Pre-boot authentication system

US 20020174353A1
Filed: 05/18/2001
Published: 11/21/2002
Est. Priority Date: 05/18/2001
Status: Active Grant

First Claim

Patent Images

1. A process, comprising the steps of:

providing a device having a BIOS procedure having an interval, the interval having a start and a finish;

providing a module comprising information in communication with the BIOS;

starting the BIOS procedure;

interrupting the BIOS procedure during the interval before the finish;

transferring the information between the module and the BIOS;

determining if the transferred information if valid; and

commencing the BIOS procedure if determined transferred information is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems are provided for the enhancement of the system BIOS for microprocessor-based devices. Before the end of a BIOS start-up procedure, the BIOS operation is diverted to a BIOS security authentication system which may be a portion of an enhanced system BIOS. The BIOS security authentication system establishes communication with an information module, if the information module is present. The information module is typically a removable or installable card, which may be unique to one or more users. Based upon an information exchange between the security authentication module and the information module, the security authentication module controllably allows or prevents the system BIOS start-up procedure to resume and finish. In a preferred embodiment, the security authentication module is used as a pre-boot authentication system, to prevent a microprocessor-based device from booting up, unless a valid authorized information module is present. In other preferred embodiments, an adaptive security authentication module interface is provided, to allow information exchange with a variety of information modules having one or more information formats. In alternate embodiments, information from the information exchange may be transferred to the main system BIOS (such as to provide system functions to the BIOS, or to provide identity information of the user, based upon the information module).

81 Citations

View as Search Results

62 Claims

1. A process, comprising the steps of:
- providing a device having a BIOS procedure having an interval, the interval having a start and a finish;
  
  providing a module comprising information in communication with the BIOS;
  
  starting the BIOS procedure;
  
  interrupting the BIOS procedure during the interval before the finish;
  
  transferring the information between the module and the BIOS;
  
  determining if the transferred information if valid; and
  
  commencing the BIOS procedure if determined transferred information is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The process of claim 1, further comprising the steps of:
    - providing a card reader for connecting the module to the device; and
      
      determining when the module is present within the card reader.
  - 3. The process of claim 2, further comprising the step of:
    - powering on the module when the module is determined to be present within the card reader.
  - 4. The process of claim 3, further comprising the step of:
    - powering off the module after the information is transferred between the module and the BIOS.
  - 5. The process of claim 1, wherein the device further comprises a loadable operating system, further comprising the step of:
    - loading the operating system after the BIOS procedure has commenced.
  - 6. The process of claim 1, further comprising the step of;
    - preventing the commencing step if the determined transferred information is not valid.
  - 7. The process of claim 1, wherein the module further comprises a defined format, and wherein the information is available within the defined format.
  - 8. The process of claim 1, wherein the module is a SmartCard™
    - .
  - 9. The process of claim 1, wherein the module is a synchronous card.
  - 10. The process of claim 1, wherein the module is an asynchronous card.
  - 11. The process of claim 1, wherein the device is a computer.
  - 12. The process of claim 11, wherein the computer is a personal computer.
  - 13. The process of claim 11, wherein the computer is a portable computer.
  - 14. The process of claim 1, wherein the device is a personal digital assistant.
  - 15. The process of claim 1, wherein the device is a portable phone.
  - 17. The process of claim 16, further comprising the steps of:
    - providing a card reader for connecting the module to the device; and
      
      determining when the module is present within the card reader.
  - 18. The process of claim 17, further comprising the step of:
    - powering on the removable module when the removable module is determined to be present within the card reader.
  - 19. The process of claim 18, further comprising the step of:
    - powering off the removable module after the information is transferred between the module and the security authentication module.
  - 20. The process of claim 16, wherein the device further comprises a loadable operating system, further comprising the step of:
    - loading the operating system after the BIOS procedure has recommenced.
  - 21. The process of claim 16, further comprising the step of;
    - preventing the recommencing step if the determined transferred information is not valid.
  - 22. The process of claim 16, wherein the removable module further comprises a defined format, and wherein the information is available within the defined format.
  - 23. The process of claim 16, wherein the removable module is a SmartCard™
    - .
  - 24. The process of claim 16, wherein the removable module is a synchronous card.
  - 25. The process of claim 16, wherein the removable module is an asynchronous card.
  - 26. The process of claim 16, wherein the device is a computer.
  - 27. The process of claim 26, wherein the computer is a personal computer.
  - 28. The process of claim 26, wherein the computer is a portable computer.
  - 29. The process of claim 16, wherein the device is a personal digital assistant.
  - 30. The process of claim 16, wherein the device is a portable phone.

