Method and apparatus for providing secure and private keyboard communications in computer systems
First Claim
1. A method for securely communicating data from a keyboard to a non-readable security device in a computer system having a processor incorporating system management mode or similar capabilities, the keyboard and computer system being coupled via a keyboard interface, the method comprising the steps of:
- generating a system management interrupt in response to a request for secure communications;
placing the processor in system management mode to execute a system management interrupt handler as a result of said step of generating a system management interrupt;
entering keystroke data via a keyboard, wherein a keyboard interrupt is also generated;
setting a secured keyboard bit or otherwise communicating a command that causes specialized circuitry in the keyboard interface to intercept the keyboard interrupt;
rerouting the keyboard interrupt or a signal generated therefrom to the non-readable security device to indicate the presence of keyboard data; and
diverting the keystroke data to the non-readable security device in response to the step of generating a system management interrupt in response to a request for secure communications.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing secure and private keyboard communications in a computer system. A request for private keyboard communications causes the computer'"'"'s processor to enter into system management mode by generating an system management interrupt. A secure system management interrupt handler then directs specialized hardware to intercept and divert keyboard interrupts, such that data entered via the keyboard is only communicated to a non-readable black box security device that controls access to protected system resources. Keyboard data is thereby protected from interception by malicious software.
165 Citations
12 Claims
-
1. A method for securely communicating data from a keyboard to a non-readable security device in a computer system having a processor incorporating system management mode or similar capabilities, the keyboard and computer system being coupled via a keyboard interface, the method comprising the steps of:
-
generating a system management interrupt in response to a request for secure communications; placing the processor in system management mode to execute a system management interrupt handler as a result of said step of generating a system management interrupt; entering keystroke data via a keyboard, wherein a keyboard interrupt is also generated; setting a secured keyboard bit or otherwise communicating a command that causes specialized circuitry in the keyboard interface to intercept the keyboard interrupt; rerouting the keyboard interrupt or a signal generated therefrom to the non-readable security device to indicate the presence of keyboard data; and diverting the keystroke data to the non-readable security device in response to the step of generating a system management interrupt in response to a request for secure communications. - View Dependent Claims (2, 3, 4)
-
-
5. A method for secure retrieval of data from a keyboard into a computer system, the computer system having a keyboard interface for connecting the keyboard, the computer system further having a non-readable security device containing protected password data or other critical information and a processor incorporating system management mode capabilities, the method comprising the steps of:
-
loading appropriate data into processor registers to communicate to a system management interrupt handler a request for a secure communications link between the keyboard and the non-readable security device; generating a system management interrupt in response to a request for secure retrieval of data, whereby the system management interrupt places the computer system in system management mode to execute a system management interrupt handler, wherein execution of the system management interrupt handler comprises the steps of; retrieving the appropriate data from the processor registers; and directing the processor to set a secure keyboard bit or otherwise communicate a command to specialized circuitry in the keyboard interface directing the specialized circuitry to intercept the next keyboard interrupt; entering secure keystroke data via a keyboard, whereby a keyboard interrupt is also generated; intercepting the keyboard interrupt and communicating a signal from the specialized circuitry to the non-readable security device, the signal from the specialized circuitry indicating the presence of secure keystroke data; diverting the secure keystroke data to the non-readable security device in response to the signal from the specialized circuitry; comparing the diverted secure keystroke data to the protected password data or other critical information stored in the non-readable security device; and repeating the prior steps until entry of an entire password or other critical data has been completed. - View Dependent Claims (6, 7)
-
-
8. A computer system incorporating the capability to securely communicate data between a keyboard and a non-readable security device, the computer system comprising:
-
a processor including system management mode capabilities; a keyboard for entering keystroke data; a keyboard controller electrically coupled to said keyboard for receiving the keystroke data and communicating it to a system bus; interrupt generating logic responsively coupled to said keyboard controller, said interrupt generating logic producing a keyboard interrupt upon detection of keystroke data; an interrupt controller for receiving the keyboard interrupt; a non-readable security device electrically coupled to said system bus; a system management mode memory for storing a system management interrupt handler routine that executes in response to requests for secure communications; a gating circuit for selectively intercepting said keyboard interrupt prior to reception by said interrupt controller, said gating circuit being electrically coupled to said interrupt generating logic, said interrupt controller and said non-readable security device, said gating circuit being responsive to the execution of said system management interrupt handler in response to a request for secure communications such that said gating circuit intercepts the keyboard interrupt and communicates a control signal to said non-readable security device directing said non-readable security device to retrieve keystroke data from said system bus. - View Dependent Claims (9, 10, 11, 12)
-
Specification