Authentication system and method

US 7,424,611 B2
Filed: 03/03/2003
Issued: 09/09/2008
Est. Priority Date: 03/08/2002
Status: Active Grant

First Claim

Patent Images

1. An electrical apparatus comprising:

an authenticating component, wherein the authentication component is an embedded controller that controls output of a password from an authentication object, and wherein the authentication object is composed of;

a Lock Logic that includes an OR gate, an AND gate, a flip-flop circuit (F/F), and a selector, wherein an output of the OR gate is coupled to a first input of the AND gate, an output of the AND gate is coupled to an input of the F/F, and an output of the F/F is coupled to a select input of the selector and to the input of the AND circuit via a first input of the OR circuit;

a System Reset Detection Logic that detects a start of an Operating System (OS) in the electrical apparatus, wherein a reset detection output of the System Reset Detection Logic is coupled to a second input of the AND gate;

a Command Decode Logic coupled to a Control Sequence Generator, wherein the Command Decode Logic decodes encoded external commands, wherein decoded external commands are sent to the control sequence generator, and wherein the encoded external commands include a “

Read PWD”

command that serves to Read the a password (PWD) and a “

Lock”

command that locks a Data Output Logic that has an input that is coupled to an output of the selector, wherein the reset signal to the System Reset Detection Logic and the “

Read PWD”

cause a password to be output from the selector to the data output logic, and wherein the “

Lock”

command causes the data output logic to be locked after the data output logic outputs the password once, and wherein the “

Lock”

command causes the control sequence generator to activate a “

Check Done”

signal that causes the flip-flop circuit to be set such that selector outputs an error indication, and wherein on cessation of the system reset signal, the output of the System Reset Detection Logic immediately changes state such that the “

Check done”

signal causes both inputs to the AND circuit to cause error indication to be output from the selector to the data output logic, wherein the output of the PWD from the Data Output Logic is limited to a time period that starts with a generation of the system reset signal and ends with either a first PWD transmission or a reception of the “

Lock”

signal;

an authentication object component cooperating with a predetermined cooperative component after being authenticated by the authenticating component; and

a supervisory control component implementing a supervisory control sequence for supervising and controlling a plurality of components including the authenticating component and the authentication object component, wherein the supervisory control sequence is activated in response to a signal for powering up the electrical apparatus, and the authenticating component authenticates the authentication object component before the supervisory control sequence is activated.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Preventing malicious code from reading an authenticator and being falsely authenticated using the read authenticator. Authenticator accepting period detection means detects an authenticator accepting period during which inoperativeness of all unauthenticated programs is guaranteed. Program executing means transmits its authenticator only during the authenticator accepting period. After authentication means is authenticated as genuine, the authentication means computes a one-way function value of the authenticator received from the program executing means and compares the one-way function value X with a stored value Y for the program executing means. If X=Y, then the authentication means authenticates the program executing means.

34 Citations

View as Search Results

7 Claims

1. An electrical apparatus comprising:
- an authenticating component, wherein the authentication component is an embedded controller that controls output of a password from an authentication object, and wherein the authentication object is composed of;
  
  a Lock Logic that includes an OR gate, an AND gate, a flip-flop circuit (F/F), and a selector, wherein an output of the OR gate is coupled to a first input of the AND gate, an output of the AND gate is coupled to an input of the F/F, and an output of the F/F is coupled to a select input of the selector and to the input of the AND circuit via a first input of the OR circuit;
  
  a System Reset Detection Logic that detects a start of an Operating System (OS) in the electrical apparatus, wherein a reset detection output of the System Reset Detection Logic is coupled to a second input of the AND gate;
  
  a Command Decode Logic coupled to a Control Sequence Generator, wherein the Command Decode Logic decodes encoded external commands, wherein decoded external commands are sent to the control sequence generator, and wherein the encoded external commands include a “
  
  Read PWD”
  
  command that serves to Read the a password (PWD) and a “
  
  Lock”
  
  command that locks a Data Output Logic that has an input that is coupled to an output of the selector, wherein the reset signal to the System Reset Detection Logic and the “
  
  Read PWD”
  
  cause a password to be output from the selector to the data output logic, and wherein the “
  
  Lock”
  
  command causes the data output logic to be locked after the data output logic outputs the password once, and wherein the “
  