16. A process, comprising the steps of:
- providing a device having a BIOS procedure having an interval, the interval having a start and a finish;
  
  providing a security authentication module associated with the BIOS;
  
  providing a library in communication with the security authentication module;
  
  providing a removable module comprising information;
  
  starting the BIOS procedure;
  
  interrupting the BIOS procedure during the interval before the finish;
  
  establishing communication between the security authentication module and the removable module, based upon the library;
  
  transferring the information between the removable module and the security authentication module;
  
  determining if the transferred information if valid; and
  
  recommencing the BIOS procedure if determined transferred information is valid.

31. An authentication system for a device having a basic input output system (BIOS), the BIOS comprising an interval having a start and a finish, the authentication system comprising:
- means for interrupting the BIOS procedure during the interval before the finish; and
  
  an authentication module in communication with the BIOS for receiving information from a removable module comprising information, for determining if the received information is valid; and
  
  for allowing the BIOS to recommence if the received information is valid.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 32. The authentication system of claim 31, further comprising:
    - means for determining the presence of the removable module.
  - 33. The authentication system of claim 31, further comprising:
    - a card reader for connecting the module to the device.
  - 34. The authentication system of claim 33, further comprising:
    - means for powering on the removable module if the removable module is located within the card reader.
  - 35. The authentication system of claim 31, further comprising:
    - Means for powering off the removable module after the information is transferred between the removable module and the authentication module.
  - 36. The authentication system of claim 31, wherein the device further comprises a loadable operating system, wherein the operating system is loaded after the BIOS procedure has recommenced.
  - 37. The authentication system of claim 31, wherein the authentication module prohibits the recommencing of the system BIOS if the determined transferred information is not valid.
  - 38. The authentication system of claim 31, wherein the removable module further comprises a defined format, and wherein the information is available within the defined format.
  - 39. The authentication system of claim 31, wherein the removable module is a SmartCard™
    - .
  - 40. The authentication system of claim 31, wherein the removable module is a synchronous card.
  - 41. The authentication system of claim 31, wherein the removable module is an asynchronous card.
  - 42. The authentication system of claim 31, wherein the device is a computer.
  - 43. The authentication system of claim 42, wherein the computer is a personal computer.
  - 44. The authentication system of claim 42, wherein the computer is a portable computer.
  - 45. The authentication system of claim 42, wherein the device is a personal digital assistant.
  - 46. The authentication system of claim 42, wherein the device is a portable phone.
  - 48. The adaptive authentication system of claim 47, further comprising:
    - means for determining the presence of the removable module.
  - 49. The adaptive authentication system of claim 47, further comprising:
    - a card reader for connecting the removable module to the device.
  - 50. The adaptive authentication system of claim 49, further comprising:
    - means for powering on the removable module if the removable module is located within the card reader.
  - 51. The adaptive authentication system of claim 50, further comprising:
    - means for powering off the removable module after the information is transferred between the removable module and the authentication module.
  - 52. The adaptive authentication system of claim 47, wherein the device further comprises a loadable operating system, wherein the operating system is loaded after the BIOS procedure has recommenced.
  - 53. The adaptive authentication system of claim 47, wherein the authentication module prohibits the recommencing of the system BIOS if the determined transferred information is not valid.
  - 54. The adaptive authentication system of claim 47, wherein the removable module further comprises a defined format, and wherein the information is available within the defined format.
  - 55. The adaptive authentication system of claim 47, wherein the removable module is a SmartCard™
    - .
  - 56. The adaptive authentication system of claim 47, wherein the removable module is a synchronous card.
  - 57. The adaptive authentication system of claim 47, wherein the removable module is an asynchronous card.
  - 58. The adaptive authentication system of claim 47, wherein the device is a computer.
  - 59. The adaptive authentication system of claim 58, wherein the computer is a personal computer.
  - 60. The adaptive authentication system of claim 58, wherein the computer is a portable computer.
  - 61. The adaptive authentication system of claim 47, wherein the device is a personal digital assistant.
  - 62. The authentication system of claim 47, wherein the device is a portable phone.

47. An adaptive authentication system for a device having a basic input output system (BIOS), the BIOS comprising an interval having a start and a finish, the authentication system comprising:
- means for interrupting the BIOS procedure during the interval before the finish; and
  
  an authentication module in communication with the BIOS for establishing communication with a removable module comprising information stored in one of a plurality of formats, for receiving authentication information from the removable module once communication is established, for determining if the received authentication information is valid, and for allowing the BIOS to recommence if the received authentication information is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Maishi Electronic (Shanghai) Limited
Original Assignee
O2 Micro International Limited (O2 Micro Incorporated)
Inventors
Lee, Shyh-shin

Granted Patent

US 7,000,249 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/575 Secure boot

Pre-boot authentication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Pre-boot authentication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links