Method and apparatus for enhancing computer system security

US 5,953,502 A
Filed: 02/13/1997
Issued: 09/14/1999
Est. Priority Date: 02/13/1997
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system including a memory and a central processor unit, said central processor unit having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said central processor unit on a respective plurality of control signal lines including a first control signal line being one of said plurality of control signal lines, said first control signal line including a first control signal, said computer system having at least one critical program area stored in said memory, a method for enhancing the security of said computer system, said method comprising:

redirecting said first control signal line from said central processor unit to a second processor having an associated logic controller thereby intercepting said first control signal;

substituting a second control signal to/from said second processor in place of said first control signal such that the second processor captures control of said central processor unit by said logic controller;

verifying said critical program area in said memory with said second processor;

further redirecting said first control signal line if said critical program area is verified such that control of said central processor unit is released by said logic controller to run said critical program;

wherein said second processor, said logic controller, and operation of circuitry associated with said second processor and said logic controller are invisible to all other portions of said computer system, with the exception of a BIOS extension associated with said logic controller, subsequent said step of further redirecting said first control signal line.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security enhanced computer system arrangement includes a coprocessor and a multiprocessor logic controller inserted into the architecture of a conventional computer system. The coprocessor and multiprocessor logic controller is interposed between the CPU of the conventional computer system to intercept and replace control signals that are passed over certain of the critical control signal lines associated with the CPU. The multiprocessor logic controller arrangement thereby isolates the CPU of the conventional computer system from the remainder of the conventional computer system, permitting separate control over the CPU and separate control over the remainder of the computer system. By controlling the control signals that are normally passed between the CPU and the remainder of the computer system, the multiprocessor logic controller permits the coprocessor to perform highly secure operations. These secure operations, selectable by a trusted operator or built in to a cooperating operating system, verify that the computer system is a trusted computing base which can be relied upon to perform its operations properly and without compromise.

358 Citations

70 Claims

1. In a computer system including a memory and a central processor unit, said central processor unit having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said central processor unit on a respective plurality of control signal lines including a first control signal line being one of said plurality of control signal lines, said first control signal line including a first control signal, said computer system having at least one critical program area stored in said memory, a method for enhancing the security of said computer system, said method comprising:
- redirecting said first control signal line from said central processor unit to a second processor having an associated logic controller thereby intercepting said first control signal;
  
  substituting a second control signal to/from said second processor in place of said first control signal such that the second processor captures control of said central processor unit by said logic controller;
  
  verifying said critical program area in said memory with said second processor;
  
  further redirecting said first control signal line if said critical program area is verified such that control of said central processor unit is released by said logic controller to run said critical program;
  
  wherein said second processor, said logic controller, and operation of circuitry associated with said second processor and said logic controller are invisible to all other portions of said computer system, with the exception of a BIOS extension associated with said logic controller, subsequent said step of further redirecting said first control signal line.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method in accordance with claim 1, where said critical program area is an input/output system (BIOS).
  - 3. A method in accordance with claim 1, where said critical program area is an interrupt vector address table.
  - 4. A method in accordance with claim 1, where said critical program area is an operating system (DOS).
  - 5. A method in accordance with claim 1, where said critical program area is a file that executes automatically (autoexec.bat) on start up.
  - 6. A method in accordance with claim 1, where said critical program area is a system configuration control (config.sys) file.
  - 7. A method in accordance with claim 1, where said critical program area is a program or data area specified by a trusted operator.
  - 8. A method in accordance with claim 1, where said computer system has a plurality of critical program areas, and where a second critical program area is verified after said critical program area is verified.
  - 9. A method in accordance with claim 8, where said second critical program area is an interrupt vector address table.
  - 10. A method in accordance with claim 8, where said second critical program area is an operating system (DOS).
  - 11. A method in accordance with claim 8, where said second critical program area is a file that executes automatically (autoexec.bat) on start up.
  - 12. A method in accordance with claim 8, where said second critical program area is a system configuration control (config.sys) file.
  - 13. A method in accordance with claim 8, where said second critical program area is a program or data area specified by a trusted operator.
  - 14. A method in accordance with claim 1, wherein said computer system goes through three steps to prepare it to execute application programs, the first step being a hardware built-in self test, the second step being an input/output (BIOS) program system initialization, and the third step being to boot an operating system, wherein said method further comprises:
    - verifying said critical program area after said hardware built in self test step, and prior to said step of BIOS program system initialization.
  - 15. A method in accordance with claim 1, wherein said computer system goes through three steps to prepare it to execute application programs, the first step being a hardware built-in self test, the second step being an input/output (BIOS) program system initialization, and the third step being to boot an operating system, wherein said method further comprises:
    - verifying said critical program area after said step of BIOS program system initialization, and prior to said step of booting said operating system.
  - 16. A method in accordance with claim 1, wherein said computer system goes through three steps to prepare it to execute application programs, the first step being a hardware built-in self test, the second step being an input/output (BIOS) program system initialization, and the third step being to boot an operating system, wherein said method further comprises:
    - verifying said critical program area after said step of booting said operating system, and as requested by a trusted operator.

