Suche Bilder Maps Play YouTube News Gmail Drive Mehr »
Anmelden
Nutzer von Screenreadern: Klicke auf diesen Link, um die Bedienungshilfen zu aktivieren. Dieser Modus bietet die gleichen Grundfunktionen, funktioniert aber besser mit deinem Reader.

Patentsuche

  1. Erweiterte Patentsuche
VeröffentlichungsnummerUS20020004905 A1
PublikationstypAnmeldung
AnmeldenummerUS 09/118,147
Veröffentlichungsdatum10. Jan. 2002
Eingetragen17. Juli 1998
Prioritätsdatum17. Juli 1998
Auch veröffentlicht unterUS6401208
Veröffentlichungsnummer09118147, 118147, US 2002/0004905 A1, US 2002/004905 A1, US 20020004905 A1, US 20020004905A1, US 2002004905 A1, US 2002004905A1, US-A1-20020004905, US-A1-2002004905, US2002/0004905A1, US2002/004905A1, US20020004905 A1, US20020004905A1, US2002004905 A1, US2002004905A1
ErfinderDerek L Davis, Pranav Mehta
Ursprünglich BevollmächtigterDerek L Davis, Pranav Mehta
Zitat exportierenBiBTeX, EndNote, RefMan
Externe Links: USPTO, USPTO-Zuordnung, Espacenet
Method for bios authentication prior to bios execution
US 20020004905 A1
Zusammenfassung
A cryptographic device is implemented in communication with a host processor to prevent the host processor from performing a standard boot-up procedure until a basic input output system (BIOS) code is authenticated. This is accomplished by a cryptographic device which is addressed by the host processor during execution of a first instruction following a power-up reset. The cryptographic device includes a first integrated circuit (IC) device and a second IC device. The first IC device includes a memory to contain firmware and a root certification key. The second IC device includes logic circuitry to execute a software code to authenticate the BIOS code before permitting execution of the BIOS code by the host processor.
Bilder(6)
Previous page
Next page
Ansprüche(22)
What is claimed is:
1. A system comprising:
a processor; and
a cryptographic device in communication with the processor, the cryptographic device to authenticate a software code, loaded into the cryptographic device during a boot procedure, before permitting the processor to execute the software code.
2. The system of claim 1, wherein the software code includes a basic input output system (BIOS) code.
3. The system of claim 2, wherein the cryptographic device includes
a first integrated circuit device including a memory to contain firmware and a public key of a certification authority; and
a second integrated circuit device including logic circuitry to execute the firmware to authenticate the BIOS code loaded therein.
4. The system of claim 3, wherein the first integrated circuit device and the second integrated circuit device are packaged in a multi-chip package.
5. The system of claim 1, wherein the processor and the cryptographic device are mounted on a processor substrate including an inline connector.
6. The system of claim 1, wherein the cryptographic device is connected to the processor through a dedicated bus.
7. The system of claim 2 further comprising a storage device in communication with the processor, the storage device including the BIOS code.
8. The system of claim 7, wherein the storage device further including a BIOS certificate and a BIOS signature.
9. The system of claim 8, wherein the processor including an opcode fetch emulation bit defaulting to a set state during a power-on reset condition, the opcode fetch emulation bit in the set state causing the processor to disguise a data fetch to the storage device as an instruction fetch.
10. The system of claim 9 further comprising a chipset coupled between the processor and the storage device.
11. The system of claim 10, wherein the opcode fetch emulation bit in the set state deactivates a data/control line routed between the chipset and the processor.
12. The system of claim 8, wherein during a power-on reset condition, the processor initiates an instruction fetch to a predetermined address in the internal memory of the cryptographic device.
13. The system of claim 12, wherein the cryptographic device responding to the instruction fetch by returning an instruction to the processor, the instruction preventing access to contents of the cryptographic device until the cryptographic device has been initialized.
14. The system of claim 12, wherein the cryptographic device responding to the instruction fetch by returning an instruction to the processor, the instruction prompting the processor to initiate a data read cycle to the storage device.
15. The system of claim 14, wherein the storage device provides the BIOS code to the processor for transfer to the cryptographic device in response to the data read cycle.
16. The system of claim 15, wherein the cryptographic device generates and transmits a soft reset signal to the processor after the BIOS code has been authenticated through use of the BIOS certificate and the BIOS signature.
