Method and system for booting up a computer system in a secure fashion

US 6,892,305 B1
Filed: 10/12/2000
Issued: 05/10/2005
Est. Priority Date: 10/12/2000
Status: Active Grant

First Claim

Patent Images

1. A method for booting up a computer system in a secure fashion comprising:

a) determining the presence of a security feature element during an initialization of the computer system, wherein the security feature element is installed within a housing of the computer system such that a cover to the housing is opened to remove the security feature element, and wherein the security feature element stores a public key and a corresponding private key;

b) storing a portion of the public key from the security feature element in a nonvolatile memory within the computer system if the security feature element is present; and

c) utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system, wherein additional authorization is required to be input to the computer system to boot up the computer system if the security feature element is not present and was previously present in the computer system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised. It is also an object of the present invention to preclude the system from compromising any keys and associated secrets if a security feature element in the system was not previously present in the system.

29 Citations

View as Search Results

51 Claims

1. A method for booting up a computer system in a secure fashion comprising:
- a) determining the presence of a security feature element during an initialization of the computer system, wherein the security feature element is installed within a housing of the computer system such that a cover to the housing is opened to remove the security feature element, and wherein the security feature element stores a public key and a corresponding private key;
  
  b) storing a portion of the public key from the security feature element in a nonvolatile memory within the computer system if the security feature element is present; and
  
  c) utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system, wherein additional authorization is required to be input to the computer system to boot up the computer system if the security feature element is not present and was previously present in the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein the security feature element comprises a security card.
  - 3. The method of claim 2 wherein the security card provides for tamper detection of the computer system and the security card, temperature monitoring of the computer system and voltage status reporting of the computer system.
  - 4. The method of claim 1 wherein step c) is performed during a Power-On-Self-Test (POST) sequence.
  - 5. The method of claim 4 wherein step c) further comprises:
    - c1) determining the presence of the security feature element.
  - 6. The method of claim 5 wherein step c1) further comprises:
    - c1a) determining if the computer system has been subjected to a tamper event if the security feature element is present.
  - 7. The method of claim 5 wherein step c1) further comprises:
    - c1a) determining whether a security feature element was previously present in the computer system if the security feature element is not present.
  - 8. The method of claim 7 wherein step c1) further comprises:
    - c1b) clearing the portion of the public key stored in the non-volatile memory of the computer system if a security feature element was previously present in the computer system; and
      
      c1c) prompting for an authorization prior to booting up the computer system.
  - 9. The method of claim 7 wherein step c1) further comprises:
    - c1b) booting up the computer system if the security feature element was not previously present in the computer system.
  - 10. The method of claim 6 wherein step c1) further comprises:
    - c1b) booting up the computer system if the computer system has not been subjected to a tamper event.
  - 11. The method of claim 6 wherein step c1) further comprises:
    - c1b) determining whether the security feature element is an added feature of the computer system, wherein the determination is based on a previous POST sequence, if the computer system has been subjected to a tamper event.
  - 12. The method of claim 11 wherein step c1) further comprises:
    - c1c) clearing the portion of the public key stored in the nonvolatile memory of the computer system from previously-installed security feature elements if the security feature element is a newly added feature of the computer system; and
      
      c1d) prompting for an authorization prior to booting up the computer system.
  - 13. The method of claim 11 wherein step c1) further comprises:
    - c1c) comparing the public key on the security feature element with the portion of the public key stored in the nonvolatile memory of the computer system if the security feature element is not a newly added feature of the computer system.
  - 14. The method of claim 13 wherein step c1) further comprises:
    - c1d) booting up the computer system if the public key on the security feature element matches the portion of the public key stored in the nonvolatile memory of the computer system.
  - 15. The method of claim 13 wherein, if the public key on the security feature element does not match the portion of the public key stored in the non-volatile memory of the computer system, step c1) further comprises:
    - c1d) clearing the portion of the public key stored in the nonvolatile memory of the computer system;
      
      c1e) clearing the public key and the corresponding private key stored on the security feature element; and
      
      c1f) prompting for an authorization prior to booting up the computer system.
  - 16. The method of claim 6 wherein the tamper event includes the cover of the housing of the computer system having been opened.
  - 17. The method of claim 1 wherein the security feature element comprises a security card installed in a slot of a system board in the computer system.

