Information processing apparatus for secure information recovery
First Claim
1. An information processing apparatus comprising:
- security hardware for storing security key information;
OS start admission circuit for, in response to an operating system attempting to start, determining whether or not an input data for user certification is valid based on said security key information read from said security hardware, and permitting said operating system to start when said determination result is positive;
security key information restoration circuit for restoring security key information in said security hardware based on predetermined data for restoration, wherein said predetermined data for restoration is generated when generating said security key information within said security hardware in order to render said security key information freely restorable and is stored in an auxiliary storage;
OS start type selection circuit for selectively executing either a first type OS start to generate a first system status in which said security key information restoration circuit can operate said OS start admission circuit, or a second type OS start to generate a second system status in which said security key information restoration circuit cannot operate said OS start admission circuit;
cancellation circuit, generated during said second system status, for canceling the operation of said OS start admission circuit as to said first type OS start; and
cancel release circuit for releasing cancellation of the operation of said OS start admission circuit by said cancellation circuit after said first type OS start having the operation of said OS start admission circuit canceled by said cancellation circuit has been executed at least once.
3 Assignments
0 Petitions
Accused Products
Abstract
In an information processing apparatus for performing user certification when an OS starts based on security key information of security hardware, a need has arisen to restore the security key information before replacement of the security hardware replaced for troubleshooting. A cancellation means is generated in a second system status generated by a functionally restricted second type OS start such as a safe mode. Although the user certification based on the security key information of the security hardware is usually performed in a first type OS start, the cancellation means cancels it. Thus, it is possible to put the information processing apparatus in a first system status without undergoing the user certification so as to restore the security key information. A cancel release means releases cancellation of the user certification so that the user certification on the first type OS start is restored after the restoration of the security key information.
-
Citations
6 Claims
-
1. An information processing apparatus comprising:
-
security hardware for storing security key information; OS start admission circuit for, in response to an operating system attempting to start, determining whether or not an input data for user certification is valid based on said security key information read from said security hardware, and permitting said operating system to start when said determination result is positive; security key information restoration circuit for restoring security key information in said security hardware based on predetermined data for restoration, wherein said predetermined data for restoration is generated when generating said security key information within said security hardware in order to render said security key information freely restorable and is stored in an auxiliary storage; OS start type selection circuit for selectively executing either a first type OS start to generate a first system status in which said security key information restoration circuit can operate said OS start admission circuit, or a second type OS start to generate a second system status in which said security key information restoration circuit cannot operate said OS start admission circuit; cancellation circuit, generated during said second system status, for canceling the operation of said OS start admission circuit as to said first type OS start; and cancel release circuit for releasing cancellation of the operation of said OS start admission circuit by said cancellation circuit after said first type OS start having the operation of said OS start admission circuit canceled by said cancellation circuit has been executed at least once. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification
-
- Resources
-
Current AssigneeLenovo PC International Limited (Lenovo Group Ltd.)
-
Original AssigneeLenovo Singapore Pte Limited (Lenovo Group Ltd.)
-
InventorsOgata, Eiji
-
Primary Examiner(s)Song; Hosuk
-
Application NumberUS10/735,993Publication NumberTime in Patent Office1,415 DaysField of Search726 1- 2, 726/21, 726 27- 30, 726/16, 713/1.2US Class Current726/2CPC Class CodesG06F 21/575 Secure bootG06F 21/79 in semiconductor storage me...
