Method and apparatus for providing system security to personal computer systems using transparent system interrupt

US 5,724,027 A
Filed: 09/28/1995
Issued: 03/03/1998
Est. Priority Date: 09/28/1995
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system, a computer implemented method for providing system security to the computer system, the method comprising the steps of:

a) operating a processor of the computer system in a first state and keyboard control facility of the computer system in a first mode, allowing commands and data to be freely exchanged between the processor and a keyboard of the computer system in a substantially unrestricted manner, except for a first plurality of system security related commands and data;

b) operating the processor in a second state and the keyboard control facility in a second mode in response to the presence of the first system security related command and data while the processor is operating in the first state and the keyboard control facility is operating in the first mode, wherein the keyboard control facility communicates exclusively with a transparent system management interrupt (SMI) handler, facilitating servicing of the first system security related commands and data by the SMI handler, and inhibiting all exchange of commands and data between the processor and the keyboard.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A transparent system management interrupt (SMI) handler equipped with system security functions is provided to a personal computer (PC) for providing system security to the PC. Additionally, the keyboard controlling facility of the PC is enhanced to cooperate with the SMI handler to deliver system security under the direction of the SMI handler. The SMI handler'"'"'s system security functions include a number of functions for handling a number of security related events detected by the keyboard controlling facility. The keyboard controlling facility is enhanced to operate in one of three modes, a normal mode, a sleuth mode, and a secured mode, under which the keyboard controlling facility allows "unrestricted" keyboard operations, communicates exclusively with the SMI handler, and allows only "restricted" keyboard operations respectively.

Citations

25 Claims

1. In a computer system, a computer implemented method for providing system security to the computer system, the method comprising the steps of:
- a) operating a processor of the computer system in a first state and keyboard control facility of the computer system in a first mode, allowing commands and data to be freely exchanged between the processor and a keyboard of the computer system in a substantially unrestricted manner, except for a first plurality of system security related commands and data;
  
  b) operating the processor in a second state and the keyboard control facility in a second mode in response to the presence of the first system security related command and data while the processor is operating in the first state and the keyboard control facility is operating in the first mode, wherein the keyboard control facility communicates exclusively with a transparent system management interrupt (SMI) handler, facilitating servicing of the first system security related commands and data by the SMI handler, and inhibiting all exchange of commands and data between the processor and the keyboard.
- View Dependent Claims (2)
- - 2. The method as set forth in claim 1, whereinthe method further comprises the step of (c) operating the processor in the first state and the keyboard control facility in a third mode, substantially inhibiting exchange of commands and data between the processor and the keyboard, except for a second plurality of system security related commands and data;
    - step (b) further comprises operating the processor in the second state and the keyboard controlling facility in the second mode in response to the presence of the second commands and data while the processor is operating in the first state and the keyboard controlling facility is operating in the third mode, wherein the keyboard controlling facility also communicates exclusively with the transparent system management interrupt (SMI) handler, facilitating servicing of the second system security related commands and data by the SMI handler, and inhibiting exchange of commands and data between the processor and the keyboard.

3. In a computer system, a computer implemented method for providing system security to the computer system, the method comprising the steps of:
- a) operating a processor of the computer system in a first state and keyboard control facility of the computer system in a first mode, substantially inhibiting commands and data to be exchanged between the processor and a keyboard of the computer system, except for a first plurality of system security related commands and data;
  
  b) operating the processor in a second state and the keyboard control facility in a second mode in response to the presence of the first system security related command and data while the processor is operating in the first state and the keyboard control facility is operating in the first mode, wherein the keyboard control facility communicates exclusively with a transparent system management interrupt (SMI) handler, facilitating servicing of the first system security related commands and data by the SMI handler, inhibiting exchange of commands and data between the processor and the keyboard.

