TW401562B - Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage - Google Patents
Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage Download PDFInfo
- Publication number
- TW401562B TW401562B TW086101163A TW86101163A TW401562B TW 401562 B TW401562 B TW 401562B TW 086101163 A TW086101163 A TW 086101163A TW 86101163 A TW86101163 A TW 86101163A TW 401562 B TW401562 B TW 401562B
- Authority
- TW
- Taiwan
- Prior art keywords
- memory
- computer system
- patent application
- function
- digest
- Prior art date
Links
- 238000003860 storage Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 title claims description 32
- 230000006870 function Effects 0.000 claims abstract description 101
- 230000015654 memory Effects 0.000 claims description 115
- 238000007726 management method Methods 0.000 claims description 42
- 238000012795 verification Methods 0.000 claims description 34
- 230000002079 cooperative effect Effects 0.000 claims description 10
- 230000000295 complement effect Effects 0.000 claims description 8
- 239000000463 material Substances 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 4
- 238000012550 audit Methods 0.000 claims description 2
- 230000000052 comparative effect Effects 0.000 claims description 2
- 238000012360 testing method Methods 0.000 claims description 2
- 230000005055 memory storage Effects 0.000 claims 10
- 238000010276 construction Methods 0.000 claims 6
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical compound C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 claims 3
- 230000014759 maintenance of location Effects 0.000 claims 2
- 239000013589 supplement Substances 0.000 claims 2
- 241000283690 Bos taurus Species 0.000 claims 1
- 230000004913 activation Effects 0.000 claims 1
- 238000009223 counseling Methods 0.000 claims 1
- 230000007774 longterm Effects 0.000 claims 1
- 230000001960 triggered effect Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000013524 data verification Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000007792 addition Methods 0.000 description 2
- 230000000875 corresponding effect Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1466—Key-lock mechanism
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/1097—Boot, Start, Initialise, Power
Description
