WO2002095571A1 - Pre-boot authentication system - Google Patents
Pre-boot authentication system Download PDFInfo
- Publication number
- WO2002095571A1 WO2002095571A1 PCT/US2002/015047 US0215047W WO02095571A1 WO 2002095571 A1 WO2002095571 A1 WO 2002095571A1 US 0215047 W US0215047 W US 0215047W WO 02095571 A1 WO02095571 A1 WO 02095571A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- module
- bios
- information
- authentication system
- authentication
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 97
- 238000004891 communication Methods 0.000 claims abstract description 17
- 230000008569 process Effects 0.000 claims description 66
- 230000003044 adaptive effect Effects 0.000 claims description 31
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 12
- 238000003780 insertion Methods 0.000 description 5
- 230000037431 insertion Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000003292 diminished effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000009131 signaling function Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Definitions
- the invention relates to the field of BIOS systems and information card bus architecture in microprocessor-based devices. More particularly, the invention relates to pre-boot enhancement and/or authentication for BIOS applications and systems.
- BIOS basic input output system
- the system BIOS software typically performs a variety of roles in the start-up sequence of a microprocessor-based device and associated hardware, which eventually includes the loading of an operating system for the device.
- the system BIOS manages the start-up of other devices and subsystems, typically comprising power on self-testing for all of the different hardware components in the system, activating secondary BIOS software located on different installed cards, providing low-level routines that a loaded operating system uses to interface to different hardware devices, such as for keyboards, displays, serial and/or parallel ports, and managing other controllable system parameters.
- the system BIOS software When a microprocessor-based device is powered on, the system BIOS software, which is typically located on the system logic board for a computer, is activated. During the initial boot-up sequence, the BIOS checks the CMOS Setup, loads interrupt handlers, and then typically determines the operational status of other devices, such as the status of installed cards. Some installed cards have dedicated on-board BIOS software, which initializes on-board memory and microprocessors. For cards which do not have an on-board BIOS software, there is usually card driver information on another ROM on the motherboard, which the main system BIOS loads to perform the boot-up of the attached card.
- the system BIOS then checks to see if the computer activation is a cold boot or a reboot, which are often differentiated by the value of a memory address. If the activation is a cold boot, the BIOS verifies the random access memory (RAM), by performing a read/write test of each memory address. The BIOS also checks the ports for external input/output devices, such as for a connected keyboard and for a mouse. The system BIOS then looks outwardly, towards peripheral busses, and to other connected devices.
- RAM random access memory
- the system BIOS attempts to initiate the boot sequence from the first device of one or more bootable devices, which are often arranged in a sequential order. If the system BIOS does not find the first of one or more sequential devices, the BIOS then attempts to find the next device in the sequential order.
- the startup process halts. If the system BIOS finds the appropriate files on an appropriate bootable device, the system BIOS continues the boot-up operation, thereby loading activating the operating system for the microprocessor-based device.
- While some of the system parameter settings which the system BIOS uses during the boot-up sequence can be established or modified by a user, such changes are made after the operating system is presented to a user.
- a user can define one or more system parameters, through control panels, or through enabling or disabling system extensions. While such system changes can be defined by a user, the defined changes are not made until the device is restarted, such that the system BIOS can re-boot the device, and reload the operating system, as defined by the user.
- an updating process is required, wherein a user and/or system manager typically installs an updating program.
- the updating program typically erases the entire system BIOS, and installs the updated system BIOS.
- Some microprocessor-based devices such as desktop computers, use smart cards and associated hardware, as a means to authenticate a user with the device.
- the desktop computer typically has an attached Smart Card reader.
- User access to the computer is allowed, if an authorized Smart Card is inserted into the Smart Card reader.
- the desktop computer provides authorized access, the computer is required to be booted, i.e. the BIOS process has been completed and the operating system has been loaded, at the time the user is prompted to enter a Smart Card.
- Aero 8000 personal digital assistant by Compaq Computer, Inc.
- an authentication system is provided which does not provide a universal interface with BIOS security authentication.
- the Aero 8000 PDA system is a "closed- box" embedded system, which includes non-standard firmware code to access a non- PC/SC smart card for BIOS security authentication.
- microprocessor-based devices such as portable cell phones
- use smart cards and associated hardware as a means to authenticate a user with the device.
- Many portable cell phones include a small smart card, which is located internally to the phone, that associates the phone with the host company, as well as with the contracted user.
- Alternate portable cell phones such as a V. SeriesTM V3682 phone, by Motorola, Inc., provide external access for a removable smart SIM card which is associated with a contracted user, such that a portable cell phone may be used for more than one user or account, and such that a user may use other similarly equipped portable cell phones for communications which are associated with the inserted smart card. While such portable cell phones associate smart cards with users and host companies, the operating BIOS processes for such devices phones are unaffected by the smart cards.
- Password protection software has also been used to provide security for desktop and portable computing devices.
