ANTI-THEFT IN FIRMWARE

US 20180157849A1
Filed: 11/10/2017
Published: 06/07/2018
Est. Priority Date: 10/25/2012
Status: Abandoned Application

First Claim

Patent Images

1-75. -75. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the bio -metric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.

13 Citations

View as Search Results

96 Claims

1-75. -75. (canceled)

76. At least one non-transitory machine accessible storage medium including one or more sequences of instructions, the sequences of instructions including instructions which when executed cause a computing device to:
- receive notification of a reset event;
  
  receive, from one or more biometric devices, biometric information associated with a user;
  
  encrypt firmware instructions to be executed during a boot sequence, wherein encryption is based on at least three credentials including a unique identifier associated with the computing device, the biometric information, and user-based information, wherein encryption is performed during the boot sequence; and
  
  perform additional processing to load the operating system.
- View Dependent Claims (77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87)
- - 77. The storage medium of claim 76, wherein the user-based information includes possession of a token.
  - 78. The storage medium of claim 76, wherein the user-based information includes a password.
  - 79. The storage medium of claim 76, wherein the user-based information includes a passphrase.
  - 80. The storage medium of claim 76, wherein the user-based information includes a location of the user.
  - 81. The storage medium of claim 76, wherein the unique identifier includes a product serial number.
  - 82. The storage medium of claim 76, wherein the unique identifier includes a media access control (MAC) address of an Ethernet device.
  - 83. The storage medium of claim 76, wherein the unique identifier includes a product serial number.
  - 84. The storage medium of claim 76, wherein the unique identifier includes a Trusted Platform Module (TPM) key.
  - 85. The storage medium of claim 76, wherein encryption is to be performed prior to loading of an operating system.
  - 86. The storage medium of claim 76, wherein encryption is to be performed during a driver execution environment phase of the boot sequence.
  - 87. The storage medium of claim 76, the instructions further comprising instructions which when executed cause the computing device to:
    - perform one or more platform initialization instructions, andinitialize the one or more biometric devices.

88. At least one non-transitory machine accessible storage medium including one or more sequences of instructions, the sequences of instructions including instructions which when executed cause a computing device to:
- receive notification of a reset event;
  
  receive, from one or more biometric devices, biometric information associated with a user;
  
  decrypt firmware instructions to be executed during a boot sequence, said decrypting based on at least three credentials including a unique identifier associated with the computing device, the biometric information, and user-based information, wherein decryption is performed during the boot sequence; and
  
  perform additional processing to load the operating system.
- View Dependent Claims (89, 90)
- - 89. The storage medium of claim 88, the instructions further comprising instructions which when executed cause the computing device to:
    - perform one or more platform initialization instructions, andinitialize the one or more biometric devices.
  - 90. The storage medium of claim 89, wherein the user-based information comprises one or more of:
    - (a) possession of a token, (b) password, (c) passphrase, and (d) location of the user.

91. A method, comprising:
- performing initial operations of a boot sequence in a computing system, responsive to receiving notification of a reset event;
  
  decrypting boot sequence firmware code during a driver execution environment phase of a boot sequence using at least three credentials including a unique identifier associated with the computing device, the biometric information, and data associated with a user, the biometric information comprises readings from one or more biometric devices;
  
  responsive to the decrypting, performing additional operations of the boot sequence, wherein the additional operations include loading of operating system code into system memory of the computing system; and
  
  terminating the boot sequence without loading the operating system code if the decrypting is unsuccessful.
- View Dependent Claims (92, 93, 94, 95, 96)
- - 92. The method of claim 91, wherein the boot sequence is a UEFI boot sequence.
  - 93. The method of claim 91, wherein the decrypting of boot sequence firmware code further comprises decrypting of UEFI driver code.
  - 94. The method of claim 91, wherein said initial operations of the boot sequence include one or more operations to initialize a processor of the computing system.
  - 95. The method of claim 91, further comprising:
    - initializing one or more biometric devices.
  - 96. The method of claim 91, further comprising:
    - collecting the biometric information from one or more biometric devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Ouyang, Qian, Wang, Jian J., Zimmer, Vincent J., Rothman, Michael A., Zhang, Chao B.

Application Number

US15/809,785
Publication Number

US 20180157849A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/575   Secure boot

G06F 21/602   Providing cryptographic fac...

G06F 9/4406   Loading of operating system

ANTI-THEFT IN FIRMWARE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

96 Claims

Specification

Solutions

Use Cases

Quick Links

ANTI-THEFT IN FIRMWARE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

96 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links