Personal computer security mechanism
First Claim
1. A device for use in a personal computer system, wherein the device comprises a storage location for storing a GUID, wherein the device is configured to provide the GUID to a master in the computer system during a trusted setup, and wherein the device is further configured to provide at least an indication of the GUID during a data transaction.
7 Assignments
0 Petitions
Accused Products
Abstract
A device, method, and system for authenticating devices in a computer system. The device includes a storage location for storing a GUID. The device is configured to provide the GUID to a master in the computer system during a trusted setup. The device is further configured to provide at least an indication of the GUID during a data transaction. The computer system includes a master device and a device comprising a storage location for storing a GUID. The device is configured to provide the GUID to the master device during a trusted setup. The device is further configured to provide at least an indication of the GUID during a data transaction. The method includes providing a GUID and receiving a request for a data transaction. The method also includes transmitting data in the data transaction and at least an indication of the GUID in the data transaction and authenticating the data using at least the indication of the GUID in the data transaction.
107 Citations
109 Claims
- 1. A device for use in a personal computer system, wherein the device comprises a storage location for storing a GUID, wherein the device is configured to provide the GUID to a master in the computer system during a trusted setup, and wherein the device is further configured to provide at least an indication of the GUID during a data transaction.
-
18. A device for use in a personal computer system, wherein the device comprises one or more storage locations for storing one or more of the group consisting of a GUID, a secret, and a system GUID;
- wherein the device is configured to perform during a trusted setup at least one or more from the group consisting of providing the GUID to a master in the computer system, receiving and storing the secret, and receiving and storing the system GUID; and
wherein the device is further configured to provide at least an indication of one or more of the group consisting of the GUID, the secret, and the system GUID during a data transaction. - View Dependent Claims (19, 20, 21, 22, 23, 24)
- wherein the device is configured to perform during a trusted setup at least one or more from the group consisting of providing the GUID to a master in the computer system, receiving and storing the secret, and receiving and storing the system GUID; and
-
25. A computer system, comprising:
-
a master device; and
a device comprising a storage location for storing a GUID, wherein the device is configured to provide the GUID to the master device during a trusted setup, and wherein the device is further configured to provide at least an indication of the GUID during a data transaction. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A computer system, comprising:
-
a master device; and
a device comprising one or more storage locations for storing one or more of the group consisting of a GUID, a secret, and a system GUID;
wherein the device is configured to perform during a trusted setup at least one or more from the group consisting of providing the GUID to the master device in the computer system, receiving and storing the secret from the master device, and receiving and storing the system GUID from the master device; and
wherein the device is further configured to provide at least an indication of one or more of the group consisting of the GUID, the secret, and the system GUID during a data transaction with the master device. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
-
48. A method, comprising:
-
providing a GUID;
receiving a request for a data transaction;
transmitting data in the data transaction and at least an indication of the GUID in the data transaction; and
authenticating the data using at least the indication of the GUID in the data transaction. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
providing a nonce in the data transaction;
receiving the nonce in the data transaction;
wherein transmitting data in the data transaction and at least an indication of the GUID in the data transaction further comprises transmitting the nonce with the data and at least the indication of the GUID in the data transaction; and
wherein authenticating the data using at least the indication of the GUID in the data transaction further comprises authenticating the data using at least the indication of the GUID and the nonce in the data transaction.
-
-
50. The method of claim 49, further comprising:
-
encrypting the data using the GUID to form encrypted data;
wherein transmitting the nonce with the data and at least the indication of the GUID in the data transaction comprises transmitting only the encrypted data and the nonce;
receiving the encrypted data and the nonce; and
decrypting the encrypted data using the GUID.
-
-
51. The method of claim 49,
wherein encrypting the data using the GUID to form encrypted data further comprises encrypting the data using the GUID and the nonce; - and
wherein decrypting the encrypted data using the GUID comprises decrypting the encrypted data using the GUID and the nonce.
- and
-
52. The method of claim 49, further comprising:
-
receiving a secret;
storing the secret;
wherein transmitting the nonce with the data and at least the indication of the GUID in the data transaction further comprises transmitting at least an indication of the secret with the data;
receiving at least the indication of the secret with the data; and
wherein authenticating the data using at least the indication of the GUID and the nonce in the data transaction further comprises authenticating the data using at least the indication of the GUID, at least the indication of the secret, and the nonce in the data transaction.