- FolderBolt-ProTM by Kent'Marsh Ltd., of Houston, TX, provides software based security and encryption for files, applications, and/or folders, whereby the user can select varying levels of protection, such as with passwords, before access to the protected file or folder is given.
- security software provides some level of protection to a device, such security software operates within a loaded operating system, i.e. the protection software does not authorize or prevent the system BIOS boot up process from being performed.
- the disclosed prior art systems and methodologies thus provide basic authentication systems, such as through the use of a smart card, or other memory media storage device, e.g. such as a Memory StickTM, by Sony Electric Company, Inc., to identify a user, once a device has been booted-up.
- a smart card or other memory media storage device, e.g. such as a Memory StickTM, by Sony Electric Company, Inc.
- the system BIOS for such devices is unaffected, such that the operating system is already loaded, at the time the user is prompted to provide authentication.
- BIOS-based authentication security enhancement structure and process whereby the BIOS process is diverted by the security authentication system, such that the system BIOS process is inherently enhanced or halted, based upon the results of the pre-boot system. It would also be advantageous that such a BIOS-based information system be integrated with information contained within removable modules or cards.
- BIOS-based enhancement system would constitute a major technological advance.
- BIOS-based system for authentication would constitute a further technological advance.
- BIOS security authentication system Before the end of a BIOS start-up procedure, the BIOS operation is diverted to a BIOS security authentication system.
- the BIOS security authentication system establishes communication with an information module, if the information module is present.
- the information module is typically a removable or installable card, which may be unique to one or more users.
- the BIOS security authentication system controllably allows or prevents the completion of the BIOS boot- up procedure.
- the BIOS security authentication system is used as a pre-boot authentication system, to prevent a microprocessor based device from booting up unless a valid, authorized information module is present.
- an adaptive BIOS security authentication system interface is provided, to allow an information exchange with a variety of information modules, having one or more information formats.
- information from the information exchange may be transferred to the main system BIOS (such as to provide system functions to the BIOS, or to provide identity information of the user, based upon the information module.
- Figure 1 is a functional block diagram of a pre-boot authentication system integrated with a device having a system BIOS;
- FIG. 2 is a schematic diagram of computer system having an integrated BIOS security authentication enhancement system
- Figure 3 shows a simplified flow structure of a pre-boot authentication system
- Figure 4 shows a simplified timeline for the flow structure of an integrated BIOS security authentication enhancement system
- Figure 5 is a flow chart of one embodiment of the pre-boot authentication system
- Figure 6 shows exemplary coding for one embodiment of the pre-boot authentication system
- Figure 7 shows exemplary coding for card bus controller initialization
- Figure 8 shows coding for card resource reader controller initialization
- Figure 9 shows coding for card resource insertion detection
- Figure 10 shows coding for card resource power on and ATR retrieval
- Figure 11 shows coding for card resource data exchange
- Figure 12 shows coding for card resource power off
- Figure 13 shows coding for card resource release
- Figure 14 shows a first portion of a pre-boot authentication BIOS system call specification
- Figure 15 shows a second portion of a pre-boot authentication BIOS system call specification
- Figure 16 is a diagram of a portable computer system having an integrated pre-boot BIOS security authentication system
- Figure 17 is a diagram of portable personal digital assistant having an integrated pre- boot BIOS security authentication system
- Figure 18 is a schematic diagram of a portable phone having an integrated pre-boot BIOS security authentication system.
- Figure 19 is a schematic diagram of a preferred embodiment of the pre-boot authentication system, in which the pre-boot interface establishes communication with information modules having one or more formats.
- FIG. 1 is a functional block diagram of a pre-boot authentication system 10 which is integrated with a microprocessor-based device 34 (FIG. 2, FIG. 7, FIG. 15, FIG. 16, FIG. 17) having a basic input output system (BIOS) 12.
- BIOS 12 for the device further comprises a BIOS security authentication enhancement 14, whereby the system BIOS process 12 is diverted to a security authentication module 16 before the end (58)(FIG. 3) of the BIOS process.
- a security authentication module 16 comprises an interface 18 and a library 20.
- the security authentication module 16 is also associated with information module reader hardware 22, which comprises a module interface 24 and one or more module contacts 28a-28n.
- the module interface 24 accepts a removable or installable information module 26.
- An information module 26 comprises stored information 32, which is typically addressable or available within a defined format 30.
- FIG. 2 is a schematic diagram 32 of a microprocessor-based computer 34a, having an integrated pre-boot authentication system 10. While the microprocessor-based device 34a shown in Figure 2 is illustrated as a desktop computer system 34a, it should be understood that the pre-boot authentication system can be readily applied to a large variety of microprocessor-based devices 34 (FIG. 1), such as portable computers 34b (FIG. 16), personal digital assistants 34c (FIG. 17), and/or cell phones 34c (FIG. 18).
- the microprocessor-based computer 34a shown in Figure 2 comprises a logic board 36, having an associated system BIOS 12, which is integrated 14 with the security authentication module 16.