17. A system comprising:
processor means for execution of a plurality of macro-instructions fetched from a basic input output system (BIOS) code; and
cryptographic means for authenticating the BIOS code before execution by the processor means, the cryptographic means including
first integrated circuit means for storing information used for authentication of the BIOS code, the information including firmware and a root certification key, and
second integrated circuit means for executing the firmware to postpone the processor means from performing a boot procedure and to perform a self-initialization procedure and a self-verification procedure to authenticate the BIOS code.
18. A cryptographic device comprising:
a first integrated circuit device including a memory to contain firmware and a root certification key; and
a second integrated circuit device including logic circuitry to execute the firmware to authenticate BIOS code loaded into the first integrated circuit device before permitting execution of the BIOS code during a standard boot procedure.
19. The cryptographic device of claim 18, wherein the first integrated circuit device and the second integrated circuit device are packaged in a multi-chip package.
20. The cryptographic device of claim 18, wherein the second integrated circuit device responding to an instruction fetch by returning an instruction which prevents access to contents of the cryptographic device until internal initialization of the cryptographic device has completed.
21. The cryptographic device of claim 20, wherein the cryptographic device responding to an instruction fetch by returning an instruction to a processor, the instruction causing the processor to initiate a data read cycle to a remote storage device.
22. A method comprising:
performing an instruction fetch to a predetermined address mapped to an internal memory of a cryptographic device during a power-on reset, the instruction fetch to occur before a boot procedure;
authenticating a basic input output system (BIOS) code during the power-on reset before permitting the BIOS code to be executed; and
generating a soft reset by the cryptographic device to enable the boot procedure to proceed.
Beschreibung
    BACKGROUND
  • [0001]
    1. Field
  • [0002]
    The present invention relates to the field of data security. More particularly, this invention relates to a system and method for authenticating software code before execution by the host processor.
  • [0003]
    2. General Background
  • [0004]
    Over the last few years, computers have become products highly valued by consumers. The reason is that computers are highly versatile and enjoy a wide range of applications. Of major concern, however, is that computers, especially mobile computers such as laptops or hand-helds, are vulnerable to theft due to their commercial value and their exposure to insecure environments such as cars, hotel rooms and airport lobbies.
  • [0005]
    Currently, there exist a number of security mechanisms that are marginally effective. However, these mechanisms are still vulnerable to component or device replacement since no protected environment for execution of code and for manipulation of data is provided. For example, one type of conventional security mechanism involves the use of password software, which is normally executed after a host processor of the computer has been powered-up and has already fetched macro-instructions from Basic Input/Output System (BIOS) code residing in a Read Only Memory (ROM) device. The ROM device is physically separate from the host processor.
  • [0006]
    More specifically, during a normal power-on reset, a host processor of a conventional computer automatically jumps to a predetermined hardwired address. This address is a predetermined reset vector which is mapped to a ROM device containing the BIOS code. As a result, the host processor performs instruction fetches of BIOS code which usually prompts the computer to perform the following operations: (i) initialize its electronic hardware; (ii) initialize its peripheral devices; and (iii) boot its Operating System.
  • [0007]
    Unfortunately, the password-based security mechanism and other current security mechanisms can be easily circumvented. One way would be to replace the ROM device containing BIOS code with another memory device having a new, different BIOS code.
  • [0008]
    Additionally, due to the growing usage of networking solutions such as the Internet, computers are becoming more susceptible to invasive software virus attacks. Software viruses may be obtained during transactions over the Internet such as, for example, downloading data from either a website or an electronic bulletin board. For example, the software virus may include a program, infiltrating the BIOS code and executing in the background, that sends contents of hard disk drive over the Internet. Likewise, some of the software viruses are intended to damage the BIOS code which renders the computer inoperable.
  • [0009]
    These above-described scenarios further demonstrate the necessity in providing a protected environment for execution of code and for manipulation of data within a computer.
  • SUMMARY OF THE INVENTION
  • [0010]
    The present invention relates to processor in communication with a cryptographic device. The cryptographic device authenticates software code, loaded into the cryptographic device during a boot procedure, before permitting the host processor to execute the software code.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • [0011]
    The features and advantages of the present invention will become apparent from the following detailed description of the present invention in which:
  • [0012]
    [0012]FIG. 1 is an illustrative embodiment of the electronic system practicing the present invention.
  • [0013]
    [0013]FIG. 2 is a more-detailed illustrative embodiment of the electronic system of FIG. 1.
  • [0014]
    [0014]FIG. 3 is an illustrative embodiment of the processing unit of FIG. 2.