18. A system for booting up a computer in a secure fashion, the system comprising:
- means for determining the presence of a security feature element during an initialization of the computer system, wherein the security feature element is installed within a housing of the computer system such that a cover to the housing is opened to remove the security feature element, and wherein the security feature element stores a public key and a corresponding private key;
  
  means for storing a portion of the public key from the security feature element in a nonvolatile memory within the computer system if the security feature element is present; and
  
  means for utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system, wherein additional authorization is required to be input to the computer system to boot up the computer system if the security feature element is not present and was previously present in the computer system.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The system of claim 18 wherein the security feature element comprises a security card.
  - 20. The system of claim 19 wherein the security card provides for tamper detection of the computer and the security card, temperature monitoring of the computer and voltage status reporting of the computer.
  - 21. The system of claim 18 wherein the algorithm is utilized during a Power-On-Self-Test (POST) sequence.
  - 22. The system of claim 21 wherein the means for utilizing the algorithm further comprises:
    - means for determining the presence of the security card.
  - 23. The system of claim 22 wherein the means for utilizing the algorithm further comprises:
    - means for determining if the computer has been subjected to a tamper event if the security card is present.
  - 24. The system of claim 23 wherein the means for determining the presence of the security card further comprises:
    - means for booting up the computer if the computer has not been subjected to a tamper event.
  - 25. The system of claim 23 wherein the means for determining the presence of the security card further comprises:
    - means for determining whether the card is a newly added feature of the computer, wherein the determination is based on a previous POST sequence, if the computer has been subjected to a tamper event.
  - 26. The system of claim 25 wherein the means for determining the presence of the security card further comprises:
    - means for clearing the portion of the public key stored in the nonvolatile memory of the computer from previously installed security feature elements if the card is a newly added feature of the computer; and
      
      means for prompting for an authorization prior to booting up the computer.
  - 27. The system of claim 25 wherein the means for determining the presence of the security card further comprises:
    - means for comparing the public key on the security card with the portion of public key stored in the nonvolatile memory of the computer if the security card is not a newly added feature of the computer.
  - 28. The system of claim 27 wherein the means for determining the presence of the security card further comprises:
    - means for booting up the computer system if the public key on the security card matches the portion of the public key stored in the nonvolatile memory of the computer.
  - 29. The system of claim 27 wherein the means for determining the presence of the security card further comprises:
    - means for clearing the portion of the public key stored in the nonvolatile memory of the computer, and for clearing the public key and the corresponding private key stored on the security card, if the public key on the security feature element does not match the portion of the public key stored in the nonvolatile memory of the computer system; and
      
      means for prompting for an authorization prior to booting up the computer if the public keys stored in the nonvolatile memory and the security feature element are cleared.
  - 30. The system of claim 23 wherein the tamper event includes the cover of the housing of the computer system having been opened.
  - 31. The system of claim 22 wherein means for utilizing the algorithm further comprises:
    - means for determining whether a security card was previously present in the computer if the security card is not present.
  - 32. The system of claim 31 wherein the means for determining the presence of the security card further comprises:
    - means for clearing the portion of the public key stored in the non-volatile memory of the computer if a security card was previously present in the computer; and
      
      means for prompting for an authorization prior to booting up the computer.
  - 33. The system of claim 31 wherein the means for determining the presence of the security card further comprises:
    - means for booting up the security system if the security card was not previously present in the computer.
  - 34. The system of claim 18 wherein the security feature element comprises a security card installed in a slot of a system board in the computer system.

35. A method for booting up a computer system in a secure fashion comprising:
- a) determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key;
  
  b) storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present; and
  
  c) upon, and prior to, a subsequent boot-up of the computer system, 1) determining the presence of the security feature element;
  
  2) determining whether the computer system and security feature element have been subjected to a tamper event if the security feature element is present;
  
  3) determining whether the same security feature element was present previously in the computer system; and
  