- the microprocessor-based computer 34a also typically comprises associated hardware, such as a display 38, input devices, such as a keyboard 40 and mouse 42, and memory storage 44.
- the security authentication module 16 is connected to a reader 22, which comprises means for connecting to an information module 26.
- FIG. 3 shows a simplified flow structure 50 of a pre-boot authentication system 10.
- the enhanced basic input output system (BIOS) process 70 (FIG. 5) is started, at step 54.
- Preliminary BIOS procedures 56 are performed, until the system BIOS 12 is diverted to the security authentication process 60.
- the pre-boot security enhancement process 50 is commonly used for BIOS authentication 60.
- the system BIOS 12 is allowed to continue, by performing post-authentication procedures 66, which typically comprises the eventual loading of an operating system, at step 68.
- the pre-boot security enhanced BIOS process 50 is prevented from performing post-authentication procedures 66 and loading an operating system, if there is no authorization 60, i.e. the micro-processor-based device 34 does not boot-up.
- FIG. 4 shows a simplified timeline 70 for the flow structure of an integrated pre-boot security system 10.
- the microprocessor-based device 34 is activated 52, and the basic input output system (BIOS) process 12 is started, at step 54.
- BIOS basic input output system
- Preliminary BIOS procedures 56 are performed, until the system BIOS 12 is diverted to the security authentication enhancement process 60, at time , 74.
- the system BIOS 1 is allowed to continue, at time T 2 76, in which post-process procedures 66 are controllably allowed to occur.
- Post-process procedures 66 typically comprise the preparation and loading of an operating system, at step 68, at the end 58 of the system BIOS process 12.
- the enhanced BIOS process 50 is prevented from performing post- process procedures 66 and loading an operating system, if the system does not successfully complete the enhancement and/or authentication process 60.
- FIG. 5 is a flowchart of a typical security authentication BIOS process 70.
- the standard BIOS process 12 is enabled, at step 54.
- the system BIOS 12 continues, until the security authentication set point is reached, at step 72.
- the card bus controller interface 18 and card bus reader 22 are initialized, at step 74.
- the controller interface 18 the checks for card insertion into the module interface 24, at step 76. Once an information module card 26 is inserted, the card is powered and the handshaking "answer to reset signal function coding ATR (FIG. 10) is sent from the card 26 and is received by the controller interface 18, at step 78. If an acceptable handshaking answer to reset signal ATR is received, the controller interface 18 exchanges other information with the card 26, e.g.
- step 80 After the data exchange step 80 is finished, the card is powered off, at step 82, and the controller interface 18 releases the reader resource 22, at step 84. Based on a successful pre-boot authentication process 70, the system BIOS is allowed to resume, at step 86, such that the system BIOS process may be completed 58 (FIG. 4).
- Figure 6 shows coding 90, in C programming language, for one embodiment of the pre- boot authentication system 70.
- Figure 7 shows coding for card bus controller initialization 74a.
- Figure 8 shows coding for card resource reader controller initialization 74b.
- Figure 9 shows coding for card resource insertion detection 76.
- Figure 10 shows coding for card resource power on and ATR retrieval 78.
- Figure 11 shows coding for card resource data exchange 80.
- Figure 12 shows coding for card resource power off 12.
- Figure 13 shows coding for card resource release 84.
- Figure 14 shows a first portion of a pre-boot authentication BIOS system call specification.
- Figure 15 shows a second portion of a pre-boot BIOS system call specification.
- the pre-boot BIOS enhancement system 10 is implemented before the end of the system BIOS 12 for a microprocessor-based device 34.
- the microprocessor-based device 34 is prevented from booting up at all, unless a valid information card 26 is inserted into the card reader 22.
- the pre-boot BIOS enhancement system 10 is particularly suitable for smart card architectures, whereby the reader 22 and cards 26 are often standardized.
- the pre- boot BIOS enhancement system 10 checks to see if an inserted smart card 26 is valid, and determines if an inserted smart card 26 has valid function coding.
- the system BIOS process 12 begins.
- the BIOS process 12 is then interrupted, at which time the pre-boot system BIOS module 16 looks to the authentication card 26, to determine it's presence, and if so, queries the authentication card 26 for information 32.
- the enhanced BIOS 12,14 continues the startup process. If a valid authentication card 26 is not connected, the system BIOS 12 is prevented from continuing, and the operating system for the device 34 is prevented from being loaded, thereby providing robust protection against unauthorized access.
- the device system BIOS 12 is initially completed, such that access to further use of some or all computer functions are controlled by an authentication system and associated process.
- an authentication system For example, in a conventional desktop card-based security system, the operating system of the device is initialized at the end of the system BIOS process 12, at which point, an authentication system is activated.
- authentication system when a valid authorization card is entered, authentication system allows entry to the device, such as to applications and files.
- a software-based system when a valid password is entered, the software-based authentication system allows entry to the device.