17. In a computer system including a memory and a central processor unit, said central processor unit having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said central processor unit on a respective plurality of control signal lines including a first control signal line being one of said plurality of control signal lines, said first control signal line including a first control signal, said computer system having at least one critical program area stored in said memory, a method for enhancing the security of said computer system, said method comprising:
- providing a second processor having an associated logic controller;
  
  detecting start up of said computer system;
  
  capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system;
  
  verifying a first critical program area in said memory with said second processor;
  
  releasing control of said central processor unit by said logic controller to run said critical program if said first critical program area is verified;
  
  wherein said second processor, said logic controller, and operation of circuitry associated with said second processor and said logic controller are invisible to all other portions of said computer system, with the exception of a BIOS extension associated with said logic controller, subsequent said step of releasing control.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 18. A method in accordance with claim 17, wherein said step of capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system comprises:
    - halting said central processor unit.
  - 19. A method in accordance with claim 17, wherein said central processor unit includes a clock signal input for receiving a clock signal, and wherein said step of capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system comprises:
    - intercepting said clock signal to said central processor unit.
  - 20. A method in accordance with claim 17, wherein said step of capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system comprises:
    - intercepting said first control signal.
  - 21. A method in accordance with claim 20, wherein said step of intercepting said first control signal comprises:
    - redirecting said first control signal line from said central processor unit to said second processor thereby intercepting said first control signal; and
      
      substituting a second control signal to/from said second processor in place of said first control signal.
  - 22. A method in accordance with claim 21, wherein said step of releasing control of said central processor unit to run said critical program, includes the step of further redirecting said first control signal line such that control of said central processor unit is released by said logic controller.
  - 23. A method in accordance with claim 17, wherein said step of capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system comprises:
    - intercepting an interrupt vector address signal.
  - 24. A method in accordance with claim 17, wherein said step of capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system comprises:
    - intercepting a data strobe signal.
  - 25. A method in accordance with claim 17, wherein said step of capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system comprises:
    - intercepting an address strobe signal.
  - 26. A method in accordance with claim 17, wherein said step of capturing control of said central processor unit by said logic controller responsive to said step of detecting start up of said computer system comprises:
    - intercepting a data ready signal.
  - 27. A method in accordance with claim 17, wherein said step of detecting start up of said computer system comprises:
    - detecting power up of said computer system.
  - 28. A method in accordance with claim 17, wherein said step of detecting start up of said computer system comprises:
    - detecting hard system reset of said computer system.
  - 29. A method in accordance with claim 17, where said first critical program area is an input/output system (BIOS).
  - 30. A method in accordance with claim 29, further comprising:
    - recapturing control of said central processor unit by said logic controller responsive to running said critical program;
      
      verifying a second critical program area in said memory with said second processor;
      
      releasing control of said central processor unit by said logic controller to run said second critical program if said second critical program area is verified.
  - 31. A method in accordance with claim 30, wherein said second critical program area is the interrupt vector address table.
  - 32. A method in accordance with claim 30, wherein said second critical program area is an operating system (DOS).
  - 33. A method in accordance with claim 30, where said second critical program area is a file that executes automatically (autoexec.bat) on start up.
  - 34. A method in accordance with claim 30, where said second critical program area is a system configuration control (config.sys) file.
  - 35. A method in accordance with claim 30, where said second critical program area is a program or data area specified by a trusted operator.

