signature containing a header containing validation data. This header may be added to an existing ELF header, added as a new section, or placed in a file's extended attribute store. The header contains results of all previous validation checks that have been performed. The file signature is inserted, with a date stamp, into the file attributes. On execution, the system checks the previously-created file signature against a current file signature, instead of creating the file signature for every file during the execution process. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the execution program create a new file signature at the time of execution.

Abstract: A method and system is described for selectively downloading antidotes onto a client computer. The client computer is connected via a network interface card (NIC) to a network that contains an anti-virus server. The NIC is initially logically isolated from the client computer, thus permitting the NIC to autonomously examine packets to and from the client computer and the network. The NIC selectively accepts packets only from trusted Internet Protocol (IP) addresses that conform to a security format such as Internet Protocol Security (IPSec).

Abstract: A method and system is described for a wireless client computer to be connected via an access point to a network only if the wireless client computer has executed all requisite anti-virus programs. Where necessary, a signal from the access point notifies an anti-viral program server that an anti-virus needs to be immediately downloaded to the wireless client computer. An anti-virus fix is installed on the wireless client computer, and a full session is then initiated between the wireless client computer and a wireless network via the access point.

Abstract: A method and system for remotely isolating faults in computer network devices coupled to a computer network. A plurality of first computer units are coupled to the computer network. The plurality of first computer units are located on a user side of the computer network. A plurality of second computer units are coupled to the computer network. The plurality of second computer units are located on a service provider side of the network. One of the plurality of second computer units is designated to provide computing services to one of the plurality of first computer units. One of the plurality of first computer units experiencing a fault communicating with its designated second computer unit uses another of the plurality of first computer units as a proxy computer unit to remotely isolate the fault.

Abstract: A method and system are disclosed in which a management module (MM) designates an idle blade in a client blade farm to be an “administrative blade” that has administrator access to the virtual images of all users. The MM identifies when a particular user image is, or is not, in use and conveys this information to the administrative blade. The administrative blade performs virus scans, backups, defrags, patch installs, software upgrades, and other such maintenance functions on user images when they are inactive, thereby eliminating the performance impact to active users.

Abstract: A method, computer program product and system for enabling a client device in a client device/data center environment to resume from sleep state more quickly. The resource in the server blade used for suspending the activity of the computing state of the client device in order to enter the client device in a sleep state is not reallocated for a period of time. If the client device indicates to the server blade to resume the client device from sleep state prior to the ending of that period of time, then the server blade reinitializes the computing state using the same resource as used in suspending the computing state of the client device. By using the same resource, steps traditionally implemented in resuming the client device from sleep state are avoided thereby reducing the time in resuming the client device from sleep state.

Abstract: Various methods are disclosed for ensuring compliance with operating system license requirements in a server blade center environment in which a server blade may have plural images of an O.S., one for each of plural thin clients serviced by the blade.

Abstract: A method, computer program product and system for reducing the boot time of a client device in a client device/data center environment. A profile of the client device, which includes information regarding the usage characteristics of the client device, may be created. A confidence level indicating the likelihood that the client device is going to be booted may be determined based on the client device's profile. The confidence level and the utilization of the resources of the server blades in the data center may be examined in determining whether to have an appropriate server blade perform an action involved in booting the operating system of the client device. If the appropriate server blade performs such an action, e.g., pre-booting the client device's operating system, prior to the user of the client device attempting to boot its operating system, then the boot time may be reduced.

Abstract: A screen saver is run from the deskside device of a workstation used by a first user, rather than from a blade being used by the first user. Screen saver software and the necessary hardware to run the screen saver are located on the deskside device, thereby making the screen saver independent from the blade. This enables the blade to be reallocated for use by a second user, in a manner that is transparent to the idle first user. When the first user wants to resume use of the computer system, a new blade (or the same blade, if available) is allocated to the first user, and the newly-allocated blade is restored to the status of the first blade at the time it entered its suspended state. From the perspective of the first user, nothing appears different, i.e., to the first user everything looks as though he or she is on the same blade as when they entered the idle state.

Abstract: A procedure and implementations thereof are disclosed that significantly reduce the amount of time necessary to perform a virus scan. A file signature is created each time a file is modified (i.e., with each “file write” to that file). The file signature is inserted, with a date stamp, into the file attributes. The virus scan program checks the previously-created file signature against the virus signature file instead of creating the file signature for every file during the virus scan. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the virus scan program create a new file signature at the time of the running of the virus scan.

Abstract: The boot-time required for a log-on to a desktop blade system is improved, and a more streamlined process for performing maintenance operations, such as software updates, across an enterprise desktop blade system is facilitated. All activities being performed by a user are cached, in an off-blade storage location, on an ongoing basis. The caching is performed using “divided caching”, that is, different elements of the user image are stored in different locations. The specific divisions utilized are based upon classifications of the information to be cached, e.g., a first class of information used by all users of the system; a second class of information utilized by a certain class of users; a third class of information utilized only by a particular individual, etc.

Abstract: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.

Abstract: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.

Abstract: An apparatus, system, and method are disclosed for making a motion based business decision. A motion module senses a component of motion such as acceleration or a derivative of acceleration. A log module calculates a motion summary from the motion component and stores the motion summary in a memory module. An analysis module receives the motion summary and makes a business decision based on the motion summary.

Abstract: A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.

Abstract: An apparatus, system, and method are disclosed for autonomically disposing a computer such as a workstation. The computer's local persistent storage medium is configured with pre-boot image which is configured with a set of functional modules that facilitate disposal or recycling of the computer to the next user. The disposal and recycle methods are automated, require minimal user intervention, and facilitate moving configuration options and data to a different computer. The entire process may execute from the pre-boot image on the computer's local persistent storage medium without ever booting the primary operating system.

Abstract: A method, system, and program product for enabling administrative recovery of a user's lost/forgotten boot-up passwords without compromising the administrative/master password(s). A restricted-use password is dynamically generated from a first hash of a random number generated on a client system and a secret retrieved from a secure device associated with the client system. The restricted-use password operates as a master password but is not the administrative password of the client system. Once the password is generated, it is provided to the user/client system to enable user access to said client system and hardfile and reset of the user passwords.