-
-
53. The method of claim 52,
wherein encrypting the data using the GUID to form encrypted data further comprises encrypting the data using the GUID and the secret to form encrypted data; - and
wherein decrypting the encrypted data using the GUID comprises decrypting the encrypted data using the GUID and the secret.
- and
-
54. The method of claim 53,
wherein encrypting the data using the GUID and the secret to form encrypted data comprises encrypting the data using the GUID, the secret, and the nonce; - and
wherein decrypting the encrypted data using the GUID and the secret further comprises decrypting the encrypted data using the GUID, the secret, and the nonce.
- and
-
55. The method of claim 52, wherein the secret comprises a system GUID,
wherein receiving the secret comprises receiving the system GUID; -
wherein storing the secret comprises storing the system GUID;
wherein transmitting at least the indication of the secret with the data comprises transmitting at least the indication of the system GUID with the data;
wherein receiving at least the indication of the secret with the data comprises receiving at least the indication of the system GUID with the data; and
wherein authenticating the data using at least the indication of the GUID, at least the indication of the secret, and the nonce in the data transaction comprises authenticating the data using at least the indication of the GUID, at least the indication of the system GUID, and the nonce in the data transaction.
-
-
56. The method of claim 49, wherein transmitting the data in the data transaction occurs in response to providing the nonce in the data transaction.
-
57. The method of claim 56, wherein transmitting the data in the data transaction occurs only in response to providing the nonce in the data transaction.
-
58. The method of claim 49, wherein the nonce comprises a random number;
-
wherein providing the nonce in the data transaction comprises providing the random number in the data transaction;
wherein receiving the nonce in the data transaction comprises receiving the random number in the data transaction; and
wherein further transmitting the nonce with the data and at least the indication of the GUID in the data transaction comprises transmitting the random number with the data and at least the indication of the GUID in the data transaction.
-
-
59. A method, comprising:
-
providing a GUID to a master device during a trusted setup;
setting an introduced bit during the trusted setup;
receiving a data transaction request; and
refusing the data transaction request once the introduced bit is set unless at least an indication of the GUID is provided in the data transaction request. - View Dependent Claims (60, 61, 62, 63, 64, 65)
accepting the data transaction request once the introduced bit is set and at least an indication of the GUID is provided in the data transaction request.
-
-
61. The method of claim 59, further comprising:
-
receiving a system GUID from the master device; and
storing the system GUID.
-
-
62. The method of claim 61, further comprising:
-
requesting at least an indication of the system GUID in response to receiving the data transaction request; and
wherein refusing the data transaction request once the introduced bit is set unless at least the indication of the GUID is provided in the data transaction request further comprises refusing the data transaction request once the introduced bit is set unless at least the indication of the system GUID is provided.
-
-
63. The method of claim 62,
wherein accepting the data transaction request once the introduced bit is set and at least the indication of the GUID is provided in the data transaction request further comprises accepting the data transaction request once the introduced bit is set and at least the indication of the system GUID is provided. -
64. The method of claim 59, further comprising:
-
receiving a request for the introduced bit to be reset from a requestor;
requesting at least an indication of the GUID or the system GUID from the requester;
receiving at least the indication of the GUID or the system GUID from the requestor; and
resetting the introduced bit.
-
-
65. The method of claim 59, further comprising:
-
providing a key configured to reset the introduced bit;
receiving the key configured to reset the introduced bit;
authenticating the key configured to reset the introduced bit; and
resetting the introduced bit in response to authenticating the key configured to reset the introduced bit.
-
-
66. A computer system, comprising:
-
means for providing a GUID to a master device during a trusted setup;
means for setting an introduced bit during the trusted setup;
means for receiving a data transaction request; and
means for refusing the data transaction request once the introduced bit is set unless at least an indication of the GUID is provided in the data transaction request. - View Dependent Claims (67, 68)
means for accepting the data transaction request once the introduced bit is set and at least an indication of the GUID is provided in the data transaction request.
-
-
68. The computer system of claim 66, further comprising:
-
means for receiving a system GUID from the master device; and
means for storing the system GUID.
