Computer system having security features for authenticating different components

US 6,625,729 B1
Filed: 03/31/2000
Issued: 09/23/2003
Est. Priority Date: 03/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. A computer system comprising:

a first section of non-volatile memory configured to store a BIOS program, the first section of non-volatile memory being reprogrammable; and

a second section of non-volatile memory operatively coupled to the first section of non-volatile memory, the second section of non-volatile memory being configured to store a boot-block program;

the BIOS program having a validation routine configured to validate the boot-block program stored in the second section of non-volatile memory.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for protecting a computer system. Specifically, a method and system for validating portions of memory at each power-on cycle is described. A Boot Block is used to validate the BIOS, CMOS and NVRAM of a system. The BIOS may also be used to validate the Boot Block, CMOS and NVRAM.

161 Citations

31 Claims

1. A computer system comprising:
- a first section of non-volatile memory configured to store a BIOS program, the first section of non-volatile memory being reprogrammable; and
  
  a second section of non-volatile memory operatively coupled to the first section of non-volatile memory, the second section of non-volatile memory being configured to store a boot-block program;
  
  the BIOS program having a validation routine configured to validate the boot-block program stored in the second section of non-volatile memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system, as set forth in claim 1, wherein the first section of non-volatile memory comprises a protected segment of a reprogrammable memory device.
  - 3. The system, as set forth in claim 2, wherein the second section of non-volatile memory comprises a reprogrammable segment of the reprogrammable memory device.
  - 4. The system, as set forth in claim 3, wherein the reprogrammable memory device comprises a flash memory comprising the protected segment and the reprogrammable segment.
  - 5. The system, as set forth in claim 1, wherein the first section of non-volatile memory comprises a first memory device.
  - 6. The system, as set forth in claim 5, wherein the second section of non-volatile memory comprises a second memory device.
  - 7. The system, as set forth in claim 1, wherein the BIOS program comprises a public key and a hash algorithm used to validate the boot-block program.
  - 8. The system, as set forth in claim 1, wherein one of the boot-block program and the BIOS program comprises an encrypted hash correlative to the boot-block program.
  - 9. The system, as set forth in claim 8, wherein the encrypted hash is encrypted using a private key correlative to the public key.
  - 10. The system, as set forth in claim 9, wherein the BIOS program validates the boot-block program by calculating a first hash of the boot-block program using the hash algorithm, using the public key to decrypt the encrypted hash to produce a second hash, and comparing the first hash to the second hash.
  - 11. The system, as set forth in claim 10, wherein the BIOS program does not allow the system to boot if the first hash does not match the second hash, and wherein the BIOS program does allow the system to boot if the first hash matches the second hash.
  - 12. The system, as set forth in claim 11, wherein the system warns a user if the first hash does not match the second hash.
  - 13. The system, as set forth in claim 12, wherein the BIOS program allows the system to boot if the first hash does not match the second hash.
  - 14. The system, as set forth in claim 12, wherein the BIOS program allows the system to boot if the first hash does not match the second hash in response to an instruction to boot from the user.
  - 15. The system, as set forth in claim 10, wherein various system resources are enabled or disabled depending upon whether the first hash matches the second hash.
  - 16. The system, as set forth in claim 1, comprising:
17. The system, as set forth in claim 16, wherein the validation routine is configured to validate at least one of the CMOS memory and the NVRAM.
18. The system, as set forth in claim 1, comprising a processing system operatively coupled to the first section of non-volatile memory and to the second section of non-volatile memory.

19. A computer system comprising:
- means for validating a boot-block program stored in a first section of non-volatile memory with a BIOS program stored in a second section of non-volatile memory, wherein the means for validating the boot-block program comprises;
  
  means for storing a public key and a hash algorithm used to validate the boot-block program;
  
  means for storing an encrypted hash correlative to the boot-block program;
  
  means for calculating a first hash of the boot-block program using the hash algorithm;
  
  means for decrypting the encrypted hash using the public key to produce a second hash; and
  
  means for comparing the first hash to the second hash.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system, as set forth in claim 19, wherein the means for validating the boot-block program comprises:
21. The system, as set forth in claim 19, wherein the means for validating the boot-block program comprises:
- means for warning a user if the first hash does not match the second hash.
22. The system, as set forth in claim 21, wherein the means for validating the boot-block program comprises:
- means for booting the system if the first hash does not match the second hash.
23. The system, as set forth in claim 21, wherein the means for validating the boot-block program comprises:
- means for booting the system if the first hash does not match the second hash in response to an instruction to boot from the user.
24. The system, as set forth in claim 19, wherein the means for validating the boot-block program comprises:
- means for enabling or disabling resources in dependence upon whether the first hash matches the second hash.

25. A method of operating a computer system comprising:
- validating a book program stored in a first section of non-volatile memory with a BIOS program stored in a second section of non-volatile memory, wherein the act of validating the boot-block program comprises;
  
  storing a public key and a hash algorithm used to validate the boot-block program;
  
  storing an encrypted hash correlative to the boot-block program;
  
  calculating a first hash of the boot-block program using the hash algorithm;
  
  decrypting the encrypted hash using the public key to produce a second hash; and
  
  comparing the first hash to the second hash.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The method, as set forth in claim 25, wherein the act of validating the boot-block program comprises:
27. The method, as set forth in claim 25, wherein the act of validating the boot-block program comprises:
- warning a user if the first hash does not match the second hash.
28. The method, as set forth in claim 27, wherein the act of validating the boot-block program comprises:
- booting the system if the first hash does not match the second hash.
29. The method, as set forth in claim 27, wherein the act of validating the boot-block program comprises:
- booting the system if the first hash does not match the second hash in response to an instruction to boot from the user.
30. The method, as set forth in claim 25, wherein the act of validating the boot-block program comprises:
- enabling or disabling resources in dependence upon whether the first hash matches the second hash.
31. The method, as set forth in claim 25, wherein the act of validating the BIOS program comprises:
- performing at least one of a self-correcting, reset, and default finction if the first hash does not match the second hash.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MOSAID Technologies Inc. (f/k/a Conversant Intellectual Property Management)
Original Assignee
HP Inc.
Inventors
Collins, David L., Angelo, Michael F., Wisecup, George David
Primary Examiner(s)
Heckler, Thomas M.

Application Number

US09/540,811
Time in Patent Office

1,271 Days
Field of Search

713/1, 713/2, 713/100, 713/168, 713/170, 713/171, 713/176-182, 713/187, 713/189, 713/191, 713/200, 713/201
US Class Current

713/2
CPC Class Codes

G06F 12/1433   for a module or a part of a...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 9/4401   Bootstrapping security arra...

Computer system having security features for authenticating different components

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

161 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system having security features for authenticating different components

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

161 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links