- the system BIOS is completed and the operating system is already loaded, such that any bypass of the security structure may yield unauthorized access to an enabled operating system.
- the pre-boot authentication system 10 is activated before the system BIOS 12 is completed 58. In a typical embodiment, therefore, the pre- boot authentication system 10 prevents any sort of user interaction through the operating system of a microprocessor-based device 34, until such time that a valid authentication occurs.
- Figure 16 is a diagram of a portable computer system 34b having an integrated pre- boot enhancement or authentication system 10.
- Figure 17 is a diagram of a portable personal digital assistant 34c having an integrated pre-boot enhancement or authentication system 10.
- Figure 18 is a diagram of a portable phone 34d having an integrated pre-boot enhancement or authentication system 10.
- the pre-boot system 10 is particularly advantageous for portable devices 34, providing secure access to private information, such as personal and business files and contact information.
- private information such as personal and business files and contact information.
- the pre-boot system prevents loading of the operating system for a device, the pre-boot system provides a useful deterrent to theft of portable devices; there is no way to recover information through the operation system of the device, and the device provides a greatly diminished value to unauthorized people.
- the pre-boot authentication system 10 prevents access through the operating system of the device, unless proper authentication 60 occurs during the system BIOS process 12.
- pre-boot authentication system 10 is disclosed above as an authentication system, alternate embodiments may provide other enhancements to a system BIOS 12, before the end 58 of a boot-up process for a microprocessor-based device 34.
- installable or insertable information modules 26 may contain other enhancements for an operating system, or may include preferred system settings for an authorized user, which are activateable or installable before the end 58 of the system BIOS process 12.
- the information may preferably comprise coding information which is used to extend or update the system BIOS for a particular device 34.
- the information module 26 may preferably contain updated or new subroutines for the system BIOS 12.
- the pre-boot enhancement system 12, as integrated with an information module 26, readily provides upgradeability for a system BIOS 12, such as to work with changing operating system software and/or hardware.
- Information modules 26 can be implemented with a wide variety of card and information module formats 30.
- the information modules 26a-26n are insertable memory cards, e.g. such as a Smart CardTM, by Smart Card Alliance, a
- the pre-boot authentication system 10 provides a hardware interface that physically interfaces with a variety of information cards 26a-26n, while providing an adaptive software interface 18, having a plurality of library modules 20a- 20n, whereby communication may be established with any of the cards 26a-26n.
- FIG. 19 is a simplified functional block diagram of a preferred embodiment 100 of the pre-boot authentication system 10, in which the pre-boot module 16, having an adaptive interface 18 and a plurality of library modules 20a-20n, establishes communication with information modules 26a-26n having one or more formats 30a-30k, such as for resource (memory and I/O port) management and security management.
- the pre-boot module 16 having an adaptive interface 18 and a plurality of library modules 20a-20n
- information modules 26a-26n having one or more formats 30a-30k, such as for resource (memory and I/O port) management and security management.
- the card reader 22 allows the insertion of information modules 26a-26n, based upon a variety of information formats 30a-30k.
- the adaptive BIOS enhancement module 16 comprises a plurality of format library modules 20a-20n, by which the system interface 24 establishes communication with an inserted information module 26.
- the system BIOS 12 is integrated with the adaptive pre-boot enhancement system 100, based upon the plurality of installed pre-boot libraries 20a-20n.
- the pre-boot libraries 20a-20n define the structure by which the BIOS is diverted to the pre-boot enhancement authentication system, and defines the structure by which the system BIOS may resume, based upon a successful data exchange with an acceptable information module 26.
- the libraries 20a-20n define the integration of the reader hardware 22 and validation rules for information modules 26. Therefore, the libraries 20a-20n comprise information and communication protocols necessary to establish a communication exchange with the information modules 26a-26n.
- the system BIOS 12, having pre-boot system integration 14, is diverted to the adaptive pre-boot enhancement system module 16, having an adaptive interface 18.
- the adaptive pre-boot module 16 detects the insertion, at step 76 (FIG. 5).
- the adaptive pre-boot BIOS enhancement module 16 attempts to establish communication with the information module 26b.
- the adaptive pre-boot BIOS enhancement module 16 iteratively sends a handshake prompt signal 102a-102n to the information module 26, based upon a corresponding appropriate handshake prompt (ATR) signal 102a-102n associated with each of the stored plurality of format library modules 20a- 20n.
- ATR handshake prompt
- the adaptive BIOS enhancement module 16 sends an acceptable handshake prompt ATR signal 102, i.e. one that is recognized by the information module 26, the information module 26 responds by sending a matching handshake return signal 104b.
- the adaptive BIOS enhancement module 16 Upon receipt of a matching handshake return signal 104b, which is preferably matched to the stored format library module 20, the adaptive BIOS enhancement module 16 performs the data exchange with the information module 26, within the library format 30 defined by the successful matching handshake pair 102,104.
