Patent application number | Description | Published |
20080222407 | Monitoring Bootable Busses - A security circuit in a computer monitors data busses that support memory capable of booting the computer during the computer reset/boot cycle. When activity oil one of the data busses indicates the computer is booting from a non-authorized memory location, the security circuit disrupts the computer, for example, by causing a reset. Execution from the non-authorized memory location may occur when an initial jump address at a known location, such as the top of memory, is re-programmed to a memory location having a rogue BIOS program. | 09-11-2008 |
20080222663 | Policy-Based Direct Memory Access Control - A computer that operates in a metered mode for normal use and a restricted mode uses an input/output memory management unit (I/O MMU) in conjunction with a security policy to determine which peripheral devices are allowed direct memory access during the restricted mode of operation. During restricted mode operation, non-authorized peripheral devices are removed from virtual address page tables or given vectors to non-functioning memory areas. | 09-11-2008 |
20080246774 | Implementing Limited Function Mode in a Display Device - A display device for use with a computer adapted for operation in an unrestricted use mode and a limited function mode and a method for enforcing a limited function mode display is disclosed. The display device enters a limited function mode when a condition of non-compliance with an operating policy is discovered by the computer. Additionally, the display device may also enter a limited function mode upon powering up or when connections to the computer and/or selected components of the display are disabled or disconnected. When in the limited function mode, the display may support a limited function interface for use in correcting the condition of non-compliance. | 10-09-2008 |
20080250129 | System and Method for Binding a Subscription-Based Computing System to an Internet Service Provider - A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer. | 10-09-2008 |
20080250237 | Operating System Independent Architecture for Subscription Computing - A system for managing a subscription-based computer independent of an operating system of the computer may include a security module that accesses, decrements, and stores subscription data during operation of the subscription-based computer. Additionally, the system may include a network module in communication with the security module and comprising a network stack, a web server, and a user interface in an operating system independent format. A web browser of the computer may request the user interface from the network stack. The interface may be populated with the subscription data, and a network driver may retrieve the populated user interface from the network module. The populated interface may then be sent to the web server to be served back to the requesting web browser. | 10-09-2008 |
20080250250 | Method and Apparatus for Using USB Flash Devices and Other Portable Storage as a Means to Access Prepaid Computing - A form of removable memory, such as a universal serial bus (USB) flash device (UFD), may allow secure storage of and access to a time balance of a pay-per-use or subscription computing system. A computing device may establish a secure connection to a portable secure computing device to access a stored time balance or other device-enabling, exhaustible data. During operation, the device may deplete the balance. Upon reaching a threshold depletion of the balance, the user may add more data to continue device use. The device may include a processor and a secure memory including identification and subscription data. Further, the device may store configuration data that may be used by the computer to bind the device to a particular subscription service or internet service provider. | 10-09-2008 |
20080250406 | Virtual Machine Support for Metered Computer Usage - A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring | 10-09-2008 |
20080250476 | Method and Apparatus to Enable a Securely Provisioned Computing Environment - A form of removable memory, such as a universal serial bus (USB) flash device, may enable a subscription-based computing system from any PC. The device may include an execution unit including a processor, a private memory including an encrypted application, a computing system interface, a cryptographic unit including a secure storage with a number of metering units, and a computer-readable medium. The computer-readable medium may include instructions for routing messages and data from the execution unit through the computing system interface to a connected computing system. Further, encrypted application data may be routed through the cryptographic unit to the execution unit to thereby transform the encrypted application into executable data for use by the computing system. Also, the device may decrement a number of metering units stored at the device during execution of the encrypted application by the computer. | 10-09-2008 |
20080282017 | Serial Peripheral Interface Switch - An SPI switch allows selection of a BIOS memory transparent to a Southbridge chipset component. The SPI switch provides address translation to a selected BIOS memory area under the control of a security module processor. The SPI switch also provides command filtering to prevent commands that represent a security risk such as bulk erase commands. Because the SPI switch allows transparent redirection between BIOS programs, booting in different operating modes may be supported without any changes to the basic computer architecture or major chipset components. | 11-13-2008 |
20080319925 | Computer Hardware Metering - A computer or other electronic device may be used in one of several selectable modes of operation. Computer resources, such as a processor, memory, or a graphics controller, are individually settable for operation at different levels of performance. A mode of operation or performance level is determined by the combination of individual settings for the various resources. Pay-per-use operation is charged at a rate determined by the mode of operation or performance level. Operation in a gaming mode may be charged at a higher rate than operation in web-browsing mode. A metering agent may be associated with each scalable use resource to securely set the performance level and to securely report on metered operation of the resource. | 12-25-2008 |
20080320312 | Hardware-Based Computer Theft Deterrence - A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor. | 12-25-2008 |
20090112521 | Secure digital forensics - A security module is used to perform an audit of both a computer memory and the computer's processor status. The security module may assert itself as a bus master to read the computer memory without dependence on a program running on the computer. In addition, using a separate hardware path, the security module may access processor register data using a debug port. The security module may collect both memory and processor status information without the use of any of the computer resources being measured, avoiding either alteration of the data by the measurement tool or tampering with the data while being collected. | 04-30-2009 |