^^1562 A7 B7 經濟部中央標率局員工消費合作社印製 發明説明(i 愛iU1景 1 ·查明領域 本發明係關於電腦系統之領域。更明確地説,本發明係 關於電腦系統之資料安全性。 2 ·實景資訊 用以防•止對於非揮發性儲存體,例如flash記憶體,之 非法寫入的現有方法—般依賴對於寫入致能電路之"秘密" 存取方法。該等對於寫入致能電路之”秘密"存取方法可藉 由使用標準之除錯硬體來加以逆向推導。一旦逆向推導成 功,即可產生能夠任意寫入"受保護之”非揮發性儲存體的 程式碼。如果是以惡意方式來使用該程式碼,則該程式碼 可用以引入病毒於”受保護之"非揮.發性儲存體或者甚至摧 毁非揮發性儲存體之内容。 因此,最好具有一種能夠防止對於非揮發性儲存體之非 法存取的更強健方案,而尤其是一種無需依賴不爲人知之 存取方法的方案。如同下文將更詳細加以説明,本發明達 成遠等及其他所要之結果。 發明板要 根據本發明,一種電子簽名是利用一預先決定之方式來 加以產生並附著於一可轉移之寫入資料單元,以便利在允 許孩寫入資料窝入至一受保護之非揮發性儲存體之前驗證 該寫入資料。該窝入資料是利用一組受保護之驗證功能來 加以驗證。此外,經驗證之寫入資料之實際寫入至受保護 之非揮發性儲存體是由一受保護之拷貝設施來執行。p ^_ ‘ _ - 4 - 本紙張尺度適财(CNS) A4規格(21()>< 297公楚) -~~—------ » (請先閱讀背面之注意事項再填寫本頁) ------T-----„---裝------ — 訂-----Θ線--1 _ 401562 A7 B7 五 、發明説明.( 2 經濟部中央標準局員工消費合作社印製 電子簽名在功能上決定於寫入資料之内容,且 電子簽名之預先決定之方式可在窝入期間加以複製 實例中,電子簽名是由寫入資料之產生者來產生,而其、 法是藉由基於窝人資料之内容利用—訊息摘要功能來產= -摘要,且然後藉由使用-加密功能利用_秘密私 密所產生之摘要。 該組受保護之驗證功能包含該訊息摘要功能之—受保每 之對應拷貝與一受保護之互補解密功能。在運作期間,: ,護之解密功能藉由利用一受保護之互補公鑰以解密電= 簽名來重建原始之摘要,而訊息摘要功能之受保護之拷貝 則基於要驗證之寫入資料的内容來產生另一摘要。該二摘 要是利用一受保護之比較功能來加以比較。如果該二摘要 通過比較測試,則啓動受保護之拷貝設施以拷貝經驗證之 窝入資料至受保護之非揮發性儲存體;否則,則扣絕= 入資料。. μ… 在貫例中,该等驗證功能是藉由在系統啓始期間拷貝 他們至一通常無法存取之系統管理記憶體來加以保護。該 等驗證功能是利用一系統管理中斷(SMI)來加以啓動,而當 系統管理中斷受到致動時,系統管理中斷會自動對映系統 管理記鴣體至正常之系統記憶體空間。一非揮發性記憶體 寫入保護電路是用以審核提供給受保護之非揮發性儲存體 的記憶體寫入訊號,且無論何時請求對於受保護之非揮發 性儲存體進行寫入則用以產生SMI。 附圖簡短説明_ -5 t_n. I h,.....ί ί ! I— - 111 i I - - ; , (請先閔讀背面之注音?事項再填寫本頁j ▼訂-----V 線------ 卜紙張尺度適财關家榇^TcNS ) A4規格(2^〇 X 297公釐) 401582 A7 ----------------— B7 五、發明説明(3 ) 本發明將藉由附圖所于+ _ 口所不艾不範實例,但非限制,來加以 説明,其中相同之參考號碼表示類似之組件,且立中· 圖展示本發明之基本組件與該等組件之相互關係; 圖。展不融人本發明對於保護驗證功能之説明的示範電 腦系統; 圖4更詳細展示示範電腦系統之系統mos,與針對一實 例,作業系統; 圖5更詳細展示圖32FLASH保護電路; 圖6展示在-系統管理模式下之示範電腦系統的執行流程 ;且 圖7展卜用以窝入FLASH記憶體之執行流程的實例。 發明詳鈿説明 在後續説明中,爲了解釋方便起見,將陳述特定之數目 ,材料與组態以提供本發明之完整瞭解。但是,熟悉本技 術領域者應可明白在無該等特定細節之下仍可實現:發明 。在其他情形下,爲眾所知之特點獲得刪除或簡化以避免 模糊本發明。另外,爲容易瞭解起見,某些方法步骤是說 明成爲分別之步驟,但是該等分別加以説明之步驟不應視 爲他們之效能的必要條件。 現在請參看圖1與2,該等圖形展示用以顯示本發明之基 本組件,.與該等組件之相互關係的二方塊圖。如圖所示, 一可轉移•單元之非揮發性儲存體窝入資料1〇〇具備一電子簽 名102以便利在允許窝入資料1〇〇窝入至非揮發性儲存體之 前驗證寫入資料100。最好,電子簽名1〇2„附著於"寫入資 -6- 本纸狀度賴t關家標準(CNS ) A4祕(210 X^97公楚) -*----~- (請先閲讀背面之注意事項再填寫本頁)
印丨 製 訂 ·—*1 線. 401562 A7 B7 五、發明説明(4 料100。可轉移單元之範例包含檔案,或塊區,而非揮發性 儲存體i範例則包含FLASH記憶體或可去除可程式化惟讀 記憶體(EPROM)。寫入資料之範例是系統基本輸入/輸出服 務(BIOS)更新,例如相加,删除與修改。對許多應用而言 ’電子簽名102預期將在產生寫入資料1〇〇之時產生並η附著 於”寫入資料100。 對於所展示之實例,電子簽名102是藉由使用一加密功能 108利用一秘密公鑰! 06以加密一 $考摘要1 〇4來產生。參考 摘要104是利用一訊息摘要功能11 〇來產生。故句話説,參 考摘要104之内容在功能上決定於寫入資料ι〇〇之内容。因 此,電子簽名102之内容在功能上也是決定於寫入資料ι〇〇 之内容。 % 經濟部中央標準局員工消費合作社印裝 ^----1.--.--裝-- ·· ~ (請先闆讀背面之注意事項再填寫本頁) 、1T. 線 在窝入時間,訊息摘要功能112之一受保護之對應拷貝以 即時方式來產生一"新"摘要114。在相同時間,一受保護之 互補解密功能116藉由利用受保護之互補公鑰118以解密電. 子簽名102來重建原始之參考摘要1〇4。提供二摘要1〇4與 114给—受保護之比較功能120以決定是否該二摘要相同。 如果窝入資料100是眞實的則二摘要1〇4與114會相同,因爲 二摘要104與114在功能上皆決定於寫入資料100之内容,皆 是由相同之訊息摘要功能i 10與i 12之拷貝來加以產生,且 加岔是以一互補方式來解密。如果二摘要1 〇4與1丨4比較成 功’則一受保護之拷貝功能122受到通知以執行對於受保護 之非揮發性儲存體之實際寫入;否則則拒絕該寫入資料。 加密功能108與解密功能116可建構在本技術領域爲眾所
