Pre-boot authentication system

US 7,000,249 B2
Filed: 05/18/2001
Issued: 02/14/2006
Est. Priority Date: 05/18/2001
Status: Expired due to Fees

First Claim

Patent Images

1. An adaptive pre-boot authentication process, comprising the steps of:

providing a device having a BIOS procedure having an interval, the interval having a start and a finish, the device including an adaptive interface module, the adaptive interface module being capable of communicating with a plurality of information modules, each information module having a different format;

starting the BIOS procedure;

interrupting the BIOS procedure during the interval before the finish;

establishing contact with an information module through the adaptive interface module sending corresponding interface signals;

determining by the adaptive interface module, a format for the information module;

transferring the information between the information module and the device according to the format of the information module;

determining by the adaptive interface module, if the transferred information is valid; and

commencing the BIOS procedure if the transferred information is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems are provided for the enhancement of the system BIOS for microprocessor-based devices. Before the end of a BIOS start-up procedure, the BIOS operation is diverted to a BIOS security authentication system which may be a portion of an enhanced system BIOS. The BIOS security authentication system establishes communication with an information module, if the information module is present. The information module is typically a removable or installable card, which may be unique to one or more users. Based upon an information exchange between the security authentication module and the information module, the security authentication module controllably allows or prevents the system BIOS start-up procedure to resume and finish. In a preferred embodiment, the security authentication module is used as a pre-boot authentication system, to prevent a microprocessor-based device from booting up, unless a valid authorized information module is present. In other preferred embodiments, an adaptive security authentication module interface is provided, to allow information exchange with a variety of information modules having one or more information formats. In alternate embodiments, information from the information exchange may be transferred to the main system BIOS (such as to provide system functions to the BIOS, or to provide identity information of the user, based upon the information module).

69 Citations

View as Search Results

62 Claims

1. An adaptive pre-boot authentication process, comprising the steps of:
- providing a device having a BIOS procedure having an interval, the interval having a start and a finish, the device including an adaptive interface module, the adaptive interface module being capable of communicating with a plurality of information modules, each information module having a different format;
  
  starting the BIOS procedure;
  
  interrupting the BIOS procedure during the interval before the finish;
  
  establishing contact with an information module through the adaptive interface module sending corresponding interface signals;
  
  determining by the adaptive interface module, a format for the information module;
  
  transferring the information between the information module and the device according to the format of the information module;
  
  determining by the adaptive interface module, if the transferred information is valid; and
  
  commencing the BIOS procedure if the transferred information is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The process of claim 1, further comprising the steps of:
    - providing a card reader for connecting the information module to the device; and
      
      determining when the information module is present within the card reader.
  - 3. The process of claim 2, further comprising the step of:
    - powering on the information module when the information module is determined to be present within the card reader.
  - 4. The process of claim 3, further comprising the step of:
    - powering off the information module after the information is transferred between the information module and the device.
  - 5. The process of claim 1, wherein the device further comprises a loadable operating system, further comprising the step of:
    - loading the operating system after the BIOS procedure has commenced.
  - 6. The process of claim 1, further comprising the step of;
    - preventing the commencing step if the determined transferred information is not valid.
  - 7. The process of claim 1, wherein the information module further comprises a defined format, and wherein the information is available within the defined format.
  - 8. The process of claim 1, wherein the information module is an authentication card.
  - 9. The process of claim 1, wherein the information module is a synchronous card.
  - 10. The process of claim 1, wherein the information module is an asynchronous card.
  - 11. The process of claim 1, wherein the device is a computer.
  - 12. The process of claim 11, wherein the computer is a personal computer.
  - 13. The process of claim 11, wherein the computer is a portable computer.
  - 14. The process of claim 1, wherein the device is a personal digital assistant.
  - 15. The process of claim 1, wherein the device is a portable phone.

16. A process, comprising the steps of:
- providing a device having a BIOS procedure having an interval, the interval having a start and a finish;
  
  providing a security authentication module associated with the BIOS;
  
  providing a library in communication with the security authentication module, the library having a plurality of format modules;
  
  providing a removable module having information;
  
  starting the BIOS procedure;
  
  interrupting the BIOS procedure during the interval before the finish;
  
  establishing communication between the security authentication module and the removable module, according to one of the plurality of format modules in the library;
  
  determining by the security authentication module, a format for the removable module;
  
  transferring the information between the removable module and the security authentication module according to the format of the removable module;
  
  determining by the security authentication module, if the transferred information is valid; and
  
  recommencing the BIOS procedure if the transferred information is valid.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The process of claim 16, further comprising the steps of:
    - providing a card reader for connecting the removable module to the device; and
      
      determining when the removable module is present within the card reader.
  - 18. The process of claim 17, further comprising the step of:
    - powering on the removable module when the removable module is determined to be present within the card reader.
  - 19. The process of claim 18, further comprising the step of:
    - powering off the removable module after the information is transferred between the module and the security authentication module.
  - 20. The process of claim 16, wherein the device further comprises a loadable operating system, further comprising the step of:
    - loading the operating system after the BIOS procedure has recommenced.
  - 21. The process of claim 16, further comprising the step of;
    - preventing the recommencing step if the transferred information is not valid.
  - 22. The process of claim 16, wherein the removable module further comprises a defined format, and wherein the information is available within the defined format.
  - 23. The process of claim 16, wherein the removable module is an authentication card.
  - 24. The process of claim 16, wherein the removable module is a synchronous card.
  - 25. The process of claim 16, wherein the removable module is an asynchronous card.
  - 26. The process of claim 16, wherein the device is a computer.
  - 27. The process of claim 26, wherein the computer is a personal computer.
  - 28. The process of claim 26, wherein the computer is a portable computer.
  - 29. The process of claim 16, wherein the device is a personal digital assistant.
  - 30. The process of claim 16, wherein the device is a portable phone.