36. In a computer system including a memory and a central processor unit, said central processor unit having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said central processor unit on a respective plurality of control signal lines including a first control signal line being one of said plurality of control signal lines, said first control signal line including a first control signal, said computer system having at least one critical program area stored in said memory, an apparatus for enhancing the security of said computer system, said apparatus comprising:
- means for redirecting said first control signal line from said central processor unit to a second processor having an associated logic controller thereby intercepting said first control signal;
  
  means for substituting a second control signal to/from said second processor in place of said first control signal such that the second processor captures control of said central processor unit by said logic controller;
  
  means for verifying said critical program area in said memory with said second processor;
  
  means for further redirecting said first control signal line if said critical program area is verified such that control of said central processor unit is released by said logic controller to run said critical program;
  
  wherein said second processor, said logic controller, and operation of circuitry associated with said second processor and said logic controller are invisible to all other portions of said computer system, with the exception of a BIOS extension associated with said logic controller, subsequent said further redirecting of said first control signal line.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 37. An apparatus in accordance with claim 36, where said critical program area is an input/output system (BIOS).
  - 38. An apparatus in accordance with claim 36, where said critical program area is an interrupt vector address table.
  - 39. An apparatus in accordance with claim 36, where said critical program area is an operating system (DOS).
  - 40. An apparatus in accordance with claim 36, where said critical program area is a file that executes automatically (auto(exec.bat) on start up.
  - 41. An apparatus in accordance with claim 36, where said critical program area is a system configuration control (config.sys) file.
  - 42. An apparatus in accordance with claim 36, where said critical program area is a program or data area specified by a trusted operator.
  - 43. An apparatus in accordance with claim 36, where said computer system has a plurality of critical program areas, and where a second critical program area is verified after said critical program area is verified.
  - 44. An apparatus in accordance with claim 43, where said second critical program area is an interrupt vector address table.
  - 45. An apparatus in accordance with claim 43, where said second critical program area is an operating system (DOS).
  - 46. An apparatus in accordance with claim 43, where said second critical program area is a file that executes automatically (autoexec.bat) on start up.
  - 47. An apparatus in accordance with claim 43, where said second critical program area is a system configuration control (config.sys) file.
  - 48. An apparatus in accordance with claim 43, where said second critical program area is a program or data area specified by a trusted operator.
  - 49. An apparatus in accordance with claim 36, wherein said computer system goes through three steps to prepare it to execute application programs, the first step being a hardware built-in self test, the second step being an input/output (BIOS) program system initialization, and the third step being to boot an operating system, wherein said apparatus further comprises:
    - means for verifying said critical program area after said hardware built in self test step, and prior to said means for BIOS program system initialization.
  - 50. An apparatus in accordance with claim 36, wherein said computer system goes through three steps to prepare it to execute application programs, the first step being a hardware built-in self test, the second step being an input/output (BIOS) program system initialization, and the third step being to boot an operating system, wherein said apparatus further comprises:
    - means for verifying said critical program area after said means for BIOS program system initialization, and prior to said means for booting said operating system.
  - 51. An apparatus in accordance with claim 36, wherein said computer system goes through three steps to prepare it to execute application programs, the first step being a hardware built-in self test, the second step being an input/output (BIOS) program system initialization, and the third step being to boot an operating system, wherein said apparatus further comprises:
    - means for verifying said critical program area after said means for booting said operating system, and as requested by a trusted operator.

