Abstract: A method of geolocation verification, including obtaining the geolocation of an operating system, generating a unique system ID for an installed operating system, and transmitting the geolocation of the operating system and a system ID to a data repository. The method further includes receiving a request to either initiate deployment of, or grant access to, a computer object associated with the operating system, identifying if the computer object requires geolocation verification, then identifying an object ID associated with the computer object and communicating each of the object ID, the geolocation of the operating system, and the system ID, to a domain controller for assessment. The method also includes searching the data repository to identify one or more geolocation object resource claims associated with the object ID, and comparing the geolocation resource claims with the communicated geolocation of the operating system.

Abstract: A virtual hard disk drive containing a guest operating system is bound to a source computing device through encryption. When the virtual hard drive is moved to a difference computing device, a virtual machine manager instantiates a virtual machine and causing the virtual machine to boot the operating system from the virtual hard disk drive. Because the guest operating system is encrypted by an encryption device on a source computing device, the virtual machine causing the decryption of the guest operating system with a copy of the key. The virtual hard disk is bound to the target computing device through encryption based on a hardware on the target computing device.

Abstract: A method of geolocation verification, including obtaining the geolocation of an operating system, generating a unique system ID for an installed operating system, and transmitting the geolocation of the operating system and a system ID to a data repository. The method further includes receiving a request to either initiate deployment of, or grant access to, a computer object associated with the operating system, identifying if the computer object requires geolocation verification, then identifying an object ID associated with the computer object and communicating each of the object ID, the geolocation of the operating system, and the system ID, to a domain controller for assessment. The method also includes searching the data repository to identify one or more geolocation object resource claims associated with the object ID, and comparing the geolocation resource claims with the communicated geolocation of the operating system.

Abstract: Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.

Abstract: Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.

Abstract: A virtual hard disk drive containing a guest operating system is bound to a source computing device through encryption. When the virtual hard drive is moved to a difference computing device, a virtual machine manager instantiates a virtual machine and causing the virtual machine to boot the operating system from the virtual hard disk drive. Because the guest operating system is encrypted by an encryption device on a source computing device, the virtual machine causing the decryption of the guest operating system with a copy of the key. The virtual hard disk is bound to the target computing device through encryption based on a hardware on the target computing device.

Abstract: A virtual hard drive is moved as an at least partially encrypted file to a different computing device. A key is provided to the different computing device in a protected form and a user on the different computing device can access the protected key by authentication. For example, the user may be authenticated to a server. Because the guest operating system is encrypted by an encryption device on a source computing device, the virtual hard disk drive can be decrypted with a copy of the key.

Abstract: Cooperatively scheduling hardware resources by providing information on shared resources within processor packages to the operating system. Logical processors may be included in packages in which some or all processor execution resources are shared among logical processors. In order to better schedule thread execution, information regarding which logical processors are sharing processor execution resources and information regarding which system resources are shared among processor packages is provided to the operating system. Extensions to the SRAT (static resource affinity table) can be used to provide this information.

Abstract: A radio frequency identification (RFID) tag is used to detect the presence and identification of devices or equipment in a rack. Each device in the rack has an associated RFID tag that contains device information. The system which is implemented in the rack receives the information from the RFID tag on each device in the rack and provides the information to a central location, such as a central computer, where that information can be acted on, stored, processed, analyzed, and/or accessed by a system administrator or user, for example. The system that is implemented in the rack may continue to monitor the presence of the devices in the rack for security purposes.

Abstract: An RFID tag is used to determine the presence or absence of a user. Rules or instructions responsive to this presence or absence are implemented to control a device or multiple devices accordingly. In this manner, a device can be maintained in a normal operating mode if a user is present, even though a user is not actively interacting with the device. Moreover, the device can be shut down or locked or be on restricted access if an authorized user is no longer in the presence of the device.

Abstract: A radio frequency identification (RFID) tag is used to detect the presence and identification of devices or equipment in a rack. Each device in the rack has an associated RFID tag that contains device information. The system which is implemented in the rack receives the information from the RFID tag on each device in the rack and provides the information to a central location, such as a central computer, where that information can be acted on, stored, processed, analyzed, and/or accessed by a system administrator or user, for example. The system that is implemented in the rack may continue to monitor the presence of the devices in the rack for security purposes.

Abstract: An RFID tag is used to determine the presence or absence of a user. Rules or instructions responsive to this presence or absence are implemented to control a device or multiple devices accordingly. In this manner, a device can be maintained in a normal operating mode if a user is present, even though a user is not actively interacting with the device. Moreover, the device can be shut down or locked or be on restricted access if an authorized user is no longer in the presence of the device.

Abstract: Cooperatively scheduling hardware resources by providing information on shared resources within processor packages to the operating system. Logical processors may be included in packages in which some or all processor execution resources are shared among logical processors. In order to better schedule thread execution, information regarding which logical processors are sharing processor execution resources and information regarding which system resources are shared among processor packages is provided to the operating system. Extensions to the SRAT (static resource affinity table) can be used to provide this information.