- the adaptive BIOS enhancement system 100 can therefore distinguish the type of information module 26 which is inserted, and can provide BIOS enhancement, such as authentication, using a variety of information modules 26a-26n, i.e. for both standard and nonstandard cards 26.
- BIOS enhancement such as authentication
- a variety of information modules 26a-26n i.e. for both standard and nonstandard cards 26.
- the use of a variety of removable authentication cards 26a-26n, having a variety of formats 30a-30k may be used for authentication purposes.
- the adaptive pre-boot BIOS system 100 can be programmed with corresponding library modules 20a-20n, having appropriate command sets, which correspond to both synchronous or asynchronous formats 30.
- a single information module 26 such as a smart card 26 that is unique to a user, may preferably be used to authenticate other microprocessor-based devices 34, either having the pre-boot system 10 which has an appropriate reader 22 and library 20, or having another adaptive BIOS enhancement system 100, provided that the information module comprises appropriate authentication information 32.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0326535A GB2391983B (en) | 2001-05-18 | 2002-05-10 | Pre-boot authentication system |
JP2002591971A JP4545378B2 (en) | 2001-05-18 | 2002-05-10 | Pre-boot authentication system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/860,709 | 2001-05-18 | ||
US09/860,709 US7000249B2 (en) | 2001-05-18 | 2001-05-18 | Pre-boot authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002095571A1 true WO2002095571A1 (en) | 2002-11-28 |
Family
ID=25333842
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2002/015047 WO2002095571A1 (en) | 2001-05-18 | 2002-05-10 | Pre-boot authentication system |
Country Status (6)
Country | Link |
---|---|
US (1) | US7000249B2 (en) |
JP (1) | JP4545378B2 (en) |
CN (1) | CN100480991C (en) |
GB (1) | GB2391983B (en) |
TW (1) | TWI221580B (en) |
WO (1) | WO2002095571A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004031920A1 (en) * | 2002-10-03 | 2004-04-15 | Bqt Solutions Pty Ltd | A smartcard security system for protecting a computer system |
WO2006091997A1 (en) * | 2005-03-01 | 2006-09-08 | Evatayhow Holdings Pty Ltd | Security system for computers |
WO2008042332A1 (en) | 2006-09-29 | 2008-04-10 | Hewlett-Packard Development Company, L.P. | Extensible bios interface to a preboot authentication module |
US8756390B2 (en) | 2005-12-05 | 2014-06-17 | International Business Machines Corporation | Methods and apparatuses for protecting data on mass storage devices |
Families Citing this family (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7660994B2 (en) * | 1995-10-24 | 2010-02-09 | Corestreet, Ltd. | Access control |
US7797729B2 (en) * | 2000-10-26 | 2010-09-14 | O2Micro International Ltd. | Pre-boot authentication system |
KR20020087202A (en) * | 2001-05-14 | 2002-11-22 | 삼성전자 주식회사 | Computer |
FI114416B (en) * | 2001-06-15 | 2004-10-15 | Nokia Corp | Method for securing the electronic device, the backup system and the electronic device |
US20040054952A1 (en) * | 2002-09-13 | 2004-03-18 | Morrow James W. | Device verification system and method |
US7174463B2 (en) * | 2001-10-04 | 2007-02-06 | Lenovo (Singapore) Pte. Ltd. | Method and system for preboot user authentication |
US7849301B2 (en) * | 2001-12-12 | 2010-12-07 | Intel Corporation | Providing a user input interface prior to initiation of an operating system |
US7454603B2 (en) * | 2002-02-11 | 2008-11-18 | Intel Corporation | Method and system for linking firmware modules in a pre-memory execution environment |
US6782349B2 (en) * | 2002-05-03 | 2004-08-24 | International Business Machines Corporation | Method and system for updating a root of trust measurement function in a personal computer |
US7216369B2 (en) * | 2002-06-28 | 2007-05-08 | Intel Corporation | Trusted platform apparatus, system, and method |
US20040015709A1 (en) * | 2002-07-18 | 2004-01-22 | Bei-Chuan Chen | Software delivery device and method for providing software copy protection |
JP4068948B2 (en) * | 2002-11-25 | 2008-03-26 | 富士フイルム株式会社 | Recording medium cartridge and recording / reproducing apparatus thereof |
US7974416B2 (en) * | 2002-11-27 | 2011-07-05 | Intel Corporation | Providing a secure execution mode in a pre-boot environment |
JP4067985B2 (en) * | 2003-02-28 | 2008-03-26 | 松下電器産業株式会社 | Application authentication system and device |
US20040267708A1 (en) * | 2003-06-18 | 2004-12-30 | Rothman Michael A | Device information collection and error detection in a pre-boot environment of a computer system |
