Abstract: A security module may be used to verify integrity of an executable program and may also be used to verify execution of the executable program on a computer. The security module may directly read a computer memory by asserting bus master control of a system bus. The executable program may be directly verified by calculating a hash or may be indirectly verified by an intermediate program that calculates the hash and passes it to the security module. To verify operation, the executable program may cause an interrupt to be generated when the executable program is in a known state. An interrupt service routine may trigger the security module to read registers in the computer processor via a debug port. If either the verification of the executable program fails or the register values are inconsistent with operation of the executable program, the security module may interrupt operation of the computer.

Abstract: An auxiliary computing device normally used for remotely controlling a primary device may change its functionality and extend its usefulness based on a usage context. An auxiliary device may change its usage context by connecting differently to a primary device depending on any number of parameters including distance from the device, battery life, connection method, and proximity to other devices. The device may change its usage context by interfacing with a primary device service that communicates with various applications to feed the auxiliary device different information in different usage contexts. Further, the device may control different functions of the primary device based on the usage context.

Abstract: The described systems, methods and data structures are directed to a portable computing environment. A communication link is established between a portable device and a host device. The portable device is equipped with a processing unit and is configured to execute a process that is accessible by the host device. The host device includes an application configured to interact with the process on the portable device. The process on the portable device provides data to the application on the host device using the communication link. The application uses the data to provide a computing environment.

Abstract: A method and system for configuring a new device are disclosed. The method includes using a host system to create a configuration file including data useable to configure the new device. A portable storage device is interfaced to the host and the configuration file is transferred to the storage device. The storage device is then interfaced to the new device and the configuration file is transferred to the new device. The configuration file is optionally used to configure the new device for communication over a network. A method for configuring the new device using a direct connection between the new device and a system bus of the host is also disclosed.

Abstract: The described systems, methods and data structures are directed to a portable computing environment. A communication link is established between a portable device and a host device. The portable device is equipped with a processing unit and is configured to execute a process that is accessible by the host device. The host device includes an application configured to interact with the process on the portable device. The process on the portable device provides data to the application on the host device using the communication link. The application uses the data to provide a computing environment.

Abstract: A computer or other electronic device may be used in one of several selectable modes of operation. Computer resources, such as a processor, memory, or a graphics controller, are individually settable for operation at different levels of performance. A mode of operation or performance level is determined by the combination of individual settings for the various resources. Pay-per-use operation is charged at a rate determined by the mode of operation or performance level. Operation in a gaming mode may be charged at a higher rate than operation in web-browsing mode. A metering agent may be associated with each scalable use resource to securely set the performance level and to securely report on metered operation of the resource.

Abstract: A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor.

Abstract: A method and apparatus is provided that provides a reliable diskless network-bootable computers using a local non-volatile memory (NVM) cache. The NVM cache is used by the computer when the network is temporarily unavailable or slow. The cache is later synchronized with a remote boot server having remote storage volumes when network conditions improve. It is determined if data is to be stored in the NVM cache or the remote storage volume. Data sent to the remote storage volume is transactionally written and the data is cached in the NVM cache if a network outage is occurring or a transaction complete message has not been received. The data stored in the NVM cache allows the user to continue operating during network outages and the computer can be cold-booted using the data in the NVM cache if the network is unavailable.

Abstract: An SPI switch allows selection of a BIOS memory transparent to a Southbridge chipset component. The SPI switch provides address translation to a selected BIOS memory area under the control of a security module processor. The SPI switch also provides command filtering to prevent commands that represent a security risk such as bulk erase commands. Because the SPI switch allows transparent redirection between BIOS programs, booting in different operating modes may be supported without any changes to the basic computer architecture or major chipset components.

Abstract: Described is a system and method for transporting interference-related control data and other information between nodes in a wireless network, using a control channel that is distinct from a content channel used to transport content. The control channel may be a different channel in the same unlicensed band as the content channel, a channel in a different unlicensed band, or a channel in a licensed band, and thereby not subject to the same interference-related problems that the unlicensed content channel may experience. As a result, management information for adjusting the content channel's communication parameters may still be communicated between the nodes, whereby mitigation actions may occur. For example, the content channel may be changed to another frequency, compression may be implemented or varied, and/or the data transfer rate may be varied. The control data can also be used to change the control channel's communication parameters.

Abstract: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.

Abstract: A system for managing a subscription-based computer independent of an operating system of the computer may include a security module that accesses, decrements, and stores subscription data during operation of the subscription-based computer. Additionally, the system may include a network module in communication with the security module and comprising a network stack, a web server, and a user interface in an operating system independent format. A web browser of the computer may request the user interface from the network stack. The interface may be populated with the subscription data, and a network driver may retrieve the populated user interface from the network module. The populated interface may then be sent to the web server to be served back to the requesting web browser.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A display device for use with a computer adapted for operation in an unrestricted use mode and a limited function mode and a method for enforcing a limited function mode display is disclosed. The display device enters a limited function mode when a condition of non-compliance with an operating policy is discovered by the computer. Additionally, the display device may also enter a limited function mode upon powering up or when connections to the computer and/or selected components of the display are disabled or disconnected. When in the limited function mode, the display may support a limited function interface for use in correcting the condition of non-compliance.

Abstract: A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer.

Abstract: A form of removable memory, such as a universal serial bus (USB) flash device (UFD), may allow secure storage of and access to a time balance of a pay-per-use or subscription computing system. A computing device may establish a secure connection to a portable secure computing device to access a stored time balance or other device-enabling, exhaustible data. During operation, the device may deplete the balance. Upon reaching a threshold depletion of the balance, the user may add more data to continue device use. The device may include a processor and a secure memory including identification and subscription data. Further, the device may store configuration data that may be used by the computer to bind the device to a particular subscription service or internet service provider.

Abstract: A computer that operates in a metered mode for normal use and a restricted mode uses an input/output memory management unit (I/O MMU) in conjunction with a security policy to determine which peripheral devices are allowed direct memory access during the restricted mode of operation. During restricted mode operation, non-authorized peripheral devices are removed from virtual address page tables or given vectors to non-functioning memory areas.

Abstract: A security circuit in a computer monitors data busses that support memory capable of booting the computer during the computer reset/boot cycle. When activity oil one of the data busses indicates the computer is booting from a non-authorized memory location, the security circuit disrupts the computer, for example, by causing a reset. Execution from the non-authorized memory location may occur when an initial jump address at a known location, such as the top of memory, is re-programmed to a memory location having a rogue BIOS program.

Abstract: A system and method for improved activation of a personal computer and/or other processing devices is provided. Power and security states are combined and further reduced to three activation states which may be operated by a single secure device. The system may include any number of activation states for operating the computer using only the single secure device. The secure access device handles both security and power management by authenticating physical access to the computer and the identity of the user. For this purpose, a device containing a biometric reader may be integrated with a smart card and the biometric identification used as an authentication code to secure the smartcard. The secure access device may be inserted into a locking mechanism used by the user to transition between activation states.

Abstract: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.