31. An adaptive authentication system for a device having a basic input output system (BIOS), the BIOS having a plurality of format modules, the adaptive authentication system being capable of executing a BIOS procedure, the BIOS procedure comprising an interval having a start and a finish, the adaptive authentication system comprising:
- means for interrupting the BIOS procedure during the interval before the finish;
  
  means for determining a format for a removable module; and
  
  means in communication with the BIOSmeans for communicating with the removable module through one of the plurality format modules according to the format of the removable module,means for receiving information from the removable module,means for determining if the received information is valid; and
  
  means for allowing the BIOS procedure to recommence if the received information is valid.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 32. The authentication system of claim 31, further comprising:
    - means for determining the presence of the removable module.
  - 33. The authentication system of claim 31, further comprising:
    - a card reader for connecting the removable module to the the adaptive authentication system.
  - 34. The authentication system of claim 33, further comprising:
    - means for powering on the removable module if the removable module is located within the card reader.
  - 35. The authentication system of claim 31, further comprising:
    - means for powering off the removable module after the information is transferred between the removable module and the authentication module.
  - 36. The authentication system of claim 31, wherein the the adaptive authentication system further comprises a loadable operating system, wherein the operating system is loaded after the BIOS procedure has recommenced.
  - 37. The authentication system of claim 31, wherein the authentication module prohibits the recommencing of the system BIOS if the received information is not valid.
  - 38. The authentication system of claim 31, wherein the removable module further having a defined format.
  - 39. The authentication system of claim 31, wherein the removable module is an authentication card.
  - 40. The authentication system of claim 31, wherein the removable module is a synchronous card.
  - 41. The authentication system of claim 31, wherein the removable module is an asynchronous card.
  - 42. The authentication system of claim 31, wherein the device is a computer.
  - 43. The authentication system of claim 42, wherein the computer is a personal computer.
  - 44. The authentication system of claim 42, wherein the computer is a portable computer.
  - 45. The authentication system of claim 42, wherein the device is a personal digital assistant.
  - 46. The authentication system of claim 42, wherein the device is a portable phone.

47. An adaptive authentication system for a device having a basic input output system (BIOS), the BIOS having a plurality of format modules, the adaptive authentication system being capable of executing a BIOS procedure, the BIOS procedure comprising an interval having a start and a finish, the adaptive authentication system comprising:
- means for interrupting the BIOS procedure during the interval before the finish; and
  
  an authentication module in communication with the BIOSmeans for establishing communication with a removable module having information stored in one of a plurality of formats,means for determining a format for the removable module,means for receiving authentication information from the removable module once communication is established according to the format of the removable module,means for determining if the received authentication information is valid, andmeans for allowing the BIOS procedure to recommence if the received authentication information is valid.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 48. The adaptive authentication system of claim 47, further comprising:
    - means for determining the presence of the removable module.
  - 49. The adaptive authentication system of claim 47, further comprising:
    - a card reader for connecting the removable module to the authentication module.
  - 50. The adaptive authentication system of claim 49, further comprising:
    - means for powering on the removable module if the removable module is located within the card reader.
  - 51. The adaptive authentication system of claim 50, further comprising:
    - means for powering off the removable module after the authentication information is transferred between the removable module and the authentication module.
  - 52. The adaptive authentication system of claim 47, wherein the device further comprises a loadable operating system, wherein the operating system is loaded after the BIOS procedure has recommenced.
  - 53. The adaptive authentication system of claim 47, wherein the authentication module prohibits the recommencing of the BIOS procedure if the received authentication information is not valid.
  - 54. The adaptive authentication system of claim 47, wherein the removable module further having a defined format.
  - 55. The adaptive authentication system of claim 47, wherein the removable module is an authentication card.
  - 56. The adaptive authentication system of claim 47, wherein the removable module is a synchronous card.
  - 57. The adaptive authentication system of claim 47, wherein the removable module is an asynchronous card.
  - 58. The adaptive authentication system of claim 47, wherein the device is a computer.
  - 59. The adaptive authentication system of claim 58, wherein the computer is a personal computer.
  - 60. The adaptive authentication system of claim 58, wherein the computer is a portable computer.
  - 61. The adaptive authentication system of claim 47, wherein the device is a personal digital assistant.
  - 62. The authentication system of claim 47, wherein the device is a portable phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Maishi Electronic (Shanghai) Limited
Original Assignee
02MICRO
Inventors
Lee, Shyh-shin
Primary Examiner(s)
Revak, Christopher

Application Number

US09/860,709
Publication Number

US 20020174353A1
Time in Patent Office

1,733 Days
Field of Search

713/1, 713/2, 713/200, 713/202, 713/300, 713/189, 713/193, 713/194
US Class Current

726/20
CPC Class Codes

G06F 21/575 Secure boot

Pre-boot authentication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Pre-boot authentication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links