401562 經濟部中央標準局員工消費合作社印製 A7 __B7_五、發明説明(5 ) 知之一些私鑰/公鑰加密/解密技術之任一技術。同樣地, 訊息摘要功能110/112也可建構在本技術領域爲眾所知之一 些訊息,要技術之任一技術。若要獲得私鑰/公鑰加密/解 密技術之進一步資訊,請參看例如Heilman等人之美國專利 第 4,218,582號,"Public Key Cryptographic Apparatus and Method"與Rivest等人之美國專利第4,405,829號, "Cryptographic Communications System and Method,";且若 要獲得訊息摘要之進一步資訊,請參看例如美國專利第 4,995,082號,"Method for Identifying Subscribers and for Generating and Verifying Electronic Signatures in a Data Exchange System,1'與 Rivest之 The MD5 Message Digest Algorithm,Request For Comment (RFC) 1321,1992年4 月0 如前所述之電子簽名102之產生與相關該電子簽名102於 窝入資料100可利用在本技術領域爲眾所知之任何數if之電 腦系統來加以實現,只要該等電腦系統能夠儲存及執行訊 息摘要功能110與加密功能108 »預期對於大多數應用而言 ,電子簽名102之產生將在產生寫入資料100之同一電腦系 統上實現。例如,對於前述之系統BIOS更新應用而言,預 期系統BIOS更新與電子簽名102將在相同時間及相同電腦 系統上產生及相關。 圖3展示融入本發明對於在充許窝入資料寫入至一受保護 之非揮發性儲存.體之前驗證寫入資料之説明的一示範電腦 系統200。示範電腦系統200包含處理器212,處理器匯流排 214,快取記憶體216,記憶體控制器218,與多個其他記憶 -8- 1-I ί——'——裝——· - f (請先閱讀背面之注意事項再填寫本頁) --訂-----
線—— I I _Γ: 本纸張又度適用中國國家榡準(CNS ) A4規格(210X297公嫠) 401562 經濟部中央標率局員工消費合作社印製 A 7 1 B7五、發明説明(6 ) 體單元220-224,且前述组件如圖所示彼此耦接。其他記憶 體單元220-224包含主記憶體220,系統管理記憶體222,與 FLASH記憶體224。根據本發明,示範電腦系統200特別包 含FLASH保護電路226。此外,電腦系統200包含橋接電路 228a-228‘b,高效能及標準(輸入/輸出)1/0匯流排230a-230b ,通用輸入/輸出(GPIO)埠232,硬碟及软碟儲存體234-236 ,鍵盤及游標控制裝置238,與顯示器240,且該等組件如 圖所示彼此搞接並耦接至前述之组件。 對於所展示之實例而言,匯流排214,230a與230b是置於 母板242之上。组件212,216-226,228a-228b與232可經由 插座(未加以展示)可移去式連接至母板242或"焊接”至母板 242,而组件234-238則是經由纜線與連接器(未加以展示) 來耦接至母板242。 處理器212執行用以執行程式碼之傳統功能。處理器212 配備成爲可利用多種模式來執行程式碼,而該等模式包含 系統管理模式(SMM)。處理器212也配備成爲可回應多種中 斷,而該等中斷包含系統管理記中斷(SMI),且系統管理中 斷使得處理器212處於SMM。記憶體控制器218與揮發性記 憶體單元216,220及222分別執行用以控制記憶體存取及提 供執行時間儲存之傳統功能。尤其,對於記憶體之每一寫 入,記憶體控制器218產生一針對定址之記憶體單元的 MEMW#訊號。記憶體控制器2 18通常不會對映系統管理記 憶體222成爲正常系統記憶體空間之一部份。當處理器212 進入SMM時,系統管理記憶體222對映至系統記憶體空間 ‘ -9- (請先閱讀背面之注意事項再填寫本頁) 本纸張尺度適用中國國家標準(CNS ) A4規格(210X 297公釐) 經濟部中央標準局員工消費合作社印製 401562 A7 ' B7五、發明説明·( 7 ) 。另外,除了系統啓始,處理器模式轉變,與SMM執行以 外,無法對於系統管理記憶體222進入寫入。 FLASH記憶體224執行用以分別提供非揮發性儲存體之其 傳統功能。尤其,FLASH記憶體224儲存系統BIOS。在系 統啓始期間,對於安全性不敏感之系統BIOS的主體載入主 記憶體220,而對於安全性敏感之剩餘系統BIOS(特別包含 寫入資料驗證功能)則載入系統管理記憶體222。FLASH保 護電路226藉由保持FLASH記憶體224成爲無法受到寫入來 保護FLA.SH記憶體224不會受到非法寫入,並且產生一 SMI 以啓動系統管理記憶體222之受保護之系統BIOS窝入資料 驗證功能以驗證寫入資料,無論何時其致能FLASH記憶體 224以供寫入。通用輸入/輸出埠232也執行他們用以提供輸 入/輸出埠給各種週邊設備之傳統功能。尤其,該等輸入/ 輸出埠之一是用以通知一對於FLASH記憶體224之寫入請求 給FLASH保護電路226。該寫入請求是利用示範電腦系統 200之一標準輸入/輸出指令以窝入輸入/輸出埠之一對應暫 存器來表示。 硬碟儲存體234也執行用以提供非揮發性儲存之傳統功能 。尤其,硬碟儲存體234儲存示範電腦系統200之作業系統 。在系.絲啓始期間,該作業系統載入主記憶體220。所有其 他组件執行他們在本技術領域爲眾所知之傳統功能。除了 特殊化之功能及/或需求以外,所有説明之組件皆是意欲表 示在電腦系統中可發現之極多組件。 圖4更詳細展示示範電腦系統200之系統BIOS與作業系統 -10- 本紙張尺度適用中國國家標準(CNS ) A4規格(210X297公釐) (請先閱讀背面之注意事項再填寫本頁) 401^62 A7 B7 經濟部中央橾準局員工消費合作社印裝 五、發明説明(8 ) 。如圖所示,系統BIOS 260包含啓始功能262,FLASH拷貝 設施264.,訊息摘要功能266,解密功能268,公鑰270,摘 要比較功能272,SMI處理程式274與讀取/寫入服務276,而 對於某些實例而言,作業系統250包含FLASH設施252。 啓始功能262在系統啓始期間啓始系統BIOS 260,包括載 入FLASH拷貝設施264,訊息摘要功能266,解密功能268, 公鑰270,摘要比較功能272,與SMI處理程式274於系統管 理記憶體222。如稍早所述,系統管理記憶體222通常不會 對映至系統管理空間,除非一 SMM受到觸發以使處理器 2 12處於SMM,且無法窝入系統管理記憶體222,除了啓始 ,處理器模式轉變,與SMM執行以外。因此,該等系統 BIOS功能不會遭受惡意篡改。 