  • [0015]
    [0015]FIG. 4 is a more-detailed embodiment of the processing unit of FIG. 3.
  • [0016]
    [0016]FIG. 5 is an illustrative block diagram of an embodiment of the cryptographic device placed by the processing unit of FIG. 4.
  • [0017]
    [0017]FIGS. 6A and 6B are an illustrative embodiment of cryptographic operations, performed by the cryptographic device, host processor and nonvolatile memory containing the BIOS code, in authenticating the BIOS code before its execution during the boot procedure.
  • DESCRIPTION OF AN EMBODIMENT OF THE INVENTION
  • [0018]
    The present invention relates to an electronic system and method for authenticating software code before execution by the host processor. Herein, certain examples of hardware and methods of operation are described in an illustrative sense, and should not be construed in a restrictive sense.
  • [0019]
    To clarify various qualities of the present invention, certain terminology set forth below is used to describe hardware or cryptographic-related terms. In particular, an “electronic system” is defined as any hardware with processing and internal data storage capability. Examples of electronic systems include computers (e.g., laptops, desktops, hand-held, servers, etc.), imaging equipment (e.g., printers, facsimile machines, scanners, etc.), wireless communication equipment (e.g., cellular phones, pagers, etc.), automated teller machines and the like. “Information” is defined as one or more bits of data, address, control or any combination thereof. A “bus” is any medium used to transfer information.
  • [0020]
    With respect to cryptography related terminology, a “key” is commonly defined as an encoding and/or decoding parameter. Normally, this parameter is a sequence of binary data such as (i) one or more public/private key pairs used by any public key cryptographic function (e.g., Rivest, Shamir and Adleman “RSA” related functions, Digital Signature Standard, Elliptic Curve, etc.) or (ii) a secret key shared in confidence between the two electronic systems executing any type of secret key cryptographic function (e.g., Data Encryption Standard). A “digital signature” includes digital information encrypted with a private key of its signatory to ensure that the digital information has not been illicitly modified after being digitally signed. This digital information may be provided in its entirety or as a digest produced by a one-way hash function. The “one-way hash function” includes a function, mathematical or otherwise, that converts information of a variable-length into information of a fixed-length (referred to as a “digest”). The term “one-way” indicates that there does not readily exist an inverse function to recover any discernible portion of the original information from the fixed-length digest. A “digital certificate” includes digital information used to authenticate a sender of information. For example, a digital certificate may include a public key of a person or entity being certified which is encrypted with the private key of a certification authority. Examples of a “certification authority” include an original equipment manufacturer (OEM), a software vendor, a trade association, a governmental entity, a bank or any other trusted entity.
  • [0021]
    Referring to FIG. 1, an illustrative embodiment of an electronic system 100 employing the present invention is shown. Electronic system 100 comprises a processing unit 110 and a system memory 120 coupled together by a chipset 130. System memory 120 includes a volatile memory such as any type of random access memory. Chipset 130 operates as an interface between a plurality of buses, namely a host bus 140, a memory bus 150 and a bus 160.
  • [0022]
    Referring still to FIG. 1, bus 160 provides a communication path between (i) chipset 130 and (ii) one or more peripheral devices 170 m (“m” being a positive whole number). Bus 160 may be a multiplexed bus such as a Peripheral Component Interconnect (PCI) bus, an Industry Standard Architecture (ISA) bus or any other type of bus architecture. It is contemplated that bus 160 includes a single bus (e.g., a PCI bus) as shown, or alternatively, multiple buses coupled together through bridge circuitry. In the later illustrative example, each peripheral device 170 m would be coupled to at least one of the multiple buses.
  • [0023]
    As shown for illustrative purposes, the peripheral devices 170 m comprise a storage device 170 1, a mass storage device 170 2 (e.g., a hard disk drive, a CD ROM player, CD recordable player, digital tape drive, a floppy disk drive, a digital video disk “DVD” player, etc.) and/or a transceiver device 170 3 (e.g., a network interface circuit card, a modem card, etc.). Storage device 170 1 contains actual Basic Input/Output System (BIOS) code 180 for execution by processing unit 110 as well as a digital (BIOS) certificate 181 and a digital (BIOS) signature 182. BIOS signature 182 includes a digest of BIOS code 180 signed by a private key of the BIOS vendor for example. This digest is the resultant data after running the BIOS code through a one-way hash function. BIOS certificate 181 includes a public key of the BIOS vendor signed by a private key of the certification authority.