  Lock”
  
  command causes the control sequence generator to activate a “
  
  Check Done”
  
  signal that causes the flip-flop circuit to be set such that selector outputs an error indication, and wherein on cessation of the system reset signal, the output of the System Reset Detection Logic immediately changes state such that the “
  
  Check done”
  
  signal causes both inputs to the AND circuit to cause error indication to be output from the selector to the data output logic, wherein the output of the PWD from the Data Output Logic is limited to a time period that starts with a generation of the system reset signal and ends with either a first PWD transmission or a reception of the “
  
  Lock”
  
  signal;
  
  an authentication object component cooperating with a predetermined cooperative component after being authenticated by the authenticating component; and
  
  a supervisory control component implementing a supervisory control sequence for supervising and controlling a plurality of components including the authenticating component and the authentication object component, wherein the supervisory control sequence is activated in response to a signal for powering up the electrical apparatus, and the authenticating component authenticates the authentication object component before the supervisory control sequence is activated.
- View Dependent Claims (2, 3, 4)
- - 2. The electrical apparatus of claim 1, wherein the PWD and the error indication are always on standby at the 0-side input and a 1-side input of the selector, respectively.
  - 3. The electrical apparatus of claim 1, wherein the authentication object holds a seed of the PWD and generates the PWD from the seed with a deterministic logic to supply it to the 0-side input of the selector as needed.
  - 4. The electrical apparatus of claim 1, wherein the supervisory control sequence is activated in response to a signal for powering up the electrical apparatus.

5. A firmware device that implements firmware comprising:
- an authenticating component, wherein the authentication component is an embedded controller that controls output of a password from an authentication object, and wherein the authentication object is composed of;
  
  a Lock Logic that includes an OR gate, an AND gate, a flip-flop circuit (F/F), and a selector, wherein an output of the OR gate is coupled to a first input of the AND gate, an output of the AND gate is coupled to an input of the F/F, and an output of the F/F is coupled to a select input of the selector and to the input of the AND circuit via a first input of the OR circuit;
  
  a System Reset Detection Logic that detects a start of an Operating System (OS) in the electrical apparatus, wherein a reset detection output of the System Reset Detection Logic is coupled to a second input of the AND gate;
  
  a Command Decode Logic coupled to a Control Sequence Generator, wherein the Command Decode Logic decodes encoded external commands, wherein decoded external commands are sent to the control sequence generator, and wherein the encoded external commands include a “
  
  Read PWD”
  
  command that serves to Read the a password (PWD) and a “
  
  Lock”
  
  command that locks a Data Output Logic that has an input that is coupled to an output of the selector, wherein the reset signal to the System Reset Detection Logic and the “
  
  Read PWD”
  
  cause a password to be output from the selector to the data output logic, and wherein the “
  
  Lock”
  
  command causes the data output logic to be locked after the data output logic outputs the password once, and wherein the “
  
  Lock”
  
  command causes the control sequence generator to activate a “
  
  Check Done”
  
  signal that causes the flip-flop circuit to be set such that selector outputs an error indication, and wherein on cessation of the system reset signal, the output of the System Reset Detection Logic immediately changes state such that the “
  
  Check done”
  
  signal causes both inputs to the AND circuit to cause error indication to be output from the selector to the data output logic, wherein the output of the PWD from the Data Output Logic is limited to a time period that starts with a generation of the system reset signal and ends with either a first PWD transmission or a reception of the “
  
  Lock”
  
  signal;
  
  an authentication object component cooperating with a predetermined cooperative component after being authenticated by the authenticating component; and
  
  a supervisory control component implementing a supervisory control sequence for supervising and controlling a plurality of components including the authenticating component and the authentication object component, wherein the supervisory control sequence is activated in response to a signal for powering up the electrical apparatus, and the authenticating component authenticates the authentication object component before the supervisory control sequence is activated.
- View Dependent Claims (6, 7)
- - 6. The firmware device of claim 5, wherein the PWD and the error indication are always on standby at the 0-side input and a 1-side input of the selector, respectively.
  - 7. The firmware device of claim 5, wherein the authentication object holds a seed of the PWD and generates the PWD from the seed with a deterministic logic to supply it to the 0-side input of the selector as needed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Hino, Akira, Kasamatsu, Eitaroh, Tanaka, Akiyoshi
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Pearson; David J

Application Number

US10/378,394
Publication Number

US 20030221114A1
Time in Patent Office

2,017 Days
Field of Search

None
US Class Current

713/167
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06F 2221/2137   Time limited access, e.g. t...

Authentication system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links