  4) allowing the computer system to be booted up if the security feature element is present, if the computer system has been subjected to a tamper event, and if the same security feature element is determined to have been previously present.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 36. The method of claim 35 wherein the same security feature element is determined to have been previously present by checking whether the public key of the security feature matches the stored portion of the public key in the nonvolatile memory within the computer system.
  - 37. The method of claim 36 wherein the same security feature element is determined to have been previously present by determining whether the security feature element is an added feature of the computer system.
  - 38. The method of claim 37 wherein step c) is performed during a Power-On-Self-Test (POST) sequence, and wherein determining whether the security feature element is an added feature of the computer system includes checking a previous POST sequence.
  - 39. The method of claim 35 further comprising allowing the computer system to be booted up if the security feature element is present and if the computer system has not been subjected to a tamper event.
  - 40. The method of claim 35 further comprising determining whether a security feature element was previously present in the computer system if the security feature element is not present.
  - 41. The method of claim 40 wherein, if the security feature element is not present and if a security feature element was previously present in the computer system, further comprising clearing the portion of the public key stored in the non-volatile memory of the computer system and prompting for an authorization prior to booting up the computer system.
  - 42. The method of claim 35 wherein step c) is performed during a Power-On-Self-Test (POST) sequence, and further comprising determining whether the security feature element is an added feature of the computer system if the computer system has been subjected to a tamper event, wherein the determination is based on a previous POST sequence.
  - 43. The method of claim 42 wherein, if the security feature element is a newly added feature of the computer system and if the computer system has been subjected to a tamper event, further comprising:
    - clearing the portion of the public key stored in the nonvolatile memory of the computer system; and
      
      prompting for an authorization prior to booting up the computer system.
  - 44. The method of claim 35 wherein, if the public key on the security feature element does not match the portion of the public key stored in the nonvolatile memory of the computer system, further comprising:
    - clearing the portion of the public key stored in the nonvolatile memory of the computer system;
      
      clearing the public key and the corresponding private key stored on the security feature element; and
      
      prompting for an authorization prior to booting up the computer system.
  - 45. The method of claim 35 wherein the security feature element comprises a security card installed in a slot of a system board in the computer system.
  - 46. The method of claim 35 wherein the security feature element is installed within a housing of the computer system such that a cover to the computer system must be opened to remove the security feature element.
  - 47. The method of claim 35 wherein a tamper event includes a cover to a housing of the computer system being opened.

48. A method for booting up a computer system in a secure fashion comprising:
- a) determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key;
  
  b) storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present; and
  
  c) utilizing an algorithm during a Power-On-Self-Test (POST) sequence of the computer system to;
  
  1) determine the presence of the security feature element prior to a subsequent boot-up of the computer system;
  
  2) determine if the computer system has been subjected to a tamper event if the security card is present;
  
  3) determine whether the security card is an added feature of the computer system, wherein the determination is based on a previous POST sequence, if the computer system has been subjected to a tamper event;
  
  4) compare the public key on the security card with the portion of the public key stored in the nonvolatile memory of the computer system if the security card is not a newly added feature of the computer system; and
  
  5) if the public key on the security card does not match the portion of the public key stored in the nonvolatile memory of the computer system, i) clear the portion of the public key stored in the nonvolatile memory of the computer system;
  
  ii) clear the public key and the corresponding private key stored on the security card; and
  
  iii) boot up the computer system.
- View Dependent Claims (49, 50, 51)
- - 49. The method of claim 48 wherein step c) further comprises clearing the portion of the public key stored in the nonvolatile memory of the computer system and prompting for an authorization prior to booting up the computer system, if the security feature element is a newly added feature of the computer system.
  - 50. The method of claim 48 wherein step c) further comprises booting up the computer system if the public key on the security feature element matches the portion of the public key stored in the nonvolatile memory of the computer system.
  - 51. The method of claim 48 wherein step c) further comprises booting up the computer system if the computer system has not been subjected to a tamper event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Springfield, Randall Scott, Freeman, Joseph Wayne, Goodman, Steven Dale, Pennisi, Joseph Michael, Ward, James Peter, Dayan, Richard Alan
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
HENEGHAN, MATTHEW E

Application Number

US09/689,460
Time in Patent Office

1,671 Days
Field of Search

713/1, 713/2, 713/185, 713/192, 713/194, 380/286
US Class Current

713/192
CPC Class Codes

G06F 21/575 Secure boot

Method and system for booting up a computer system in a secure fashion

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for booting up a computer system in a secure fashion

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links