20090113210 | Program and operation verification - A security module may be used to verify integrity of an executable program and may also be used to verify execution of the executable program on a computer. The security module may directly read a computer memory by asserting bus master control of a system bus. The executable program may be directly verified by calculating a hash or may be indirectly verified by an intermediate program that calculates the hash and passes it to the security module. To verify operation, the executable program may cause an interrupt to be generated when the executable program is in a known state. An interrupt service routine may trigger the security module to read registers in the computer processor via a debug port. If either the verification of the executable program fails or the register values are inconsistent with operation of the executable program, the security module may interrupt operation of the computer. | 04-30-2009 |
20090256815 | ACTIVE MATRIX TOUCH SENSING - An active matrix for a capacitive multiple touch sensing device is disclosed. One embodiment comprises one or more active matrix capacitive touch sensing pixels that each include a capacitor and a thin film transistor, wherein a voltage can be applied to the thin film transistor to address the capacitor. In this way, the thin film transistor can operate as a switch to apply an alternating current to the capacitor, and the capacitor's capacitance can be measured in relation to the alternating current and an externally applied electric field. | 10-15-2009 |
20100037325 | Enhanced Packaging for PC Security - A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers. | 02-11-2010 |
20100317332 | MOBILE DEVICE WHICH AUTOMATICALLY DETERMINES OPERATING MODE - A mobile device such as a cell phone is used to remotely control an electronic appliance such as a television or personal computer. In a setup phase, the mobile device captures an image of the electronic appliance and identifies and stores scale-invariant features of the image. A user interface configuration such as a virtual keypad configuration, and a communication protocol, can be associated with the stored data. Subsequently, in an implementation phase, another image of the electronic appliance is captured and compared to the stored features in a library to identify a match. In response, the associated user interface configuration and communication protocol are implemented to control the electronic appliance. In a polling and reply process, the mobile device captures a picture of a display of the electronic device and compares it to image data which is transmitted by the electronic appliance. | 12-16-2010 |
20100317371 | CONTEXT-BASED INTERACTION MODEL FOR MOBILE DEVICES - A context-aware mobile device such as a cell phone automatically determines appropriate user interface (UI) settings to implement at different times and/or locations. A behavior of the mobile device is tracked by determining locations visited and UI settings which are manually configured by the user. Patterns in the movement and UI settings relative to one another and to time are detected. When a particular location or time is subsequently reached which corresponds to the pattern, an appropriate UI setting can be implemented, thereby relieving the user of this task. Locations can be detected by electromagnetic signals at different locations, such as from a Wi-Fi network, Bluetooth network, RF or infrared beacon, or a wireless point-of-sale terminal. An identifier from the signals such as an SSID can be stored. Labels for locations can be automatically assigned, or the user can be prompted to provide a label for commonly visited locations. | 12-16-2010 |
20100325559 | SMART NOTEBOOK - Techniques are disclosed herein for allowing sharing of notes and ideas between electronic devices. The presence of a number of electronic devices is determined. A determination is made that the electronic devices are to be part of a shared workspace. A shared workspace is generated for the electronic devices. The shared workspace is displayed on a display screen of at least one of the electronic devices. The shared workspace that is displayed may be based on the capabilities of the electronic device. The shared workspace that is displayed may reflect the location of the electronic devices. | 12-23-2010 |
20110267182 | ACTIVE VIBRATIONS - Active vibration techniques are described. In implementations, a selection of a type of writing surface or a type of writing implement is received, the selection made through interaction with a user interface. The selected type of writing surface or type of writing implement is simulated using vibrations of a stylus or surface of a computing device that is configured to receive one or more inputs from the stylus. | 11-03-2011 |
20110271335 | SYSTEM AND METHOD FOR BINDING A SUBSCRIPTION-BASED COMPUTING SYSTEM TO AN INTERNET SERVICE - A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer. | 11-03-2011 |
20130147748 | Active Vibrations - Active vibration techniques are described. In implementations, a selection of a type of writing surface or a type of writing implement is received, the selection made through interaction with a user interface. The selected type of writing surface or type of writing implement is simulated using vibrations of a stylus or surface of a computing device that is configured to receive one or more inputs from the stylus. | 06-13-2013 |
20130249895 | LIGHT GUIDE DISPLAY AND FIELD OF VIEW - Light guide display and field of view techniques are described. In one or more implementations, an apparatus includes one or more modules implemented at least partially in hardware to configure a user interface and a display device communicatively coupled to the one or more modules to output the user interface to be viewable by a user within a range of distances from the display device such that closer distances within the range permit the user to have an increased field of view in comparison with distances within the range that are further away from the user. | 09-26-2013 |
20130257848 | Augmented Reality Light Guide Display - Augmented reality light guide display techniques are described. In one or more implementations, an apparatus includes a housing configured in a hand-held form factor, one or more sensors configured to detect a position and orientation of the housing in three dimensions in a physical environment of the housing, a light guide that is at least partially transparent and supported by the housing, a light engine that is optically coupled to the light guide, and one or more modules disposed within the housing and implemented at least partially in hardware. The one or more modules are configured to calculate a position and orientation of an augmentation and cause the light engine to output the augmentation for display using the light guide such that the augmentation is viewable concurrently with at least a portion of the physical environment through the light guide. | 10-03-2013 |
20130258701 | Mobile Device Light Guide Display - Light guide techniques are described. In one or more implementations, an apparatus includes a housing, a light guide supported by the housing, a light engine disposed within the housing and optically coupled to the light guide, and one or more modules disposed within the housing and implemented at least partially in hardware. The one or more modules are configured to cause the light engine to output a user interface for display using the light guide along an image plane focused at infinity. | 10-03-2013 |
20130267309 | AUGMENTED REALITY AND PHYSICAL GAMES - Augmented reality and physical game techniques are described. In one or more implementations, an indication is received by a computing device of a location of a physical gaming piece of a game. An augmentation is computed based on the indication by the computing device to be displayed as part of the game. The augmentation is displayed by the computing device on a display device that is at least partially transparent such that a physical portion of the game is viewable through the display device concurrently with the augmentation. | 10-10-2013 |