-
-
69. A system, comprising:
-
a first device, including a timer and logic coupled to the timer; and
a security authenticator configured to authenticate the first device, wherein the security authenticator is further configured to provide at least an indication to the logic that the timer is to be reset to a predetermined value in response to authenticating the first device. - View Dependent Claims (70, 71, 72, 73, 74)
a subsystem, wherein the security authenticator is comprised in the subsystem.
-
-
71. The system of claim 70, wherein the device includes a memory module and the subsystem includes a memory controller.
-
72. The system of claim 71, wherein the device includes a data storage device and the subsystem includes a data storage controller.
-
73. The system of claim 69, further comprising:
a network connection, wherein the security authenticator is coupled to the device through the network connection.
-
74. The system of claim 69, wherein the device includes a portable computer.
-
75. A computer system, comprising:
-
a first device, including a first timer and first logic coupled to the first timer;
a second device including a second timer and second logic coupled to the second timer, wherein the second device also includes a first security authenticator configured to authenticate the first device, wherein the first security authenticator is further configured to provide at least an indication to the first logic that the first timer is to be reset to a first predetermined value in response to authenticating the first device; and
a second security authenticator configured to authenticate the second device, wherein the second security authenticator is further configured to provide at least an indication to the second logic that the second timer is to be reset to a second predetermined value in response to authenticating the second device. - View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83)
a subsystem, wherein the second device is comprised in the subsystem.
-
-
77. The computer system of claim 75, wherein the first device includes a memory module and the second device includes a memory controller.
-
78. The computer system of claim 75, wherein the first device includes a data storage device and the second device includes a data storage controller.
-
79. The computer system of claim 75, further comprising:
a network connection, wherein the second security authenticator is coupled to the second device through the network connection.
-
80. The computer system of claim 79, further comprising:
a server, wherein the server includes the second security authenticator.
-
81. The computer system of claim 75, wherein the second device includes a portable computer.
-
82. The computer system of claim 75, wherein the first device is comprised in a south bridge.
-
83. The computer system of claim 75, wherein the first device is comprised in a crypto-processor.
-
84. A method of operating a computer system, the method comprising:
-
authenticating a first device;
setting a starting value on a timer;
updating the timer in a predetermined manner; and
authenticating the first device if the timer has expired. - View Dependent Claims (85, 86, 87)
-
-
88. A computer readable program storage device encoded with instructions that, when executed by a computer system, performs a method of operating the computer system, the method comprising:
-
computer readable program storage device, comprising;
providing a GUID;
receiving a request for a data transaction;
transmitting data in the data transaction and at least an indication of the GUID in the data transaction; and
authenticating the data using at least the indication of the GUID in the data transaction. - View Dependent Claims (89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
providing a nonce in the data transaction;
receiving the nonce in the data transaction;
wherein transmitting data in the data transaction and at least an indication of the GUID in the data transaction further comprises transmitting the nonce with the data and at least the indication of the GUID in the data transaction; and
wherein authenticating the data using at least the indication of the GUID in the data transaction farther comprises authenticating the data using at least the indication of the GUID and the nonce in the data transaction.
-
-
90. The computer readable program storage device of claim 89, the method further comprising:
-
encrypting the data using the GUID to form encrypted data;
wherein transmitting the nonce with the data and at least the indication of the GUID in the data transaction comprises transmitting only the encrypted data and the nonce;
receiving the encrypted data and the nonce; and
decrypting the encrypted data using the GUID.
-
-
91. The computer readable program storage device of claim 89,
wherein encrypting the data using the GUID to form encrypted data further comprises encrypting the data using the GUID and the nonce; - and
wherein decrypting the encrypted data using the GUID comprises decrypting the encrypted data using the GUID and the nonce.
- and
-
92. The computer readable program storage device of claim 89, the method further comprising:
-
receiving a secret;
storing the secret;
wherein transmitting the nonce with the data and at least the indication of the GUID in the data transaction further comprises transmitting at least an indication of the secret with the data;
receiving at least the indication of the secret with the data; and
wherein authenticating the data using at least the indication of the GUID and the nonce in the data transaction further comprises authenticating the data using at least the indication of the GUID, at least the indication of the secret, and the nonce in the data transaction.