SMI處埋程式274服務SMI,如果有必要的話則啓動其他功 能(包括窝入資料驗證功能),決定於一特定SMI之起因。 如下文將更詳細加以説明,SMI處理程式274 —旦進入SMM 即獲得控制。如稍早所述,訊息摘要功能266以即時方式來 產生一 FLASH窝入請求之寫入資料的摘要,根據該寫入資 料之内容,且解密功能268利用公鑰270來解密"附著於"該 FLASH窝入請求之寫入資料的電子簽名,以重建該FLASH 寫入資料之原始摘要。摘要比較功能272比較該二摘要,且 最後FLASH拷貝設施264執行經驗證之資料之實際窝入至 FLASH記憶體224。一旦判定FLASH保護電路226觸發一 SMI ,則SMI處理程式274在適當時機啓動訊息摘要功能266, 解密功能268,摘要比較功能272,與FLASH拷貝設施264。 -11 - (請先閲讀背面之注意事項再填寫本頁) ...—„—IT裝-----f—訂·-----線—^― 本紙張尺度適用中國國家標準(CNS ) A4规格(210X297公釐) 經濟部中央標準局員工消費合作杜印製 401S62 A7 B7__ 五、發明説明(9 ) 讀取/寫入服務276提供讀取及窝入服務給輸入/輸出装置 。讀取/寫入服務276屬於在系統啓始期間載入主記憶體22〇 之系統BIOS的主體。 對於某些實例,包含FLASH設施252是用以執行各種與 FLASH相關之功能,而該等功能特別包括藉由讀取/寫入服 務276拷貝FLASH寫入資料自一外部來源媒體至主記憶體 220之一緩衝區,且然後拷貝該FLASH寫入資料自該缓衝區 至FLASH記憶體224,而輸入/輸出服務276啓動訊息摘要功 能266,解密功能268,等等,以驗證該FLASH寫入資料,且 如果獲得證實,則FLASH拷貝設施264執行實際之窝入,而 下文將對此更完整加以説明。此種FLASH寫入資料之範例 有稍早所述之系統BIOS加法,刪除,與修改,而外部來源 媒體之一範例是軟碟。 圖5更詳細展示FLASH保護電路226。如圖所示,FLASH 保護電路226包含第一與第二驅動器278與280。第一驅動器 278之輸入(ENFW#)配備GPIO埠232之輸入/輸出埠之一,而 且第一驅動器278之輸出耦接至一訊號線以耦接一 SMI觸發 機制至處理器212。因此無論何時GPI0埠232設定ENFW#爲 作用以致能寫入,回應於一 FLASH寫入請求,第一驅動器 278導致一針對處理器212之SMI受到觸發。 第二驅動器280之二輸入(ENFW#與MEMW#)分別配備通 用輸入/輸出埠23 2之相同輸入/輸出埠與記憶體控制器218 ,而第二驅動器280之輸出(FLASHWE#)則配備FLASH記憶 體224。FLASHWE#是三態型。當MEMW#與ENFW#皆是作 « -12- 本紙張尺度適用中國國家標隼(CNS )八4^格(2丨0X297公釐) 1-—---'--〆---裝-- -- (請先閱讀背面之注意事項再填寫本頁) 訂'---- 一線丨.. 401S62 A7 B7 五、發明説明(1〇) 經濟部中央標準局員工消費合作社印製 用時,。FLASHWE#變爲作用。換句話説,來自記憶體控 制器218·之窝入訊號(MEMW#)受到ENFW#之審核,而 ENFW#在同一時間經由第一驅動器278來導致一 SMI受到觸 發。因此’錯存於系統管理記憶體222之受保護之驗證功能 會受到啓動以在允許該等窝入資料窝入至FLASH記憶體224 之前驗證該等寫入資料。 圖6展示處於SMM之示範電腦系統的執行流程。如圖所 示’一旦偵出一SMI,則處理器212指示記憶體控制器218 切換並對映系統管理記憶體2 2 2成爲系統記憶體空間之一部 份,且做爲回應,記憶體控制器2〗8據此執行所請求之切換 與對映,步驟282。接著,處理器212儲存處理器狀態於系 統官理記憶體222 ,步驟284 ^ —旦儲存處理器狀態,則處 理器21<轉移執行控制至預先儲存之§1^1處理程式274,步驟 286 〇 SMI處理程式274然後決定SMI之起因並據此服務該SMI, 以啓動其他常式,例如驗證功能,如果有必要的話。一旦 服務該SMI,SMI處理程式274執行—恢復(Resume)指令以 轉移執行控制回到中斷之程式。做爲回應,處理器212回復 儲存於系統管理記憶體222之處理器狀態,步驟288。另外 ’處理器212指示記憶體控制器218去除對映系统管理記憶 體222至系統記憶體空間且脱離系統管理記憶體如。做爲 回應,記憶體控.制器218據此執行所請求之去除對映及切換 ,步螺·290。 因此’ SMI是以-透通於執行之作業系統,;欠系統以及 -13 匕纸張尺度適用中國國家橾準(CNS )八4規格(21〇><297公釐 (請先閱讀背面之注意事項再填寫本頁) ...— 裝---- I- an— 訂-- -m I I · r Ψ mKH tMH ml ml 經濟部中央標準局員工消費合作社印製 401562 A7 ' B7 五、發明説明(11) 應用,的方式來接受服務。換句話説,SMI是一透通式系 統服務中斷。 圖7展示一用以窝入資料至FLASH記憶體224之執行流程 的實例。如圖所示,回應於來自一應用,例如稍早所述之 FLASH設施252,之寫入請求,讀取/寫入服務276設定指向 « 該寫入資料之實體位址指標,步驟302。接著,對於所展示 之實例而言,讀取/寫入服務276產生一軟體SMI以進入 SMM及提供該寫入資料之實體位址指標給SMI處理程式, 步驟304。在此時一軟體SMI,而非指定之GPIO埠232,受 到使用且是較佳,因爲FLASH記憶體在驗證過程期間會維 持受到去能。 一旦進入SMM,如稍早所述,SMI處理程式274獲得控制 。一旦確定SMI之起因,SMI處理程式274啓動訊息摘要功 能266與解密功能268以驗證實體位址指標所辨識之寫入資 料,步驟306。如果該寫入資料未通過驗證過程,步驟308 ,則SMI.處理程式274設定適當之錯誤旗標,步驟310,清 除指定之GPIO埠,步驟3 16,及離開SMM。一旦再度獲得 控制,在執行必要之"清理”之後讀取/寫入服務276返回至 呼叫者。 另一方面,如果在步驟308,寫入資料通過驗證過程,則 SMI處理程式274致能對於FLASH記憶體224之寫入,藉由 設定指定之GPIO埠232,步驟3 12。一旦受到致能,經驗證 之寫入資料拷貝至FLASH記憶體224,步驟314。在拷貝所 有之經驗證的寫入資料以後,如稍早所述,SMI處理程式 -14- (請先閲讀背面之注意事項再填寫本頁) •单 訂' 丨線 本紙張尺度適用中國國家標隼(CMS ) A4規格(210X29?公釐)