4. An apparatus comprising keyboard controlling facility that operates in one of three modes in any point in time during operation,the three modes including a first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and a coupled processor operating in a first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data,a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data;
- anda third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 5. The apparatus as set forth in claim 4, wherein the keyboard controlling facility includes logic for unconditionally channeling data received from the keyboard/auxiliary device to the processor, except for a plurality of predetermined key sequences from the keyboard/auxiliary device, while the processor is operating in the first state and the keyboard controlling facility is operating in the first mode.
  - 6. The apparatus as set forth in claim 5, wherein the keyboard controlling facility includes logic for transitioning into and operating the keyboard controlling facility in the third mode, in response to one of the predetermined key sequences from the keyboard/auxiliary device, while the processor is operating in the first state and the keyboard controlling facility is operating in the first mode.
  - 7. The apparatus as set forth in claim 6, wherein the predetermined key sequences include a predetermined key sequence denoting a user'"'"'s desire for a system comprising the processor to be secured.
  - 8. The apparatus as set forth in claim 4, wherein the keyboard controlling facility includes logic for unconditionally responding to commands from the processor directed towards the keyboard controlling facility and unconditionally channeling data received from the processor to the keyboard/auxiliary device, except for a plurality of predetermined commands from the processor that are directed towards the keyboard controlling facility, while the processor is operating in the first state and the keyboard controlling facility is operating in the first mode.
  - 9. The apparatus as set forth in claim 8, wherein the keyboard controlling facility includes logic for conditionally performing zero or at least one pre-transition operation depending on the command, and then transitioning into and operating the keyboard controller in the third mode, in response to one of the predetermined commands from the processor, while the processor is operating in the first state and the keyboard controlling facility in the first mode.
  - 10. The apparatus as set forth in claim 9, wherein the predetermined commands include a command instructing the keyboard controlling facility to download a password from a non-volatile memory into the keyboard controlling facility, the keyboard controlling facility downloading the password before transitioning into and operating the keyboard controlling facility in the third mode.
  - 11. The apparatus as set forth in claim 9, wherein the predetermined commands include a command instructing the keyboard controlling facility to enter the second mode, the keyboard controlling facility transitioning into and operating the keyboard controlling facility in the third mode, without performing any pre-transition operations.
  - 12. The apparatus as set forth in claim 4, wherein the keyboard controlling facility includes logic for conditionally channeling data received from the keyboard device to the processor if the data are expected responses from the keyboard, while the processor is operating in the first state and the keyboard controlling facility is operating in the second mode.
  - 13. The apparatus as set forth in claim 12, wherein the keyboard controlling facility includes logic for transitioning into and operating the keyboard controlling facility in the third mode, in response to unexpected data received from the keyboard, while the processor is operating in the first state and the keyboard controlling facility is operating in the second mode.
  - 14. The apparatus as set forth in claim 4, wherein the keyboard controlling facility includes logic for unconditionally responding to commands from the processor directed towards the keyboard controlling facility and unconditionally channeling data received from the processor to the keyboard, while the processor is operating in the first state and the keyboard controlling facility is operating in the second mode.
  - 15. The apparatus as set forth in claim 4, wherein the keyboard controlling facility includes logic for uploading a password to the processor, in response to a command from the processor, while the processor is operating in the second state and the keyboard controlling facility is operating in the third mode.
  - 16. The apparatus as set forth in claim 4, wherein the keyboard controlling facility includes logic for transitioning into and operating the keyboard controlling facility in either the first or the second mode, in response to a command from the processor, while the processor is operating in the second state and the keyboard controlling facility is operating in the third mode.

