BIOS Based Secure Execution Environment

US 20070271597A1
Filed: 05/19/2006
Published: 11/22/2007
Est. Priority Date: 05/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

initiating a hardware interrupt by an embedded controller of a computing device; and

in response to the interrupt, executing a module stored in a basic input/output system (BIOS) to determine whether to constrain functionality of the computing device based on a balance.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to provide a secure execution environment are described. In an implementation, a method includes initiating a hardware interrupt by an embedded controller of a computing device. In response to the interrupt, a module is executed that is stored in a basic input/output system (BIOS). The module, when executed, determines whether constrain functionality of the computing device based on a balance.

84 Citations

View as Search Results

20 Claims

1. A method comprising:
- initiating a hardware interrupt by an embedded controller of a computing device; and
  
  in response to the interrupt, executing a module stored in a basic input/output system (BIOS) to determine whether to constrain functionality of the computing device based on a balance.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as described in claim 1, wherein the embedded controller is not configured to execute the operating system.
  - 3. A method as described in claim 1, wherein the module is executed in a secure execution environment that is not accessible by the operating system.
  - 4. A method as described in claim 1, wherein the balance is maintained locally by the computing device.
  - 5. A method as described in claim 1, wherein the module is executed to place the computing device in a hardware lock mode when the balance reaches a predetermined amount, such that, execution of the operating system is not permitted.
  - 6. A method as described in claim 4, wherein the module is executed to place the computing device in a reduced-functionality mode when the balance reaches another predetermined amount.
  - 7. A method as described in claim 5, wherein when the computing device is placed in the hardware lock mode, the module causes output of a user interface that describes information that is usable, at least in part, to remove the hardware lock mode and an identifier particular to the computing device.

8. A method comprising:
- causing a hardware interrupt of a computing device at regular intervals; and
  
  applying a policy at the regular intervals based on a balance maintained locally by the computing device, wherein the policy specifies that when the balance reaches a first amount, functionality of the computing device is reduced and when the balance reaches a second amount, functionality of the computing device is further reduced such that execution of an operating system by the computing device is prevented.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. A method as described in claim 8, wherein the hardware interrupt is caused by an embedded controller of the computing device that is not used to execute the operating system.
  - 10. A method as described in claim 8, wherein the hardware interrupt is caused by software.
  - 11. A method as described in claim 8, wherein the policy is maintained in secure storage that is not accessible by the operating system.
  - 12. A method as described in claim 11, wherein the secure storage is part of a basic input/output system of the computing device.
  - 13. A method as described in claim 11, wherein the applying is performed by a lower provisioning module that is also maintained in the secure storage.
  - 14. A method as described in claim 8, wherein the functionality permitted when the computing balance reaches the first amount:
    - permits execution of the operating system; and
      
      limits execution of application modules in conjunction with the operating system.
  - 15. A method as described in claim 8, wherein the policy further specifies that execution of the operating system by the computing device is prevented when tampering is detected.
  - 16. A method as described in claim 15, further comprising when the computing device is placed in the mode where execution of the operating system is prevented, outputting a user interface having information that identifies that the mode was entered due to detection of tampering.

17. A computing device comprising:
- a processor;
  
  a basic input/output system (BIOS) configured to maintain a module and a balance; and
  
  an embedded controller configured to cause a hardware interrupt of the processor to apply a policy, through execution of the module from the BIOS, to manage functionality of the computing device based on the balance.
- View Dependent Claims (18, 19, 20)
- - 18. A computing device as described in claim 17, wherein the embedded controller is to initiate the hardware interrupt at predetermined intervals.
  - 19. A computing device as described in claim 17, wherein the policy specifies that:
    - when the balance reaches a first amount, functionality of the computing device is reduced; and
      
      when the balance reaches a second amount, functionality of the computing device is further reduced such that execution of an operating system is prevented.
  - 20. A computing device as described in claim 17, wherein the balance is adjustable through interaction with a service provider over a network through payment of a fee.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Venkatachalam, Raja, Xu, Zhangwei, Lopez-Barquilla, Ricardo, Steeb, Curt A.

Granted Patent

US 7,987,512 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/53 by executing in a restricte...

BIOS Based Secure Execution Environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

BIOS Based Secure Execution Environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links