JP2005085266A (en) * | 2003-09-04 | 2005-03-31 | Stmicroelectronics Sa | Access control of microprocessor peripheral device |
US7464256B2 (en) * | 2003-09-18 | 2008-12-09 | Aristocrat Technologies Australia Pty. Limited | Bios protection device preventing execution of a boot program stored in the bios memory until the boot program is authenticated |
US20050149729A1 (en) * | 2003-12-24 | 2005-07-07 | Zimmer Vincent J. | Method to support XML-based security and key management services in a pre-boot execution environment |
JP2005266871A (en) * | 2004-03-16 | 2005-09-29 | Ultra X:Kk | Computer device having diagnosing/erasing function of hard disk device and its mother board |
FR2870019B1 (en) * | 2004-05-10 | 2006-09-01 | Gemplus Sa | ELECTRONIC PLATFORM HAVING SECURE ACCESS, AND SECURING METHOD |
US7702907B2 (en) * | 2004-10-01 | 2010-04-20 | Nokia Corporation | System and method for safe booting electronic devices |
US8181020B2 (en) * | 2005-02-02 | 2012-05-15 | Insyde Software Corp. | System and method for securely storing firmware |
CN100340939C (en) * | 2005-04-28 | 2007-10-03 | 上海交通大学 | Safety starter for MEMS computer |
US7516252B2 (en) * | 2005-06-08 | 2009-04-07 | Intel Corporation | Port binding scheme to create virtual host bus adapter in a virtualized multi-operating system platform environment |
US7350067B2 (en) * | 2005-06-22 | 2008-03-25 | Hewlett-Packard Development Company, L.P. | Bios security management |
US7499733B2 (en) * | 2005-12-22 | 2009-03-03 | Motorola, Inc. | Mobile communication device and method of hibernating and prebooting same to reduce start up time |
US7725701B2 (en) | 2006-03-03 | 2010-05-25 | Hewlett-Packard Development Company, L.P. | Portable device comprising a BIOS setting |
US8019994B2 (en) * | 2006-04-13 | 2011-09-13 | Hewlett-Packard Development Company, L.P. | Authentication of a request to alter at least one of a BIOS and a setting associated with the BIOS |
US8468591B2 (en) | 2006-10-13 | 2013-06-18 | Computer Protection Ip, Llc | Client authentication and data management system |
US7844808B2 (en) * | 2006-12-18 | 2010-11-30 | Microsoft Corporation | Computer compliance enforcement |
US7624217B2 (en) * | 2007-02-12 | 2009-11-24 | Microsoft Corporation | Adaptive boot sequence |
JP2008299418A (en) * | 2007-05-29 | 2008-12-11 | Toshiba Corp | Information processor and starting control method |
TWI342520B (en) * | 2007-08-27 | 2011-05-21 | Wistron Corp | Method and apparatus for enhancing information security in a computer system |
US20090089588A1 (en) * | 2007-09-28 | 2009-04-02 | Farid Adrangi | Method and apparatus for providing anti-theft solutions to a computing system |
JP2009157611A (en) * | 2007-12-26 | 2009-07-16 | Cis Electronica Industria & Comercio Ltda | Magnetic head |
US8661234B2 (en) * | 2008-01-31 | 2014-02-25 | Microsoft Corporation | Individualized per device initialization of computing devices in avoidance of mass exploitation of vulnerabilities |
JP5446439B2 (en) * | 2008-07-24 | 2014-03-19 | 富士通株式会社 | COMMUNICATION CONTROL DEVICE, DATA MAINTENANCE SYSTEM, COMMUNICATION CONTROL METHOD, AND PROGRAM |
US8131987B2 (en) * | 2008-12-10 | 2012-03-06 | Dell Products L.P. | Virtual appliance pre-boot authentication |
US8086839B2 (en) * | 2008-12-30 | 2011-12-27 | Intel Corporation | Authentication for resume boot path |
JP4672778B2 (en) * | 2009-01-29 | 2011-04-20 | 東芝ストレージデバイス株式会社 | Data storage |
EP2290574B1 (en) * | 2009-08-25 | 2018-09-26 | Giga-Byte Technology Co., Ltd. | Security management methods for computer devices |
US20110055534A1 (en) * | 2009-08-26 | 2011-03-03 | Chung Chieh-Fu | Management Method for Security of Computer Device |
US9122492B2 (en) * | 2010-10-25 | 2015-09-01 | Wms Gaming, Inc. | Bios used in gaming machine supporting pluralaties of modules by utilizing subroutines of the bios code |
CN102479302A (en) * | 2010-11-24 | 2012-05-30 | 鸿富锦精密工业(深圳)有限公司 | Password protection system and method |
JP4929407B1 (en) | 2011-03-09 | 2012-05-09 | 株式会社東芝 | Information processing apparatus and display control method |
EP3039605B1 (en) * | 2013-08-28 | 2020-02-05 | Intel Corporation | Systems and methods for authenticating access to an operating system by a user before the operating system is booted using a wireless communication token |
US20200302060A1 (en) * | 2017-12-14 | 2020-09-24 | Hewlett-Packard Development Company, L.P. | Enabling access to capturing devices by basic input and output systems (bios) |
US11544414B2 (en) * | 2019-02-04 | 2023-01-03 | Dell Products L.P. | Secure wake-on of a computing device |
CN112507324B (en) * | 2021-02-05 | 2021-06-04 | 浙江地芯引力科技有限公司 | RISC processor circuit and method for analyzing data and command safety |