17. An apparatus comprising:
- a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state;
  
  keyboard controlling facility that operates in a one of three modes in any point in time during operation, the three modes includinga first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and the processor operating in the first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data,a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data, anda third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and
  
  an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The apparatus as set forth in claim 17, whereinthe keyboard controlling facility includes logic for establishing exclusive communication with the interrupt handler to operate the keyboard controlling facility in the third mode by triggering the interrupt, when transitioning from either the first or the second mode to the third mode;
    - andthe keyboard controlling facility further includes logic for providing the interrupt handler with a reason for triggering the interrupt.
  - 19. The apparatus as set forth in claim 18, wherein the interrupt handler includes logic for instructing the keyboard controlling facility to upload a password, and upon receiving and saving the password, instructing the keyboard controlling facility to operate in the first mode, in response to a triggering reason, the triggering reason being the keyboard controlling facility having received a command to download a password from the processor.
  - 20. The apparatus as set forth in claim 18, wherein the interrupt handler includes logic for instructing the keyboard controlling facility to operate in the second mode, in response to a triggering reason, the triggering reason being the keyboard controlling facility having received a command to activate security from the processor.
  - 21. The apparatus as set forth in claim 18, wherein the interrupt handler includes logic for updating a running sequence of unexpected data received from the keyboard, and conditionally instructing the keyboard controlling facility to operate in either the first or the second mode depending on whether a required password has been entered, in response to a triggering reason, the triggering reason being the keyboard controlling facility having received unexpected data from the keyboard.

22. A keyboard controller comprising controlling firmware that operates in one of three modes in any point in time during operation,the three modes including a first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and a coupled processor operating in a first state through the keyboard controller in a substantially unrestricted manner, except for a first plurality of security related commands and data,a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controller are substantially inhibited, except for a second plurality of security related commands and data;
- anda third mode wherein the keyboard controller communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device.

23. A computer motherboard comprising:
- a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state;
  
  keyboard controlling facility wherein said keyboard controlling facility includes a virtual keyboard controller that operates in one of three modes in any point in time during operation, the three modes includinga first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and the processor operating in the first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data,a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data, anda third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and
  
  an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data.

24. A computer motherboard comprising:
- a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state;
  
  a keyboard controller that operates in one of three modes in any point in time during operation, the three modes includinga first mode wherein commands and data are allowed to be exchanged between a coupled keyboard/auxiliary device and the processor operating in the first state through the keyboard controller in a substantially unrestricted manner, except for a first plurality of security related commands and data,a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controller are substantially inhibited, except for a second plurality of security related commands and data, anda third mode wherein the keyboard controller communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and
  
  an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data.

25. A computer system comprising:
- a processor having a first and a second state of operation, an interrupt for switching the processor from the first state to the second state, and an instruction for returning the processor to the first state from the second state;
  
  a keyboard including an auxiliary device for inputting control signals/data;
  
  keyboard controlling facility that operates in one of three modes in any point in time during operation, the three modes includinga first mode wherein commands and data are allowed to be exchanged between the keyboard/auxiliary device and the processor operating in the first state through the keyboard controlling facility in a substantially unrestricted manner, except for a first plurality of security related commands and data,a second mode wherein commands and data exchanges between the processor operating in the first state and the keyboard/auxiliary device through the keyboard controlling facility are substantially inhibited, except for a second plurality of security related commands and data, anda third mode wherein the keyboard controlling facilitating communicates exclusively with the processor operating in a second state, facilitating servicing of either the first or the second security related commands and data, and inhibiting all command and data exchanges between the processor and the keyboard/auxiliary device; and
  
  an interrupt handler executed by the processor in the second state for servicing the first or the second security related commands and data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Shipman, Mark, Christeson, Orville
Primary Examiner(s)
Zimmerman, Brian
Assistant Examiner(s)
Beaulieu, Yonel

Application Number

US08/535,725
Time in Patent Office

887 Days
Field of Search

340/825.31, 340/825.34, 340/34, 380/23, 380/25, 380/4, 235/380, 235/382, 235/382.5, 395/734, 395/735, 395/742, 395/186, 395/200.06, 395/187.01, 364/188, 364/189
US Class Current

726/16
CPC Class Codes

G06F 21/83 input devices, e.g. keyboar...

Method and apparatus for providing system security to personal computer systems using transparent system interrupt

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing system security to personal computer systems using transparent system interrupt

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links