  • [0024]
    Referring now to FIG. 2, one embodiment of processing unit 110 placed with electronic system 100 is shown. Processing unit 110 is connected to a connector 200 mounted on a system substrate 210 which is outlined by dashed lines. Controlling the overall functionality of electronic system 100, system substrate 210 typically is formed with any type of material or combination of materials upon which integrated circuit devices can be attached. Connector 200 enables communications between logic placed on system substrate 210 and processing unit 110. Any style for connector 200 may be used, provided a complementary connection is used by processing unit 110. Examples of connector 200 include, for example, a standard female edge connector (shown), a pin field connector or a socket attached to system substrate 210.
  • [0025]
    Referring now to FIG. 3, one illustrative embodiment of processing unit 110 features a processor substrate 300 formed from any type of material upon which integrated circuitry (not shown) can be attached through well-known techniques (e.g., solder connections, etc.). Processor substrate 300 is substantially covered by a package 310 in order to protect its integrated circuitry from damage or harmful contaminants. In this embodiment, processor substrate 300 includes a connector 320, which is adapted to establish a mechanical and an electrical connection with connector 200 of FIG. 2. Connector 320 includes a standard male edge connector.
  • [0026]
    Referring to FIG. 4, an illustrative embodiment of processor substrate 300 are shown. The integrated circuitry of processor substrate 300 includes a host processor 400 and a cryptographic device 410. To enable communications with host processor 400, in this embodiment, cryptographic device 410 is connected to host processor 400 through a dedicated processor bus 420. Herein, cryptographic device 410 is arranged to function as a co-processor. It is contemplated, however, that cryptographic device 410 may be connected to host bus 140 or bus 160 of FIG. 1 in lieu of dedicated processor bus 420, in which case, cryptographic device 410 would not be placed in processing unit 110. Instead, it may be mounted on system substrate 210 as an independent device or on a daughter card (not shown).
  • [0027]
    Of course, there exist many other embodiments which, although slightly different in design, do not deviate from the spirit and scope of the invention. For example, processing unit 110 may simply include a microprocessor which is mounted onto system substrate 210 along with chipset 130 and cryptographic device 410 of FIG. 4.
  • [0028]
    As further shown in FIG. 5, one embodiment of cryptographic device 410 comprises a first integrated circuit (IC) device 500 and a second IC device 520 connected by an internal bus 540. In one embodiment, the IC devices 500 and 520 are implemented within a single multi-chip package. Alternatively, IC devices 500 and 520 may be implemented as separate packaged IC devices.
  • [0029]
    Herein, second IC device 520 includes internal memory 525 and a small amount of support logic 535. Support logic 535 includes interface circuitry to handle information received from and routed to first IC device 500. Optionally, support logic 535 can include a cryptographic engine which is used by cryptographic device 410 to assist in performing various cryptographic operations in accordance with either symmetric key cryptography or asymmetric key cryptography. The cryptographic engine would operate as either a symmetric (e.g., DES-based) encryption/decryption unit or an asymmetric (e.g., RSA-based) encryption/decryption unit.
  • [0030]
    As shown, in this embodiment, internal memory 525 includes nonvolatile (NV) memory such as, for example, read only memory (ROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM) or flash memory. Internal memory 525 contains firmware 526 which is a small computer program executed by first IC device 500 for initialization and authentication purposes in order to ensure that the firmware in storage element 1701 of FIG. 1 has not been tampered with or corrupted. Internal memory 525 further contains a public key 527 of a certification authority of the cryptographic device 410 of FIG. 4 (hereinafter referred to as a “root certification key”). It is contemplated that root certification key 527 may be a public key of an OEM of the cryptographic device or a key assigned to another type of entity (e.g., trade association, governmental entity, bank, etc.) if that entity digitally signed BIOS certificate 181 of FIG. 1. The root certification key 527 is needed for certificate verification purposes.
  • [0031]
    Referring still to FIG. 5, first IC device 500 is logic circuitry 510 including a small amount of non-volatile memory 515. Logic circuitry 510 includes a processor 511, an optional random number generator 512 (as denoted by dashed lines) and a bus control unit 513. If implemented, random number generator 512 would generate the initial values used to produce key(s) contained within cryptographic device 410. The bus control unit 513 provides an interface to control the transfer of information between cryptographic device 410 and host processor 400 of FIG. 4 through dedicated processor bus 420.