-
-
93. The computer readable program storage device of claim 92,
wherein encrypting the data using the GUID to form encrypted data further comprises encrypting the data using the GUID and the secret to form encrypted data; - and
wherein decrypting the encrypted data using the GUID comprises decrypting the encrypted data using the GUID and the secret.
- and
-
94. The computer readable program storage device of claim 93,
wherein encrypting the data using the GUID and the secret to form encrypted data comprises encrypting the data using the GUID, the secret, and the nonce; - and
wherein decrypting the encrypted data using the GUID and the secret further comprises decrypting the encrypted data using the GUID, the secret, and the nonce.
- and
-
95. The computer readable program storage device of claim 92, wherein the secret comprises a system GUID,
wherein receiving the secret comprises receiving the system GUID; -
wherein storing the secret comprises storing the system GUID;
wherein transmitting at least the indication of the secret with the data comprises transmitting at least the indication of the system GUID with the data;
wherein receiving at least the indication of the secret with the data comprises receiving at least the indication of the system GUID with the data; and
wherein authenticating the data using at least the indication of the GUID, at least the indication of the secret, and the nonce in the data transaction comprises authenticating the data using at least the indication of the GUID, at least the indication of the system GUID, and the nonce in the data transaction.
-
-
96. The computer readable program storage device of claim 89, wherein transmitting the data in the data transaction occurs in response to providing the nonce in the data transaction.
-
97. The computer readable program storage device of claim 96, wherein transmitting the data in the data transaction occurs only in response to providing the nonce in the data transaction.
-
98. The computer readable program storage device of claim 89, wherein the nonce comprises a random number;
-
wherein providing the nonce in the data transaction comprises providing the random number in the data transaction;
wherein receiving the nonce in the data transaction comprises receiving the random number in the data transaction; and
wherein further transmitting the nonce with the data and at least the indication of the GUID in the data transaction comprises transmitting the random number with the data and at least the indication of the GUID in the data transaction.
-
-
99. A computer readable program storage device encoded with instructions that, when executed by a computer system, performs a method of operating the computer system, the method comprising:
-
providing a GUID to a master device during a trusted setup;
setting an introduced bit during the trusted setup;
receiving a data transaction request; and
refusing the data transaction request once the introduced bit is set unless at least an indication of the GUID is provided in the data transaction request. - View Dependent Claims (100, 101, 102, 103, 104, 105)
accepting the data transaction request once the introduced bit is set and at least an indication of the GUID is provided in the data transaction request.
-
-
101. The computer readable program storage device of claim 99, the method further comprising:
-
receiving a system GUID from the master device; and
storing the system GUID.
-
-
102. The computer readable program storage device of claim 101, the method further comprising:
-
requesting at least an indication of the system GUID in response to receiving the data transaction request; and
wherein refusing the data transaction request once the introduced bit is set unless at least the indication of the GUID is provided in the data transaction request further comprises refusing the data transaction request once the introduced bit is set unless at least the indication of the system GUID is provided.
-
-
103. The computer readable program storage device of claim 102,
wherein accepting the data transaction request once the introduced bit is set and at least the indication of the GUID is provided in the data transaction request further comprises accepting the data transaction request once the introduced bit is set and at least the indication of the system GUID is provided. -
104. The computer readable program storage device of claim 99, the method further comprising:
-
receiving a request for the introduced bit to be reset from a requester;
requesting at least an indication of the GUID or the system GUID from the requestor;
receiving at least the indication of the GUID or the system GUID from the requestor; and
resetting the introduced bit.
-
-
105. The computer readable program storage device of claim 99, the method further comprising:
-
providing a key configured to reset the introduced bit;
receiving the key configured to reset the introduced bit;
authenticating the key configured to reset the introduced bit; and
resetting the introduced bit in response to authenticating the key configured to reset the introduced bit.
-
-
106. A computer readable program storage device encoded with instructions that, when executed by a computer system, performs a method of operating the computer system, the method comprising:
-
authenticating a first device;
setting a staring value on a timer;
updating the timer in a predetermined manner; and
authenticating the first device if the timer has expired. - View Dependent Claims (107, 108, 109)
-
Specification