Enhancing Security of a System Via Access by an Embedded Controller to A Secure Storage Device

US 20090327678A1
Filed: 04/10/2007
Published: 12/31/2009
Est. Priority Date: 04/10/2007
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a host processor and memory;

an embedded microcontroller coupled to the host processor;

an auxiliary memory coupled to the embedded microcontroller, wherein the auxiliary memory stores program instructions for verifying system security; and

one or more pre-boot security components coupled to the embedded microcontroller;

wherein upon power-up, but before host processor boot-up, the embedded microcontroller is operable to;

execute the program instructions to verify system security using the one or more pre-boot security components; and

if system security is verified, permit the host processor to be booted.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for performing pre-boot security verification in a system that includes a host processor and memory, an embedded microcontroller with an auxiliary memory, e.g., an on-chip ROM, or memory controlled to prohibit user-tampering with the contents of the memory, and one or more pre-boot security components coupled to the embedded microcontroller. Upon power-up, but before host processor boot-up, the embedded microcontroller accesses the auxiliary memory and executes the program instructions to verify system security using the one or more pre-boot security components. The one or more pre-boot security components includes at least one identity verification component, e.g., a smart card, or a biometric sensor, e.g., a fingerprint sensor, a retinal scanner, and/or a voiceprint sensor, etc., and/or at least one system verification component, e.g., TPM, to query the system for system state information, and verify that the system has not been compromised.

92 Citations

View as Search Results

17 Claims

1. A system, comprising:
- a host processor and memory;
  
  an embedded microcontroller coupled to the host processor;
  
  an auxiliary memory coupled to the embedded microcontroller, wherein the auxiliary memory stores program instructions for verifying system security; and
  
  one or more pre-boot security components coupled to the embedded microcontroller;
  
  wherein upon power-up, but before host processor boot-up, the embedded microcontroller is operable to;
  
  execute the program instructions to verify system security using the one or more pre-boot security components; and
  
  if system security is verified, permit the host processor to be booted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1,wherein the one or more pre-boot security components comprise at least one identity verification component;
    - wherein, to verify system security using the one or more pre-boot security components, the program instructions are executable by the embedded processor to invoke the at least one identity verification component to;
      
      receive identification information from a user; and
      
      verify that the user is authorized to use the system.
  - 3. The system of claim 2, wherein the at least one identity verification component comprises one or more of:
    - a smart card;
      
      a TPM (Trusted Platform Module);
      
      orat least one biometric sensor.
  - 4. The system of claim 2, wherein the at least one biometric sensor comprises one or more of:
    - a fingerprint sensor;
      
      a retinal scanner;
      
      ora voiceprint sensor.
  - 5. The system of claim 1, wherein the one or more pre-boot security components comprise at least one system verification component;
    - wherein, to verify system security using the one or more pre-boot security components, the program instructions are executable by the embedded processor to invoke the at least one system verification component to;
      
      query the system for system state information; and
      
      verify that the system has not been compromised.
  - 6. The system of claim 5, wherein to verify that the system has not been compromised, the program instructions are executable by the embedded processor to compare the system state information queried by the at least one system verification component with reference system state information.
  - 7. The system of claim 5, wherein the at least one system verification component comprises a TPM (Trusted Platform Module).
  - 8. The system of claim 1, wherein the auxiliary memory comprises a ROM.
  - 9. The system of claim 1, wherein the auxiliary memory comprises a memory protected by hardware to implement one-time writable memory.
  - 10. The system of claim 1, wherein the embedded microcontroller is further operable to execute the program instructions to invoke one or more defensive measures if system security cannot be verified.
  - 11. The system of claim 10, wherein the one or more defensive measures comprises:
    - preventing user access to the system.
  - 12. The system of claim 11, wherein said preventing user access to the system comprises one or more of:
    - preventing the host CPU from booting by blocking access to the BIOS;
      
      shutting down the power supply to the system.
  - 13. The system of claim 10, wherein the one or more defensive measures comprises:
    - alerting an external system coupled to the system.
  - 14. The system of claim 10, wherein the embedded microcontroller is further operable to execute the program instructions to control access to one or more devices coupled to the system, and wherein the one or more defensive measures comprises:
    - blocking access to the one or more devices.
  - 15. The system of claim 14,wherein at least one of the one or more pre-boot security components comprises a TPM, wherein the one or more devices comprises at least one other of the one or more pre-boot security components, and wherein, to verify system security using the one or more pre-boot security components, the microcontroller is operable to execute the program instructions to verify access rights using the TPM.
  - 16. The system of claim 1,wherein the one or more pre-boot security components comprise a global positioning system (GPS);
    - andwherein, to verify system security using the one or more pre-boot security components, the program instructions are executable by the embedded processor to;
      
      invoke the GPS to determine the location of the system; and
      
      verify that the system is at an authorized location.

17. A method for verifying security in a computer system comprising a host processor and memory, the method comprising:
- upon power-up, but before host processor boot-up, an embedded microcontroller coupled to the host processor and memory accessing an auxiliary memory that stores program instructions for verifying system security, and executing the program instructions to verify system security using one or more pre-boot security components coupled to the embedded microcontroller; and
  
  if system security is verified, invoking boot-up of the host processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microchip Technology Incorporated
Original Assignee
Standard Microsystems Corporation (Microchip Technology Incorporated)
Inventors
Dutton, Drew J., Wahler, Richard E., Berenbaum, Alan D., Weiss, Raphael

Granted Patent

US 7,917,741 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/575 Secure boot

Enhancing Security of a System Via Access by an Embedded Controller to A Secure Storage Device

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Enhancing Security of a System Via Access by an Embedded Controller to A Secure Storage Device

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links