  • [0032]
    Referring now to FIGS. 6A and 6B, a flowchart is provided which illustrates the operations of an embodiment of the electronic system used for verification of BIOS code to determine whether the BIOS code has been illicitly modified. If so, execution by the host processor is prevented.
  • [0033]
    As shown in blocks 605 and 610, firmware and the root certification key are initially pre-programmed into internal memory of the cryptographic device (FIG. 5) during manufacture. The firmware continues execution, including responses to instruction fetches by the host processor, after a power-on system reset in order to retrieve contents from a storage element (e.g., BIOS code) for authentication purposes.
  • [0034]
    In response to a power-on system reset (block 615), both the host processor and the cryptographic device begin their respective internal initialization (block 620). Each hardware device begins execution of internally stored microcode. After completion of its internal initialization, the host processor initiates an instruction fetch to a predetermined address that is mapped to the address range of internal memory of the cryptographic device (block 625). If the cryptographic device has not completed its internal initialization, the instruction fetch by the host processor is delayed by the cryptographic device until its internal initialization has completed (blocks 630 and 635). A technique for delaying access by the host processor includes transmission of a JUMP-to-SELF instruction back to the host processor, or insertion of wait states as shown.
  • [0035]
    Upon completing a successful internal initialization, the cryptographic device responds to the instruction fetch with a first instruction, typically a MOV instruction, from the predetermined memory location in its internal memory 525 (block 640). The MOV instruction includes, as an operand, an address falling in an address range of a legacy platform BIOS device (storage device 170 1 of FIG. 1). Upon receiving the MOV instruction, the host processor initiates a data read cycle on a front side bus with the memory address of the BIOS device provided with the MOV instruction from the cryptographic device (block 645).
  • [0036]
    In order to maintain compatibility with legacy memory controller hub and I/O controller hub devices, this data cycle is configured to appear as an instruction fetch cycle. This is accomplished by placing the host processor into a CHECK mode by setting an opcode fetch emulation bit. Herein, the architecture of the host processor includes the opcode fetch emulation bit that defaults to a “SET” state after a power-on reset. Upon detecting that the opcode fetch emulation bit is set, the host processor deasserts a data/control (D/C#) control line so that the data fetch appears to the chipset as an instruction fetch.
  • [0037]
    In block 650, the bytes read from the BIOS device are then transferred to the cryptographic device. The acts performed in blocks 640-650 are part of an iterative process which continues until the BIOS code, BIOS certificate and BIOS signature are retrieved from the BIOS device (block 655) under control of further instructions provided to the host processor by the cryptographic device. As a result, during this iterative process, the host processor temporarily operates effectively as a Direct Memory Access (DMA) device between the BIOS device and the cryptographic device.
  • [0038]
    Concurrent or subsequent to this data transfer, within the cryptographic device, the BIOS certificate is decrypted using the root certification key (block 660). This operation is performed to retrieve a public key of the signatory of the BIOS signature (e.g., BIOS vendor). Then, the preloaded digest signature is decrypted using the public key of the BIOS vendor, for example, to recover a pre-loaded digest (block 665). After recovering the pre-loaded digest, the BIOS code is read and undergoes the one-way hash function to produce a resultant digest (block 670). The resultant digest is compared to the pre-loaded digest (block 675). If no match occurs, the host processor is precluded from continuing its boot procedure (blocks 680 and 685). However, if there is a match, the BIOS code has been authenticated as valid.
  • [0039]
    As an alternative, it is contemplated that the pre-loaded digest may be a one-way hash of a portion of the BIOS code. Then, only a predetermined portion of the BIOS code needs to be read into the cryptographic device. However, this technique may be less secure than the technique discussed above.
  • [0040]
    Once the BIOS code has been authenticated, the cryptographic device generates a soft reset to the host processor (block 690). In this embodiment, the soft reset may occur through activation of a predetermined signal line. This soft reset causes the opcode fetch emulation bit to be reset, which signals the host processor to begin execution at the standard legacy reset vector to fetch its first instruction from the BIOS device to perform a normal boot procedure. In lieu of using signal line(s), as an alternative, successive software instructions may be used to reset the opcode fetch emulation bit and to jump to a particular address for the legacy reset vector.
  • [0041]
    After the opcode fetch emulation bit has been reset and execution of the legacy reset vector begins, the electronic system continues its normal boot procedure (block 695). An optional user authentication procedure may now be performed because the BIOS code has been authenticated.