五、 發明説明(12) 274清除指定之GPI〇蜂232,並且離開SMM。一旦再度獲得 控制,在執行必要之"清理,,之後讀取/寫入服務276返回至 呼叫者。 如稍早所述,當SMI處理程式274藉由指定之GPIO埠來致 忐對於FLASH記憶體224之寫入時,除了致能FLASH記憶體 224以供寫入以外,一测工受到觸發。但是,因爲此"新 SMI是嘗系統在SMM時受到觸發,該"新" smi受到拾棄。 磙”新"SMI受到觸發之原因是因爲對於所展示之實例而言 ’指定之GPIO琿232可在SMM以外設定。此"自動"SMI將確 保萬一該情形出現則寫入資料將受到驗證,而防止跳過驗 證過程之任何可能性。 因此,本案已説明用以防止非法存取一受保護之非揮發 性記憶體的方法與裝置。雖然已藉著前面所展示之實例來 説明本發明之方法與裝置,熟悉本技術領域者應可認知本 發明並未受限於前述之實例。本發明可利用屬於附加之申 請專利範圍之精神與範疇以内的修改及變更來加以實現。 因此本文之説明應視爲本發明之示範而非限制。 (請先閲讀背面之注意事項再填寫本頁) 裝-------訂.--- - —1·/·-:-·卜線-I - 經濟部中央標準局員工消費合作社印製
Η. 本紙張尺度適用中國國家標準(CNS ) Α4規格(2i〇X297公瘦)
Claims (1)
- 401§β2 第86101163號專利申請案 A8 中文申請專利範圍修正本(89年3 骂 -~—--------- ^ * n«、申請專利範園 ^•f-3 Ά yjn ^.lEj補充 1 · -種料保護非揮發性儲存體*會受到非法窝人之電腦 建構的万法’該種方法是料—包含_受保護之非揮發 性儲存體的電腦系統,該種方法包含下列步驟: a) 保護電腦系統之多個驗證功能,該等驗證功能是 配備成為利用-相關於窝人資料之電子簽名來驗證寫入 至非揮發性儲存體之窝入資料,該電子簽名之内容在功 能上決定於寫入資料之内容; b) .啟動該等驗證功能以驗證每一寫入至非揮發性儲 存體的寫入資料,及只允許經驗證之窝入資料寫入至受 保護之非揮發性儲存體。 2·根據申請專利範圍第1項之該電腦建構的方法,其中步 驟(a)包含儲存該等驗證功能於電腦系統之記憶體的一受 保護部份。 經濟部中央標準局員工消費合作社甲疚 (請先閎讀背面之注意事項再填寫本頁) 3.根據申請專利範圍第2項之該電腦建構的方法,其中步 驟(a)之§亥等驗證功能是建構成為電腦系統之多個系統基 本輸入/輸出服務(BIOS);且步驟(.a)包含在系統啟始期 間拷貝該等多個系統Bios進入電腦系統之系統管理記憶 體’系統管理記憶體通常未對映至電腦系統之一正常系 統1己憶體空間,除了當電腦系統是在系統管理模式之下 執行時以外’且無法寫入該系統管理記憶體,除了系統 啟始及系統執行模式轉變以外。 4·根據申請專利範園第1項之該電腦建構的方法,其中相 關之電子簽名是藉由利用一秘密私鑰以加密第一摘要來 產生,而第一摘要是基於寫入之窝入資料之内容來產 ▲紙張认家標準(CNS ) A4· ( 21〇X297公釐) 401§β2 第86101163號專利申請案 A8 中文申請專利範圍修正本(89年3 骂 -~—--------- ^ * n«、申請專利範園 ^•f-3 Ά yjn ^.lEj補充 1 · -種料保護非揮發性儲存體*會受到非法窝人之電腦 建構的万法’該種方法是料—包含_受保護之非揮發 性儲存體的電腦系統,該種方法包含下列步驟: a) 保護電腦系統之多個驗證功能,該等驗證功能是 配備成為利用-相關於窝人資料之電子簽名來驗證寫入 至非揮發性儲存體之窝入資料,該電子簽名之内容在功 能上決定於寫入資料之内容; b) .啟動該等驗證功能以驗證每一寫入至非揮發性儲 存體的寫入資料,及只允許經驗證之窝入資料寫入至受 保護之非揮發性儲存體。 2·根據申請專利範圍第1項之該電腦建構的方法,其中步 驟(a)包含儲存該等驗證功能於電腦系統之記憶體的一受 保護部份。 經濟部中央標準局員工消費合作社甲疚 (請先閎讀背面之注意事項再填寫本頁) 3.根據申請專利範圍第2項之該電腦建構的方法,其中步 驟(a)之§亥等驗證功能是建構成為電腦系統之多個系統基 本輸入/輸出服務(BIOS);且步驟(.a)包含在系統啟始期 間拷貝該等多個系統Bios進入電腦系統之系統管理記憶 體’系統管理記憶體通常未對映至電腦系統之一正常系 統1己憶體空間,除了當電腦系統是在系統管理模式之下 執行時以外’且無法寫入該系統管理記憶體,除了系統 啟始及系統執行模式轉變以外。 4·根據申請專利範園第1項之該電腦建構的方法,其中相 關之電子簽名是藉由利用一秘密私鑰以加密第一摘要來 產生,而第一摘要是基於寫入之窝入資料之内容來產 ▲紙張认家標準(CNS ) A4· ( 21〇X297公釐) 4Q1B62申請專利範圍 經濟部中央標隼局員工消費合作社印" 生;且步驟(b)包含: (b.l)啟動受保護之驗等功 菇士 r 力牝义一受保護的解密功能以 猎由利用一受保護之公瑜 _ 奸在相關疋電子簽名來重建 矛一摘要,而該公鑰與該秘密私鑰形成互補; (b.2)啟動党保護之驗蜂功b 〜m —受保護的訊息摘要功 月b以基於孩寫入之耷久咨祉‘ 冩入貪枓的内容來產生第二摘要;及 (b · 3)啟動受保護之驗辞_工六合u 士 — 也功叱 受保護的摘要比較功 旎以猎由比較第一盥第-插i水 ^ 一弟一摘要來決定是否該寫入之寫入 資料是真實的。 5. 根據申請專利範圍第4項之該電腦建構的方法,其中步 步包含步驟㈣’而步驟(b4)有條件地啟動 .受保護之驗證功能之—受保護的拷貝設施以拷貝該窝入 資料進人受《之非揮發性料體,如果在步驟(b3)中 第一及第二摘要通過比較測試的話。 