CN113064643B (en) * | 2021-03-16 | 2023-03-17 | 山东英信计算机技术有限公司 | Method, system and medium for instantly-effective modification of BIOS set value |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6275933B1 (en) * | 1999-04-30 | 2001-08-14 | 3Com Corporation | Security system for a computerized apparatus |
US6353885B1 (en) * | 1999-01-26 | 2002-03-05 | Dell Usa, L.P. | System and method for providing bios-level user configuration of a computer system |
US20020078372A1 (en) * | 2000-09-08 | 2002-06-20 | Gaspare Aluzzo | Systems and methods for protecting information on a computer by integrating building security and computer security functions |
Family Cites Families (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3754148A (en) * | 1972-07-24 | 1973-08-21 | Space Electronics Inc | Security system for preventing unauthorized use of electric circuits |
US4090089A (en) * | 1976-04-14 | 1978-05-16 | Morello Philip P | Sequential coded computerized anti-theft lock |
JPS5982577A (en) * | 1982-11-02 | 1984-05-12 | Nippon Denso Co Ltd | Starting control device for car prime mover |
US4553127A (en) * | 1983-06-30 | 1985-11-12 | Issa Darrell E | Battery lock anti-theft system |
US5019996A (en) * | 1988-08-29 | 1991-05-28 | Advanced Micro Devices, Inc. | Programmable power supply level detection and initialization circuitry |
JPH02148210A (en) * | 1988-11-30 | 1990-06-07 | Toshiba Corp | Attachment/detachment control circuit for flat panel display |
US5023591A (en) * | 1989-11-15 | 1991-06-11 | Allen V. Edwards | Anti-theft control apparatus |
US5396635A (en) * | 1990-06-01 | 1995-03-07 | Vadem Corporation | Power conservation apparatus having multiple power reduction levels dependent upon the activity of the computer system |
US5191228A (en) * | 1990-06-22 | 1993-03-02 | Sloan Jeffrey M | Vehicle battery disconnect antitheft device |
US5176523A (en) * | 1991-08-09 | 1993-01-05 | Foxconn International, Inc. | Stackable memory card connector |
AU3777593A (en) | 1992-02-26 | 1993-09-13 | Paul C. Clark | System for protecting computers via intelligent tokens or smart cards |
AU5463194A (en) * | 1992-07-01 | 1994-01-31 | B.I.G. Batteries Limited | Security batteries for automotive vehicles |
WO1995018998A1 (en) * | 1994-01-05 | 1995-07-13 | Norand Corporation | Safe-stop mode for a microprocessor operating in a pseudo-static random access memory environment |
US5555510A (en) * | 1994-08-02 | 1996-09-10 | Intel Corporation | Automatic computer card insertion and removal algorithm |
US5737612A (en) * | 1994-09-30 | 1998-04-07 | Cypress Semiconductor Corp. | Power-on reset control circuit |
US5963142A (en) * | 1995-03-03 | 1999-10-05 | Compaq Computer Corporation | Security control for personal computer |
US5663553A (en) * | 1995-09-27 | 1997-09-02 | Intel Corporation | Mass storage device adapter for smart cards |
US5716221A (en) * | 1995-10-20 | 1998-02-10 | Itt Corporation | Stacked IC card assembly for insertion into stacked receivers |
US5671368A (en) * | 1996-02-22 | 1997-09-23 | O2 Micro, Inc. | PC card controller circuit to detect exchange of PC cards while in suspend mode |
US5763862A (en) * | 1996-06-24 | 1998-06-09 | Motorola, Inc. | Dual card smart card reader |
JP3066570B2 (en) * | 1996-07-26 | 2000-07-17 | モレックス インコーポレーテッド | Method of manufacturing connector assembly for PC card |
US5975959A (en) * | 1996-12-17 | 1999-11-02 | The Whitaker Corporation | Smart card connector module |
JP3585336B2 (en) * | 1997-02-24 | 2004-11-04 | 沖電気工業株式会社 | IC card adapter |
US5878264A (en) * | 1997-07-17 | 1999-03-02 | Sun Microsystems, Inc. | Power sequence controller with wakeup logic for enabling a wakeup interrupt handler procedure |
US6015092A (en) * | 1998-02-05 | 2000-01-18 | Postlewaite; William M. | Smart card reader having angled smart card holder |
US5963464A (en) * | 1998-02-26 | 1999-10-05 | International Business Machines Corporation | Stackable memory card |
US6085327A (en) * | 1998-04-10 | 2000-07-04 | Tritech Microelectronics, Ltd. | Area-efficient integrated self-timing power start-up reset circuit with delay of the start-up reset until the system clock is stabilized |
EE9800237A (en) | 1998-09-11 | 2000-04-17 | Marandi Mart | A method for preventing unauthorized use of a computer and for performing a device method |
US6633981B1 (en) * | 1999-06-18 | 2003-10-14 | Intel Corporation | Electronic system and method for controlling access through user authentication |
US7117376B2 (en) * | 2000-12-28 | 2006-10-03 | Intel Corporation | Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations |
US20030196100A1 (en) * | 2002-04-15 | 2003-10-16 | Grawrock David W. | Protection against memory attacks following reset |
