Method and system for booting up a computer system in a secure fashion
First Claim
1. A method for booting up a computer system in a secure fashion comprising:
- a) determining the presence of a security feature element during an initialization of the computer system, wherein the security feature element is installed within a housing of the computer system such that a cover to the housing is opened to remove the security feature element, and wherein the security feature element stores a public key and a corresponding private key;
b) storing a portion of the public key from the security feature element in a nonvolatile memory within the computer system if the security feature element is present; and
c) utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system, wherein additional authorization is required to be input to the computer system to boot up the computer system if the security feature element is not present and was previously present in the computer system.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised. It is also an object of the present invention to preclude the system from compromising any keys and associated secrets if a security feature element in the system was not previously present in the system.
-
Citations
51 Claims
-
1. A method for booting up a computer system in a secure fashion comprising:
-
a) determining the presence of a security feature element during an initialization of the computer system, wherein the security feature element is installed within a housing of the computer system such that a cover to the housing is opened to remove the security feature element, and wherein the security feature element stores a public key and a corresponding private key;
b) storing a portion of the public key from the security feature element in a nonvolatile memory within the computer system if the security feature element is present; and
c) utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system, wherein additional authorization is required to be input to the computer system to boot up the computer system if the security feature element is not present and was previously present in the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for booting up a computer in a secure fashion, the system comprising:
-
means for determining the presence of a security feature element during an initialization of the computer system, wherein the security feature element is installed within a housing of the computer system such that a cover to the housing is opened to remove the security feature element, and wherein the security feature element stores a public key and a corresponding private key;
means for storing a portion of the public key from the security feature element in a nonvolatile memory within the computer system if the security feature element is present; and
means for utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system, wherein additional authorization is required to be input to the computer system to boot up the computer system if the security feature element is not present and was previously present in the computer system. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method for booting up a computer system in a secure fashion comprising:
-
a) determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key;
b) storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present; and
c) upon, and prior to, a subsequent boot-up of the computer system, 1) determining the presence of the security feature element;
2) determining whether the computer system and security feature element have been subjected to a tamper event if the security feature element is present;
3) determining whether the same security feature element was present previously in the computer system; and
4) allowing the computer system to be booted up if the security feature element is present, if the computer system has been subjected to a tamper event, and if the same security feature element is determined to have been previously present. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A method for booting up a computer system in a secure fashion comprising:
-
a) determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key;
b) storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present; and
c) utilizing an algorithm during a Power-On-Self-Test (POST) sequence of the computer system to;
1) determine the presence of the security feature element prior to a subsequent boot-up of the computer system;
2) determine if the computer system has been subjected to a tamper event if the security card is present;
3) determine whether the security card is an added feature of the computer system, wherein the determination is based on a previous POST sequence, if the computer system has been subjected to a tamper event;
4) compare the public key on the security card with the portion of the public key stored in the nonvolatile memory of the computer system if the security card is not a newly added feature of the computer system; and
5) if the public key on the security card does not match the portion of the public key stored in the nonvolatile memory of the computer system, i) clear the portion of the public key stored in the nonvolatile memory of the computer system;
ii) clear the public key and the corresponding private key stored on the security card; and
iii) boot up the computer system. - View Dependent Claims (49, 50, 51)
-
Specification