6. —種電腦系統’該種電腦系統包含: (a ) —非揮發性儲存體; (b)多個用以在運作期間驗證寫入至非揮發性儲存體 之寫入資料的驗證功能,該等驗證功能利用一相關於該 寫入資料之電子簽名來驗證該窝入資料,該電子簽名之 内容在功能上決定於該窝入資料的内容; (c ) 一用以在運作期間儲存及保護該等多個驗證功能 之受保護之記憶體單元;及 (d) —耦接至非揮發性儲存體及受保護之記憶纽單元 的處理器,該處理器是用以在運作期間啟動驗證功能以 -2 - 表紙張尺度適用中國國家梂準(CNS ) A4規格(210X297公釐) {請先聞讀背面之注意事項再填寫本頁) 訂 - H: 401562 ABCD 經濟部中央標準局員工消費合作社印製 六、申請專利範圍 驗證每一寫入至非揮發性儲存體之寫入資料,及只允許 經驗證之窝入資料窝入至非揮發性儲存體。 7.根據申請專利範圍第6項之電腦系統,其中該等多個驗 證功能包含: 、一藉由利用一公鑰以解密電子簽名來重建第一摘要之 解密功能,而該電子簽名是藉由利用一秘密私鑰以一互 補方式加密第一摘要_來產生; 一用以基於該窝入之寫入資料的内容以相同於產生第 一摘要之方式來產生第二摘要的訊息摘要功能,及 一藉由比較第一與第二摘要來決定是否該寫入之寫入 資料是真實之摘要比較功能。 8..根據申請專利範圍第7項之電腦系統,其中解密功能, 訊息摘要功能與摘要比較功能是建構成為電腦系統之多 個系統基本輸入/輸出服務(BIOS),該等系統輸入/輸出 服務是在系統啟始期間拷貝進入受保護之記憶體單元, 受保護之記憶體單元通常未對映至電腦系統之一正常系 統記憶體空間,除了當處理器是在系統管理模式之下執 行時以外,且無法寫入受保護之記憶體單元,除了系統 啟始及系統執行模式轉變以外。 9.根據申請專利範圍第8項之電腦系統,其中 一 非揮發性儲存體是一用以儲存系統BIOS之FLASH記憶 體儲存單元; 解密功能,訊息摘要功能,摘要加密功能與公鑰預先 儲存於FLASH記憶體儲存單元; -3- (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度逋用t國國家標準(CNS )_八4規格(210X297公嫠) 401562 Α8 Β8 C8 D8 經濟部中央標準局員工消費合作社印製 六、申請專利範圍 電腦系統進一步包含耦接至處理器之主記憶體;且 寫入之寫入資料是儲存於主記憶體之一緩衝器的系統 BIOS更新。 10. 根據申請專利範圍第9項之電腦系統*其牛 電腦系統進一步包含一耦接至處理器,主記憶體,受 保護之記憶體單元與FLASH記憶體以控制記憶體存取的 記憶體控制器; 一耦接至記憶體控制器與FLASH記憶體以審核記憶體 控制器提供給FLASH記憶體以進行寫入之一寫入訊號, 及產生一中斷以使處理器處於系統管理模式的FLASH保 護電路。 11. 根據申請專利範圍第1 0項之電腦系統,其中 電腦系統進一步包含一耦接至處理器與FLASH保護電 . 路以通知該窝入給FLASH保護電路之輸入/輸出埠。 12. 根據申請專利範圍第7項之電腦系統,其中該等多個驗 證功能進一步包含一拷貝功能,而該拷貝功能是用以有 條件地拷貝該寫入之寫入資料進入非揮發性儲存體,如 果第一與第二摘要通過摘要比較功能之比較的話。 13. —種電腦系統母板,該種電腦系統母板包含: (a) 一非揮發性記憶體儲存單元;及 (b) 儲存於該非揮發性記憶體儲存單元之系統基本輸 入/輸出服務(BIOS),該BIOS包含多個用以驗證在電腦 系統之運作期間進入非揮發性儲存單元之寫入資料的驗 證功能,且該非揮發性儲存單元與電腦系統母板整合, -4- (請先閲讀背面之注意事項再填寫本頁) 、-'口 本紙張X·度適用t國國家標準(CNS )·Α4規格(210父297公鼇) 401B62 ABCD 經濟部中央標準局員工消費合作社印製 ^·、申請專利範圍 該驗證功能利用一相關於該等系統BIOS更新之電予簽名 來驗證該等系統BIOS更新,該電子簽名之内容在功能上 決定於該等系統BIOS更新之内容。 14. 根據申請專利範圍第1 3項之電腦系統母板,其中電腦系 統母板進一步包含: (c) 用以儲存系統BIOS更新於一缓衝器之主記憶體。 15. 根據申請專利範園第1 4項之電腦系統母板,其中電腦系 統母板進一步包含: (d) 用以在電腦系統之運作期間儲存及保護該等多個 驗證功能之系統管理記憶體,該等多個驗證功能是在系 統啟始期間拷貝進入系統管理記憶體,系統管理記憶體 通常未對映至電腦系統之一正常系統記憶體空間,除了 當電腦系統是在系統管理模式之下執行時以外,且無法 寫入該系統管理記憶體,除了系統啟始及系統執行模式 轉變以外。 16. 根據申請專利範圍第1 5項之電腦系統母板,其中電腦系 統母板進一步包含: (e) 一耦接至非揮發性記憶體儲存體及系統管.理記憶 體的處理器,該處理器是用以在處潘系統管理模式之電 腦系統之運作期間啟動驗證功能以驗證系統BIOS更新, 及只允許經驗證之系統BIOS更新自主記憶體之缓衝器窝 入至非揮發性記憶體儲存單元。 17. 稂據申請專利範圍第1 6項之電腦系統母板,其中電腦系 統母板進一步包含: -5- (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度逋用中國國家標準(CNS ) A4規格(210X297公釐) ABCD 六、申請專利範圍 (f) 一辆接至處理器,主記憶體,系統管理記憶體及 非揮發.性記憶體儲存單元以控制記憶體存取的記憶體控 制器; (g) —耦接至記憶體控制器與非揮發性記憶體儲存單 元以審核記憶體控制器提供給非揮發性記憶體儲存單元 以進行窝入之一窝入訊號,該窝入訊號受到啟始以寫入 系統BIOS更新於非揮發性記憶體儲存單元,及產生一中 斷以使電腦系統處於系統管理模式的非揮發性記憶體存 取保護電路。. 18.根據申請專利範圍第1 7項之電腦系統母板,其中電腦系 統母板進一步包含一耦接至處理器與非揮發性記憶體存 取保護電路以通知該寫入給非揮發性記憶體保護電路之 輸入/輸出淳。 19_根據申請專利範圍第1 3項之電腦系統母板,其中該等多 個驗證功能包含: 一藉由利用一公鑰以解密電子簽名來重建第一摘要之 解密功能,該電子簽名是藉由利用一秘密私鑰以一互補 方式加密第一摘要來產生; 經濟部中央標隼局員工消費合乍:i.f泛 一用以基於系統BIOS更新的内容以相同於產生第一摘 要之方式來產生第二摘要的訊息摘要功能;及 一藉由比較第一與第二摘要來決定是否系統BIOS更新 是真實之摘要比較功能。 2〇,根據申請專利範圍第1 9項之電腦系統母板,其中餘等多 個驗證功能進一步包含一拷貝功能,而該拷貝功能是用 -6 - 本紙張尺度逋用中國國家標準(CNS ).A4規格(210><297公度) A8 B8 C8 D8 六、申請專利範圍 以有條件地拷貝該等系統BIOS更新進入非揮發性記憶體 儲存單元,如果第一與第二摘要通過摘要比較功能之比 較的話。 (請先閎讀背面之注意事項再填寫本頁) -7- 本紙張尺度適用中國國家標準(CNS )_A4規格(210X297公嫠)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/598,803 US5835594A (en) | 1996-02-09 | 1996-02-09 | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