  • [0042]
    In summary, the above-described operations require only slight changes in the host processor architecture by inclusion of new initial instruction fetches to a predetermined address in the address range of internal memory within the cryptographic device, an optional implementation of an opcode fetch emulation bit to signal emulation of an instruction fetch when a data fetch is being performed by the host processor, and a soft reset. As a result, this architecture and procedure maintain backward compatibility with conventional electronic systems.
  • [0043]
    While certain exemplary embodiments have been described and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other modifications may occur to those ordinarily skilled in the art.
Referenziert von
Zitiert von PatentEingetragen Veröffentlichungsdatum Antragsteller Titel
US6782349 *3. Mai 200224. Aug. 2004International Business Machines CorporationMethod and system for updating a root of trust measurement function in a personal computer
US72007589. Okt. 20023. Apr. 2007Intel CorporationEncapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem
US7216369 *28. Juni 20028. Mai 2007Intel CorporationTrusted platform apparatus, system, and method
US7309004 *26. Dez. 200318. Dez. 2007Diebold Self-Service Systems, Division Of Diebold, IncorporatedCash dispensing automated banking machine firmware authentication system and method
US746425617. Sept. 20049. Dez. 2008Aristocrat Technologies Australia Pty. LimitedBios protection device preventing execution of a boot program stored in the bios memory until the boot program is authenticated
US7467304 *22. Juni 200616. Dez. 2008Discretix Technologies Ltd.System, device, and method of selectively allowing a host processor to access host-executable code
US7496957 *2. Jan. 200224. Febr. 2009Hewlett-Packard Development Company, L.P.System and method for preventing use of a wireless device
US756555314. Jan. 200521. Juli 2009Microsoft CorporationSystems and methods for controlling access to data on a computer with a secure boot process
US771195213. Sept. 20054. Mai 2010Coretrace CorporationMethod and system for license management
US77257037. Jan. 200525. Mai 2010Microsoft CorporationSystems and methods for securely booting a computer with a trusted processing module
US7818574 *10. Sept. 200419. Okt. 2010International Business Machines CorporationSystem and method for providing dynamically authorized access to functionality present on an integrated circuit chip
US7831869 *15. Nov. 20049. Nov. 2010Hewlett-Packard Development Company, L.P.DDS logical data grouping
US798803917. Dez. 20072. Aug. 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedCard activated cash dispensing automated banking machine firmware authentication system
US801999413. Apr. 200613. Sept. 2011Hewlett-Packard Development Company, L.P.Authentication of a request to alter at least one of a BIOS and a setting associated with the BIOS
US8060732 *13. Apr. 200715. Nov. 2011Stmicroelectronics (Research & Development) LimitedMultiple purpose integrated circuit
US8135960 *9. Okt. 200813. März 2012International Business Machines CorporationMultiprocessor electronic circuit including a plurality of processors and electronic data processing system
US833263529. Mai 200711. Dez. 2012International Business Machines CorporationUpdateable secure kernel extensions
US83326362. Okt. 200711. Dez. 2012International Business Machines CorporationSecure policy differentiation by secure kernel design
US8342395 *29. Juli 20111. Jan. 2013Diebold Self-Service SystemsCard activated cash dispensing automated banking machine
US842267429. Mai 200716. Apr. 2013International Business Machines CorporationApplication-specific secret generation
US843392729. Mai 200730. Apr. 2013International Business Machines CorporationCryptographically-enabled privileged mode execution
US8483847 *3. März 20119. Juli 2013Kabushiki Kaisha ToshibaControl system and control method
US8495759 *28. Juli 200923. Juli 2013Sii Nanotechnology Inc.Probe aligning method for probe microscope and probe microscope operated by the same
US853344219. Sept. 200810. Sept. 2013Aristocrat Technologies Australia Pty Ltd.BIOS protection device
US8924699 *27. Aug. 201330. Dez. 2014Aristocrat Technologies Australia Pty LtdBIOS protection device