52. In a computer system including a memory and a central processor unit, said central processor unit having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said central processor unit on a respective plurality of control signal lines including a first control signal line being one of said plurality of control signal lines, said first control signal line including a first control signal, said computer system having at least one critical program area stored in said memory, an apparatus for enhancing the security of said computer system, said apparatus comprising:
- a second processor having an associated logic controller;
  
  means for detecting start up of said computer system;
  
  means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system;
  
  means for verifying a first critical program area in said memory with said second processor;
  
  means for releasing control of said central processor unit by said logic controller to run said critical program if said first critical program area is verified;
  
  wherein said second processor, said logic controller, and operation of circuitry associated with said second processor and said logic controller are invisible to all other portions of said computer system, with the exception of a BIOS extension associated with said logic controller, subsequent said releasing control.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
- - 53. An apparatus in accordance with claim 52, wherein said means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system comprises:
    - means for halting said central processor unit.
  - 54. An apparatus in accordance with claim 52, wherein said central processor unit includes a clock signal input for receiving a clock signal, and wherein said means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system comprises:
    - means for intercepting said clock signal to said central processor unit.
  - 55. An apparatus in accordance with claim 52, wherein said means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system comprises:
    - means for intercepting said first control signal.
  - 56. An apparatus in accordance with claim 55, wherein said means for intercepting said first control signal comprises:
    - means for redirecting said first control signal line from said central processor unit to said second processor thereby intercepting said first control signal; and
      
      means for substituting a second control signal to/from said second processor in place of said first control signal.
  - 57. An apparatus in accordance with claim 56, wherein said means for releasing control of said central processor unit to run said critical program, includes means for further redirecting said first control signal line such that control of said central processor unit is released by said logic controller.
  - 58. An apparatus in accordance with claim 52, wherein said means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system comprises:
    - means for intercepting an interrupt vector address signal.
  - 59. An apparatus in accordance with claim 52, wherein said means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system comprises:
    - means for intercepting a data strobe signal.
  - 60. An apparatus in accordance with claim 52, wherein said means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system comprises:
    - means for intercepting an address strobe signal.
  - 61. An apparatus in accordance with claim 52, wherein said means for capturing control of said central processor unit by said logic controller responsive to said means for detecting start up of said computer system comprises:
    - means for intercepting a data ready signal.
  - 62. An apparatus in accordance with claim 52, wherein said means for detecting start up of said computer system comprises:
    - means for detecting power up of said computer system.
  - 63. An apparatus in accordance with claim 52, wherein said means for detecting start up of said computer system comprises:
    - means for detecting hard system reset of said computer system.
  - 64. An apparatus in accordance with claim 52, where said first critical program area is an input/output system (BIOS).
  - 65. An apparatus in accordance with claim 64, further comprising:
    - means for recapturing control of said central processor unit by said logic controller responsive to running said critical program;
      
      means for verifying a second critical program area in said memory with said second processor;
      
      means for releasing control of said central processor unit by said logic controller to run said second critical program if said second critical program area is verified.
  - 66. An apparatus in accordance with claim 65, wherein said second critical program area is the interrupt vector address table.
  - 67. An apparatus in accordance with claim 65, wherein said second critical program area is an operating system (DOS).
  - 68. An apparatus in accordance with claim 65, where said second critical program area is a file that executes automatically (autoexec.bat) on start up.
  - 69. An apparatus in accordance with claim 65, where said second critical program area is a system configuration control (config.sys) file.
  - 70. An apparatus in accordance with claim 65, where said second critical program area is a program or data area specified by a trusted operator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Helbig Company LLC
Original Assignee
Walter A. Helbig Sr
Inventors
Helbig, Walter A Sr.
Primary Examiner(s)
Palys, Joseph E.

Application Number

US08/799,339
Time in Patent Office

943 Days
Field of Search

395/186, 395/188.01, 395/187.01, 395/182.09, 395/182.1, 395/182.11, 395/183.12, 395/651, 395/652, 395/653, 380/3, 380/4, 380/23, 380/25
US Class Current

726/24
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/567   using dedicated hardware

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2207/7219   Countermeasures against sid...

G06F 2211/1097   Boot, Start, Initialise, Power

G06F 2221/2101   Auditing as a secondary aspect

G06F 9/3879   for non-native instruction ...

Method and apparatus for enhancing computer system security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

358 Citations

70 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enhancing computer system security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

358 Citations

70 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links