Publications (1)
Publication Number | Publication Date |
---|---|
TW401562B true TW401562B (en) | 2000-08-11 |
Family
ID=24396977
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW086101163A TW401562B (en) | 1996-02-09 | 1997-01-31 | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
Country Status (6)
Country | Link |
---|---|
US (3) | US5835594A (zh) |
EP (2) | EP1467513A3 (zh) |
AU (1) | AU1859197A (zh) |
DE (1) | DE69733123T2 (zh) |
TW (1) | TW401562B (zh) |
WO (1) | WO1997029569A1 (zh) |
Families Citing this family (228)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
GB9605338D0 (en) * | 1996-03-13 | 1996-05-15 | Arendee Ltd | Improvements in or relating to computer systems |
JP3540511B2 (ja) * | 1996-06-18 | 2004-07-07 | 株式会社東芝 | 電子署名検証装置 |
US7127741B2 (en) | 1998-11-03 | 2006-10-24 | Tumbleweed Communications Corp. | Method and system for e-mail message transmission |
US7117358B2 (en) * | 1997-07-24 | 2006-10-03 | Tumbleweed Communications Corp. | Method and system for filtering communication |
JP3932319B2 (ja) | 1997-07-24 | 2007-06-20 | タンブルウィード コミュニケーションズ コーポレイション | 格納された鍵による暗号化/暗号解読を用いた電子メール用ファイアウォール |
US6378072B1 (en) | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US6243809B1 (en) * | 1998-04-30 | 2001-06-05 | Compaq Computer Corporation | Method of flash programming or reading a ROM of a computer system independently of its operating system |
US6401208B2 (en) * | 1998-07-17 | 2002-06-04 | Intel Corporation | Method for BIOS authentication prior to BIOS execution |
US6832320B1 (en) * | 1998-07-28 | 2004-12-14 | Hewlett-Packard Development Company, L.P. | Ownership tag on power-up screen |
US6405311B1 (en) * | 1998-07-28 | 2002-06-11 | Compaq Computer Corporation | Method for storing board revision |
US6735696B1 (en) | 1998-08-14 | 2004-05-11 | Intel Corporation | Digital content protection using a secure booting method and apparatus |
US6327660B1 (en) | 1998-09-18 | 2001-12-04 | Intel Corporation | Method for securing communications in a pre-boot environment |
US6122732A (en) * | 1998-10-23 | 2000-09-19 | Compaq Computer Corporation | System management interrupt for a desktop management interface/system management basic input output system interface function |
JP2000231626A (ja) * | 1998-12-07 | 2000-08-22 | Hitachi Ltd | 電子筆記具および電子記載方法 |
