Information Handling Systems And Related Methods For Establishing Trust Between Boot Firmware And Applications Based On User Physical Presence Verification
First Claim
1. An information handling system (IHS), comprising:
- a computer readable storage medium storing an operating system (OS) and at least one application;
a computer readable memory storing boot firmware including boot services and runtime services;
at least one processing device coupled to the computer readable storage medium and to the computer readable memory, wherein the at least one processing device is configured to execute;
a first set of program instructions included within the boot services of the boot firmware to interact with a user of the IHS and receive user input via an input device of the IHS during a pre-boot phase of the boot firmware; and
a second set of program instructions included within the runtime services of the boot firmware to verify a physical presence of the user during OS runtime, wherein the verification of the physical presence of the user is based on at least a subset of the user input received during the pre-boot phase.
7 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure provides an information handling system (IHS) and related methods that use physical presence verification to establish unique trust relationships between boot firmware and one or more individual applications provided within an IHS. The IHS and methods disclosed herein provide secure verification of user physical presence by verifying the physical presence of a user during a pre-boot phase of the boot firmware (i.e., before an operating system (OS) is loaded and running). After user physical presence is verified during the pre-boot phase, the IHS and methods disclosed herein generate a physical presence (PP) bind token during OS runtime that may be used to establish a unique trust relationship between the boot firmware and one or more individual applications provided within the IHS.
16 Citations
20 Claims
-
1. An information handling system (IHS), comprising:
-
a computer readable storage medium storing an operating system (OS) and at least one application; a computer readable memory storing boot firmware including boot services and runtime services; at least one processing device coupled to the computer readable storage medium and to the computer readable memory, wherein the at least one processing device is configured to execute; a first set of program instructions included within the boot services of the boot firmware to interact with a user of the IHS and receive user input via an input device of the IHS during a pre-boot phase of the boot firmware; and a second set of program instructions included within the runtime services of the boot firmware to verify a physical presence of the user during OS runtime, wherein the verification of the physical presence of the user is based on at least a subset of the user input received during the pre-boot phase. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for generating a trust relationship between boot firmware and at least one application stored within an information handling system (IHS), the method comprising:
-
providing an application token unique to the at least one application to the boot firmware; storing the application token; subsequently rebooting the IHS to enter a pre-boot phase of the boot firmware, wherein during the pre-boot phase the method further comprises; prompting the user to provide user input; and receiving the user input via an input device of the IHS; and verifying a physical presence of the user based on at least a subset of the user input received during the pre-boot phase. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification