Method and apparatus for secure execution of software prior to a computer system being powered down or entering a low energy consumption mode

US 5,850,559 A
Filed: 08/07/1996
Issued: 12/15/1998
Est. Priority Date: 08/07/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for secure execution of software prior to a computer system entering a reduced energy consumption state, the computer system having a processor incorporating system management capabilities, the computer system also having an application registrar maintained in protected system management memory and a stored table containing a modification detection value for programs contained in the application registrar, the computer system further including a power supply source, the method comprising the steps of:

registering a program with the application registrar;

generating a system management interrupt in response to a request to place the computer system in a reduced energy consumption state;

placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and

executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;

generating a current modification detection value for the program registered with the application register;

determining if the stored table contains a secure modification detection value for the registered program or file;

retrieving the secure modification detection value if it exists in the stored table;

comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and

permitting execution of the registered program if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system that automatically and securely executes registered programs immediately prior to a transition to a reduced energy consumption state. A registrar table specifying registered programs and a secure modification detection value for each registered program are maintained in system management mode memory or other secure memory space in the computer system. A system management interrupt is generated following a request to remove power from the computer system or the occurrence of an event that triggers an energy saving mode. The system management interrupt handler routine then generates a current modification detection value for each registered program. The current modification detection values are compared with the secure modification detection values. Execution of a registered program is permitted if the values match. After all registered programs have been executed, the computer system automatically powers down or enters an energy saving mode. The computer system thereby allows secure and convenient execution of programs or commands that would typically interfere with normal computer use.

Citations

23 Claims

1. A method for secure execution of software prior to a computer system entering a reduced energy consumption state, the computer system having a processor incorporating system management capabilities, the computer system also having an application registrar maintained in protected system management memory and a stored table containing a modification detection value for programs contained in the application registrar, the computer system further including a power supply source, the method comprising the steps of:
- registering a program with the application registrar;
  
  generating a system management interrupt in response to a request to place the computer system in a reduced energy consumption state;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  generating a current modification detection value for the program registered with the application register;
  
  determining if the stored table contains a secure modification detection value for the registered program or file;
  
  retrieving the secure modification detection value if it exists in the stored table;
  
  comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and
  
  permitting execution of the registered program if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the reduced energy consumption state involves disabling the power supply to computer system components.
  - 3. The method of claim 2, further comprising the step of:
    - following execution of the registered program, transmitting a shutdown control signal to the power supply source or otherwise causing power to be removed from computer system components without further intervention from the computer user.
  - 4. The method of claim 1, wherein the reduced energy consumption state is a low energy consumption mode in which energy saving features of the computer system are enabled.
  - 5. The method of claim 4, further comprising the step of:
    - following execution of the registered program, asserting an activation signal to the energy saving features of the computer system or otherwise causing the computer system to enter a low energy consumption mode without further intervention from the computer user.
  - 6. The method of claim 1, wherein the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.
  - 7. The method of claim 1, further comprising the steps of:
    - following said step of determining if the stored table contains a secure modification value for the registered program, alerting the user if the stored table does not contain a secure modification detection value for the registered program;
      
      determining if the user desires to update the stored table to include a secure modification detection value for the registered program;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required; and
      
      updating the stored table to include a secure modification detection value for the registered program if the user desires to update the stored table and no administrative password is required or following entry of the administrative password if an administrative password is required.
  - 8. The method of claim 7, further comprising the steps of:
    - following said step of comparing the current modification detection value to the secure modification detection value, alerting the user if the current modification detection value is not equal to the secure modification detection value;
      
      determining if the user desires to update the stored table to include the current modification detection value;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required; and
      
      updating the stored table to include the current modification detection value if the user desires to update the stored table and no administrative password is required or following entry of the administrative password if an administrative password is required.
  - 9. The method of claim 1, wherein the stored table is maintained in normal memory and a secure table modification detection value for the table itself is maintained in protected system management memory, the method further comprising the steps of:
    - prior to said step of permitting execution of the registered program, generating a current table modification detection value for the stored table;
      
      comparing the current table modification detection value to the secure table modification detection value; and
      
      retrieving the secure modification detection value if it exists in the stored table and the current table modification detection value is equal to the secure table modification detection value.
  - 10. The method of claim 9, further comprising the steps of:
    - following said step of determining if the stored table contains a secure modification value for the registered program, alerting the user if the stored table does not contain a secure modification detection value for the registered program;
      
      determining if the user desires to update the stored table to include a secure modification detection value for the registered program;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required;
      
      updating the stored table to include a secure modification detection value for the registered program if the user desires to update the stored table and no administrative password is required or following entry of the administrative password if an administrative password is required; and
      
      updating the secure table modification detection value to correspond to the updated stored table.
  - 11. The method of claim 10, further comprising the steps of:
    - following said step of comparing the current modification detection value to the secure modification detection value, alerting the user if the current modification detection value is not equal to the secure modification detection value;
      
      determining if the user desires to update the stored table to include the current modification detection value;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required;
      
      updating the stored table to include the current modification detection value if the user desires to update the stored table and no administrative password is required or following entry of the administrative password and an administrative password is required; and
      
      updating the secure table modification detection value to correspond to the updated stored table.
  - 12. The method of claim 9, wherein the secure table modification detection value, the current table modification detection value, the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.

13. A computer system comprising:
- a processor incorporating system management capabilities;
  
  a power supply source for supplying power to the computer system;
  
  a protected system management memory, the system management memory containing;
  
  a modification detection code for generating a modification detection value;
  
  an application registrar containing a value that specifies a registered program;
  
  a secure modification detection value for the registered program, wherein the secure modification detection value represents an authorized or unaltered condition for the program; and
  
  a system management mode interrupt handler routine for directing the processor to;
  
  generate, via said modification detection code, a current modification detection value for the program registered with said application registrar;
  
  determine if the current modification detection value is equal to the secure modification detection value;
  
  permit execution of the registered program if the current modification detection value is equal to the secure modification detection value; and
  
  transmit a shutdown control signal to the power supply source or otherwise cause power to be removed from the computer system without further intervention from the computer user; and
  
  an interrupt generator configured to generate a system management interrupt in response to a request to remove power to the computer system, wherein the system management mode interrupt causes the system management interrupt handler routine to be executed.
- View Dependent Claims (14)
- - 14. The computer system of claim 13, wherein the modification detection code is a hash algorithm and the modification detection values are hash values.

15. A computer system comprising:
- a processor incorporating system management capabilities;
  
  a protected system management memory, the protected system management memory containing;
  
  a modification detection code for generating a modification detection value;
  
  an application registrar containing a value that specifies a registered program,a secure modification detection value for the registered program, wherein the secure modification detection value represents an authorized or unaltered condition for the program; and
  
  a system management mode interrupt handler routine for directing the processor to;
  
  generate, via said modification detection code, a current modification detection value for the program registered with said application registrar;
  
  determine if the current modification detection value is equal to the secure modification detection value;
  
  permit execution of the registered program if the current modification detection value is equal to the secure modification detection value; and
  
  assert an activation signal to energy saving features of the computer system or otherwise cause the computer system to enter a low energy consumption mode without further intervention from the computer user; and
  
  an interrupt generator for generating a system management interrupt in response to a period of inactivity of predetermined length in a specified system component, wherein the system management mode interrupt causes the system management interrupt handler routine to be executed.
- View Dependent Claims (16, 17, 18)
- - 16. The computer system of claim 15, wherein the modification detection code is a hash algorithm and the modification detection values are hash values.
  - 17. The computer system of claim 15, further comprising:
    - interrupt logic coupled to said interrupt generator, wherein said interrupt generator is an activity timer that causes said interrupt logic to generate the system management interrupt.
  - 18. The computer system of claim 15, wherein said interrupt generator is a software process that monitors the system for activity to or from the specified system component.

19. A method for execution of registered software prior to a computer system entering a reduced energy consumption state, the computer system having a processor incorporating system management capabilities and a power supply source, the method comprising the steps of:
- registering a program with an application registrar maintained in protected system management memory;
  
  generating a system management interrupt in response to a request to place the computer system in a reduced energy consumption state;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  determining that the application registrar contains a registration for the program to be executed; and
  
  permitting execution of the program that is determined to be registered.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, wherein the reduced energy consumption state involves disabling the power supply to computer system components.
  - 21. The method of claim 20, further comprising the step of:
    - following execution of the registered program, transmitting a shutdown control signal to the power supply source or otherwise causing power to be removed from computer system components without further intervention from the computer user.
  - 22. The method of claim 19, wherein the reduced energy consumption state is a low energy consumption mode in which energy saving features of the computer system are enabled.
  - 23. The method of claim 22, further comprising the step of:
    - following execution of the registered program, asserting an activation signal to the energy saving features of the computer system or otherwise causing the computer system to enter a low energy consumption mode without further intervention from the computer user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Miller, Craig A., Angelo, Michael F.
Primary Examiner(s)
An, Meng-Ai T.
Assistant Examiner(s)
PANCHOLI, JIGAR K

Application Number

US08/693,458
Time in Patent Office

860 Days
Field of Search

395/750.01-750.06, 395/183.14
US Class Current

713/320
CPC Class Codes

G06F 1/26   Power supply means, e.g. re...

G06F 1/30   Means for acting in the eve...

G06F 21/81   by operating on the power s...

Method and apparatus for secure execution of software prior to a computer system being powered down or entering a low energy consumption mode

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure execution of software prior to a computer system being powered down or entering a low energy consumption mode

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links