Computer compliance enforcement
First Claim
1. A module disposed in a metered-use computer for enforcing operation of the metered-use computer in a restricted use mode, the module comprising:
- a processor;
a memory coupled to the processor storing executable code and settings;
a bus supervisor coupled to the processor and attached to a system bus coupling a computer processor and a computer memory, the bus supervisor operable to enable traffic on the system bus responsive to a first signal from the processor, wherein the bus supervisor is further operable to monitor traffic on the system bus for unauthorized data traffic during restricted use operation;
a cryptographic function available to the processor; and
a power control circuit that delays starting a portion of the metered-use computer responsive to a second signal from the processor.
2 Assignments
0 Petitions
Accused Products
Abstract
A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.
-
Citations
18 Claims
-
1. A module disposed in a metered-use computer for enforcing operation of the metered-use computer in a restricted use mode, the module comprising:
-
a processor; a memory coupled to the processor storing executable code and settings; a bus supervisor coupled to the processor and attached to a system bus coupling a computer processor and a computer memory, the bus supervisor operable to enable traffic on the system bus responsive to a first signal from the processor, wherein the bus supervisor is further operable to monitor traffic on the system bus for unauthorized data traffic during restricted use operation; a cryptographic function available to the processor; and a power control circuit that delays starting a portion of the metered-use computer responsive to a second signal from the processor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of operating a computer in a restricted mode comprising:
-
starting a boot cycle in the computer; powering a first circuit that controls a power signal for an interface device; selecting a BIOS from a set of BIOSs stored at the first circuit, according to a setting saved prior to the boot cycle; executing the selected BIOS; enabling a bus switch responsive to a signal generated by the selected BIOS to allow traffic on a set of data paths associated with a system bus after the BIOS operation is stable; verifying a status of the selected BIOS at the first circuit; and sending a power signal to the interface device. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer adapted for metered operation having a metered mode and a restricted mode of operation comprising:
-
a processor; a system memory; a set of data lines forming a bus coupling the processor to the system memory; a set of intermediary circuits coupling the processor to system devices and peripherals; and a security module having a data connection to the processor and power management connections to the set of intermediary circuits, the security module comprising; a specialized processor; a local memory comprising executable code for a first BIOS used to boot the computer in the metered mode and a second BIOS used to boot the computer in the restricted mode; and a bus monitor adapted to selectively disable the bus and further adapted to monitor data traffic on the bus for unauthorized instruction usage. - View Dependent Claims (15, 16, 17, 18)
-
Specification