Method and apparatus for providing system security to personal computer systems using transparent system interrupt
First Claim
1. In a computer system, a computer implemented method for providing system security to the computer system, the method comprising the steps of:
- a) operating a processor of the computer system in a first state and keyboard control facility of the computer system in a first mode, allowing commands and data to be freely exchanged between the processor and a keyboard of the computer system in a substantially unrestricted manner, except for a first plurality of system security related commands and data;
b) operating the processor in a second state and the keyboard control facility in a second mode in response to the presence of the first system security related command and data while the processor is operating in the first state and the keyboard control facility is operating in the first mode, wherein the keyboard control facility communicates exclusively with a transparent system management interrupt (SMI) handler, facilitating servicing of the first system security related commands and data by the SMI handler, and inhibiting all exchange of commands and data between the processor and the keyboard.
1 Assignment
0 Petitions
Accused Products
Abstract
A transparent system management interrupt (SMI) handler equipped with system security functions is provided to a personal computer (PC) for providing system security to the PC. Additionally, the keyboard controlling facility of the PC is enhanced to cooperate with the SMI handler to deliver system security under the direction of the SMI handler. The SMI handler'"'"'s system security functions include a number of functions for handling a number of security related events detected by the keyboard controlling facility. The keyboard controlling facility is enhanced to operate in one of three modes, a normal mode, a sleuth mode, and a secured mode, under which the keyboard controlling facility allows "unrestricted" keyboard operations, communicates exclusively with the SMI handler, and allows only "restricted" keyboard operations respectively.
-
Citations
25 Claims
-
1. In a computer system, a computer implemented method for providing system security to the computer system, the method comprising the steps of:
-
a) operating a processor of the computer system in a first state and keyboard control facility of the computer system in a first mode, allowing commands and data to be freely exchanged between the processor and a keyboard of the computer system in a substantially unrestricted manner, except for a first plurality of system security related commands and data; b) operating the processor in a second state and the keyboard control facility in a second mode in response to the presence of the first system security related command and data while the processor is operating in the first state and the keyboard control facility is operating in the first mode, wherein the keyboard control facility communicates exclusively with a transparent system management interrupt (SMI) handler, facilitating servicing of the first system security related commands and data by the SMI handler, and inhibiting all exchange of commands and data between the processor and the keyboard. - View Dependent Claims (2)
-
-
3. In a computer system, a computer implemented method for providing system security to the computer system, the method comprising the steps of:
-
a) operating a processor of the computer system in a first state and keyboard control facility of the computer system in a first mode, substantially inhibiting commands and data to be exchanged between the processor and a keyboard of the computer system, except for a first plurality of system security related commands and data; b) operating the processor in a second state and the keyboard control facility in a second mode in response to the presence of the first system security related command and data while the processor is operating in the first state and the keyboard control facility is operating in the first mode, wherein the keyboard control facility communicates exclusively with a transparent system management interrupt (SMI) handler, facilitating servicing of the first system security related commands and data by the SMI handler, inhibiting exchange of commands and data between the processor and the keyboard.
-
-
4. An apparatus comprising keyboard controlling facility that operates in one of three modes in any point in time during operation,
the three modes including a first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and a coupled processor operating in a first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data, a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data; - and
a third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- and
-
17. An apparatus comprising:
-
a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state; keyboard controlling facility that operates in a one of three modes in any point in time during operation, the three modes including a first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and the processor operating in the first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data, a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data, and a third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A keyboard controller comprising controlling firmware that operates in one of three modes in any point in time during operation,
the three modes including a first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and a coupled processor operating in a first state through the keyboard controller in a substantially unrestricted manner, except for a first plurality of security related commands and data, a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controller are substantially inhibited, except for a second plurality of security related commands and data; - and
a third mode wherein the keyboard controller communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device.
- and
-
23. A computer motherboard comprising:
-
a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state; keyboard controlling facility wherein said keyboard controlling facility includes a virtual keyboard controller that operates in one of three modes in any point in time during operation, the three modes including a first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and the processor operating in the first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data, a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data, and a third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data.
-
-
24. A computer motherboard comprising:
-
a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state; a keyboard controller that operates in one of three modes in any point in time during operation, the three modes including a first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and the processor operating in the first state through the keyboard controller in a substantially unrestricted manner, except for a first plurality of security related commands and data, a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controller are substantially inhibited, except for a second plurality of security related commands and data, and a third mode wherein the keyboard controller communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data.
-
-
25. A computer system comprising:
-
a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state; a keyboard including an auxiliary device for inputting control signals/data; keyboard controlling facility that operates in one of three modes in any point in time during operation, the three modes including a first mode wherein commands and data are allowed to be exchanged between the keyboard/auxiliary device and the processor operating in the first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data, a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data, and a third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data.
-
Specification