US897114418. Jan. 20133. März 2015Quixant PlcHardware write-protection
US905331728. Febr. 20139. Juni 2015Winbond Electronics CorporationNonvolatile memory device having authentication, and methods of operation and manufacture thereof
US9129113 *13. Nov. 20138. Sept. 2015Via Technologies, Inc.Partition-based apparatus and method for securing bios in a trusted computing system during execution
US918339413. Nov. 201310. Nov. 2015Via Technologies, Inc.Secure BIOS tamper protection mechanism
US93489957. Mai 201524. Mai 2016Winbond Electronics CorporationNonvolatile memory device having authentication, and methods of operation and manufacture thereof
US9367689 *13. Nov. 201314. Juni 2016Via Technologies, Inc.Apparatus and method for securing BIOS in a trusted computing system
US9507942 *13. Nov. 201329. Nov. 2016Via Technologies, Inc.Secure BIOS mechanism in a trusted computing system
US954776713. Nov. 201317. Jan. 2017Via Technologies, Inc.Event-based apparatus and method for securing bios in a trusted computing system during execution
US9600291 *7. März 201421. März 2017Altera CorporationSecure boot using a field programmable gate array (FPGA)
US966624118. Jan. 201330. Mai 2017Quixant PlcFirmware protection and validation
US9767288 *31. Okt. 201619. Sept. 2017Via Technologies, Inc.JTAG-based secure BIOS mechanism in a trusted computing system
US9779242 *31. Okt. 20163. Okt. 2017Via Technologies, Inc.Programmable secure bios mechanism in a trusted computing system
US9779243 *31. Okt. 20163. Okt. 2017Via Technologies, Inc.Fuse-enabled secure BIOS mechanism in a trusted computing system
US9798880 *31. Okt. 201624. Okt. 2017Via Technologies, Inc.Fuse-enabled secure bios mechanism with override feature
US980519815. Dez. 201631. Okt. 2017Via Technologies, Inc.Event-based apparatus and method for securing bios in a trusted computing system during execution
US20030126462 *2. Jan. 20023. Juli 2003Tom HowardSystem and method for preventing use of a wireless device
US20030208338 *3. Mai 20026. Nov. 2003International Business Machines CorporationMethod and system for updating a root of trust measurement function in a personal computer
US20040003288 *28. Juni 20021. Jan. 2004Intel CorporationTrusted platform apparatus, system, and method
US20050172206 *15. Nov. 20044. Aug. 2005Andrew HanaDDS logical data grouping
US20060059345 *10. Sept. 200416. März 2006International Business Machines CorporationSystem and method for providing dynamically authorized access to functionality present on an integrated circuit chip
US20060064582 *13. Sept. 200523. März 2006Coretrace CorporationMethod and system for license management
US20060107133 *26. Aug. 200518. Mai 2006Holger CeskuttiTampering-protected microprocessor system and operating procedure for same
US20060155988 *7. Jan. 200513. Juli 2006Microsoft CorporationSystems and methods for securely booting a computer with a trusted processing module
US20060294513 *22. Juni 200628. Dez. 2006Hagai Bar-ElSystem, device, and method of selectively allowing a host processor to access host-executable code
US20070130452 *17. Sept. 20047. Juni 2007Muir Robert LBios protection device
US20070245142 *13. Apr. 200618. Okt. 2007Rios Jennifer EAuthentication of a request to alter at least one of a BIOS and a setting associated with the BIOS
US20070283140 *13. Apr. 20076. Dez. 2007Stmicroelectronics (Research & Development) LimitedMultiple purpose integrated circuit
US20080214309 *22. Jan. 20084. Sept. 2008Cyberview Technology, Inc.Dynamic configuration of a gaming system
US20080298581 *29. Mai 20074. Dez. 2008Masana MuraseApplication-Specific Secret Generation
US20080301440 *29. Mai 20074. Dez. 2008Plouffe Jr Wilfred EUpdateable Secure Kernel Extensions
US20080301469 *29. Mai 20074. Dez. 2008Plouffe Jr Wilfred ECryptographically-enabled Privileged Mode Execution
US20090064316 *29. Okt. 20075. März 2009Wen-Hsin LiaoMethod and Apparatus for Enhancing Information Security in a Computer System
US20090070885 *29. Aug. 200812. März 2009Mstar Semiconductor, Inc.Integrity Protection
US20090089579 *2. Okt. 20072. Apr. 2009Masana MuraseSecure Policy Differentiation by Secure Kernel Design
US20090113212 *9. Okt. 200830. Apr. 2009International Business Machines CorporationMultiprocessor electronic circuit including a plurality of processors and electronic data processing system
US20090182995 *19. Sept. 200816. Juli 2009Aristocrat Technologies Australia Pty LimitedBios protection device
US20090285280 *22. Juni 200619. Nov. 2009Thomas Patrick NewberryMethod and Apparatus for Securing Digital Content
US20100031402 *28. Juli 20094. Febr. 2010Shigeru WakiyamaProbe aligning method for probe microscope and probe microscope operated by the same
US20100318789 *19. März 201016. Dez. 2010Teal Richard SMethod and system for license management
US20110270417 *3. März 20113. Nov. 2011Kabushiki Kaisha ToshibaControl system and control method
US20150134974 *13. Nov. 201314. Mai 2015Via Technologies, Inc.Apparatus and method for securing bios in a trusted computing system
US20150134975 *13. Nov. 201314. Mai 2015Via Technologies, Inc.Secure bios mechanism in a trusted computing system
US20150134977 *13. Nov. 201314. Mai 2015Via Technologies, Inc.Partition-based apparatus and method for securing bios in a trusted computing system during execution
US20170046514 *31. Okt. 201616. Febr. 2017Via Technologies, Inc.Programmable secure bios mechanism in a trusted computing system
US20170046515 *31. Okt. 201616. Febr. 2017Via Technologies, Inc.Jtag-based secure bios mechanism in a trusted computing system
US20170046516 *31. Okt. 201616. Febr. 2017Via Technologies, Inc.Fuse-enabled secure bios mechanism in a trusted computing system
US20170046517 *31. Okt. 201616. Febr. 2017Via Technologies, Inc.Fuse-enabled secure bios mechanism with override feature
CN1606374B9. Okt. 200423. Nov. 2011得州仪器公司Method and device bound flashing/booting for cloning prevention
EP1523203A3 *6. Okt. 20046. Juni 2007Texas Instruments IncorporatedDevice bound flashing/booting for cloning prevention
EP1643405A1 *21. Juli 20055. Apr. 2006Robert Bosch Gmbhtamper-proof microprocessor system and method of operation thereof
EP1679632A2 *19. Dez. 200512. Juli 2006Microsoft CorporationSystems and methods for securely booting a computer with a trusted processing module
EP1679632A3 *19. Dez. 20052. Aug. 2006Microsoft CorporationSystems and methods for securely booting a computer with a trusted processing module
EP1845470A1 *13. Apr. 200617. Okt. 2007STMicroelectronics (Research & Development) LimitedMultiple purpose integrated circuit
EP1975836A3 *28. März 200826. Nov. 2008Intel Corporation (a Delaware Corporation)Server active management technology (AMT) assisted secure boot
EP3125149A1 *19. Dez. 20051. Febr. 2017Microsoft Technology Licensing, LLCSystems and methods for securely booting a computer with a trusted processing module
WO2004034238A2 *7. Okt. 200322. Apr. 2004Intel CorporationEncapsulation of a tcpa trusted platform module functionality within a server management coprocessor subsystem
WO2004034238A3 *7. Okt. 200329. Dez. 2004Intel CorpEncapsulation of a tcpa trusted platform module functionality within a server management coprocessor subsystem
WO2005026951A1 *17. Sept. 200424. März 2005Aristocrat Technologies Australia Pty LtdBios protection device
WO2006137073A2 *22. Juni 200628. Dez. 2006Discretix Technologies Ltd.System, device, and method of selectively allowing a host processor to access host-executable code
WO2006137073A3 *22. Juni 200615. Nov. 2007Hagai Bar-ElSystem, device, and method of selectively allowing a host processor to access host-executable code
WO2009043744A1 *22. Sept. 20089. Apr. 2009International Business Machines CorporationSecure policy differentiation by secure kernel design
WO2016109580A1 *29. Dez. 20157. Juli 2016Data I/O CorporationAutomated manufacturing system with adapter security mechanism and method of manufacture thereof
WO2017058225A1 *30. Sept. 20156. Apr. 2017Hewlett-Packard Development Company, L.P.Runtime verification using external device
Klassifizierungen
US-Klassifikation713/193
Internationale KlassifikationG06F21/00, G06F9/445
UnternehmensklassifikationG06F21/88, G06F21/575, G06F9/4401
Europäische KlassifikationG06F21/57B, G06F21/88, G06F9/44A
Juristische Ereignisse
DatumCodeEreignisBeschreibung
17. Juli 1998ASAssignment
Owner name: INTEL CORPORATION, CALIFORNIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DAVIS, DEREK L.;MEHTA, PRANAV;REEL/FRAME:009349/0597;SIGNING DATES FROM 19980630 TO 19980707
2. Dez. 2005FPAYFee payment
Year of fee payment: 4
25. Nov. 2009FPAYFee payment
Year of fee payment: 8
20. Nov. 2013FPAYFee payment
Year of fee payment: 12