-
2001
- 2001-05-18 US US09/860,709 patent/US7000249B2/en not_active Expired - Fee Related
-
2002
- 2002-05-10 JP JP2002591971A patent/JP4545378B2/en not_active Expired - Fee Related
- 2002-05-10 GB GB0326535A patent/GB2391983B/en not_active Expired - Fee Related
- 2002-05-10 WO PCT/US2002/015047 patent/WO2002095571A1/en active Search and Examination
- 2002-05-10 CN CNB028132963A patent/CN100480991C/en not_active Expired - Fee Related
- 2002-05-17 TW TW091110438A patent/TWI221580B/en not_active IP Right Cessation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6353885B1 (en) * | 1999-01-26 | 2002-03-05 | Dell Usa, L.P. | System and method for providing bios-level user configuration of a computer system |
US6275933B1 (en) * | 1999-04-30 | 2001-08-14 | 3Com Corporation | Security system for a computerized apparatus |
US20020078372A1 (en) * | 2000-09-08 | 2002-06-20 | Gaspare Aluzzo | Systems and methods for protecting information on a computer by integrating building security and computer security functions |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004031920A1 (en) * | 2002-10-03 | 2004-04-15 | Bqt Solutions Pty Ltd | A smartcard security system for protecting a computer system |
WO2006091997A1 (en) * | 2005-03-01 | 2006-09-08 | Evatayhow Holdings Pty Ltd | Security system for computers |
US8756390B2 (en) | 2005-12-05 | 2014-06-17 | International Business Machines Corporation | Methods and apparatuses for protecting data on mass storage devices |
WO2008042332A1 (en) | 2006-09-29 | 2008-04-10 | Hewlett-Packard Development Company, L.P. | Extensible bios interface to a preboot authentication module |
US9262602B2 (en) | 2006-09-29 | 2016-02-16 | Hewlett-Packard Development Company, L.P. | Extensible bios interface to a preboot authentication module |
Also Published As
Publication number | Publication date |
---|---|
GB0326535D0 (en) | 2003-12-17 |
US7000249B2 (en) | 2006-02-14 |
CN100480991C (en) | 2009-04-22 |
TWI221580B (en) | 2004-10-01 |
GB2391983A (en) | 2004-02-18 |
US20020174353A1 (en) | 2002-11-21 |
CN1526092A (en) | 2004-09-01 |
GB2391983B (en) | 2005-08-10 |
JP2004530984A (en) | 2004-10-07 |
JP4545378B2 (en) | 2010-09-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7000249B2 (en) | Pre-boot authentication system | |
US7797729B2 (en) | Pre-boot authentication system | |
US10359957B2 (en) | Integrated circuit device that includes a secure element and a wireless component for transmitting protected data over short range wireless point-to-point communications | |
US7805720B2 (en) | Autorun for integrated circuit memory component | |
US6038320A (en) | Computer security key | |
EP1991927B1 (en) | Portable device comprising a bios setting | |
US20140115316A1 (en) | Boot loading of secure operating system from external device | |
US7308584B2 (en) | System and method for securing a portable processing module | |
US6032256A (en) | Power controlled computer security system and method | |
WO2006090091A1 (en) | User authentication for a computer system | |
US10783088B2 (en) | Systems and methods for providing connected anti-malware backup storage | |
CN100580627C (en) | Method and device for starting computer system | |
US20070089170A1 (en) | Computer system and security method therefor | |
JP4634924B2 (en) | Authentication method, authentication program, authentication system, and memory card | |
CN105760747A (en) | Method for protecting intelligent equipment through power-on passwords and intelligent equipment | |
KR19990079740A (en) | How to secure your PC using boot sequence | |
WO2009088362A1 (en) | Limiting access to file and folder on a storage device | |
CN2676262Y (en) | Preliminary start verification system | |
AU648023B2 (en) | Computer security system | |
US20030041187A1 (en) | Method and apparatus for controlling card device | |
CN115577346A (en) | Trusted starting method of computer | |
CN116897350A (en) | Computer with convertible structure between virtual computers and conversion method | |
KR20120014343A (en) | Method and system for preventing unauthorized controlling of automatic teller machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
ENP | Entry into the national phase |
Ref document number: 0326535 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20020510 Ref document number: 0326535 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20020510 Format of ref document f/p: F |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002591971 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 028132963 Country of ref document: CN |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
DPE2 | Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101) |