US6408387B1 (en) * | 1999-01-22 | 2002-06-18 | Intel Corporation | Preventing unauthorized updates to a non-volatile memory |
US6795837B1 (en) | 1999-03-31 | 2004-09-21 | Intel Corporation | Programmable random bit source |
US6643374B1 (en) | 1999-03-31 | 2003-11-04 | Intel Corporation | Duty cycle corrector for a random number generator |
US6647494B1 (en) | 1999-06-14 | 2003-11-11 | Intel Corporation | System and method for checking authorization of remote configuration operations |
US6598165B1 (en) * | 1999-06-18 | 2003-07-22 | Phoenix Technologies Ltd. | Secure memory |
US6715074B1 (en) * | 1999-07-27 | 2004-03-30 | Hewlett-Packard Development Company, L.P. | Virus resistant and hardware independent method of flashing system bios |
US7814337B2 (en) * | 2000-01-06 | 2010-10-12 | Super Talent Electronics, Inc. | Secure flash-memory card reader with host-encrypted data on a flash-controller-mastered bus parallel to a local CPU bus carrying encrypted hashed password and user ID |
DE19946959B4 (de) * | 1999-09-30 | 2009-05-07 | Fujitsu Siemens Computers Gmbh | Verfahren zum Laden von Daten für grundlegende Systemroutinen |
US6895556B1 (en) | 1999-11-12 | 2005-05-17 | International Business Machines Corporation | System and method for providing access to displayed data |
TW452733B (en) * | 1999-11-26 | 2001-09-01 | Inventec Corp | Method for preventing BIOS from viruses infection |
US6769059B1 (en) | 1999-12-17 | 2004-07-27 | Intel Corporation | System for updating computer's existing video BIOS without updating the whole computer's system BIOS |
US6629192B1 (en) | 1999-12-30 | 2003-09-30 | Intel Corporation | Method and apparatus for use of a non-volatile storage management system for PC/AT compatible system firmware |
US6594663B2 (en) | 1999-12-30 | 2003-07-15 | Intel Corporation | Method and apparatus for implementing and maintaining a configuration database |
US6785806B1 (en) | 1999-12-30 | 2004-08-31 | Intel Corporation | Bios having macro/effector pairs for hardware initialization |
US6732261B2 (en) * | 1999-12-30 | 2004-05-04 | Intel Corporation | Method and apparatus for implementing a register scan process |
DE10002203B4 (de) * | 2000-01-19 | 2009-12-10 | Robert Bosch Gmbh | Verfahren zum Schutz eines Mikrorechner-Systems gegen Manipulation von in einer Speicheranordnung des Mikrorechner-Systems gespeicherten Daten |
US6615286B1 (en) | 2000-02-14 | 2003-09-02 | Intel Corporation | Method and apparatus for updating device driver control data |
CA2402389A1 (en) * | 2000-03-08 | 2002-09-19 | Shuffle Master, Inc. | Computerized gaming system, method and apparatus |
US7043641B1 (en) * | 2000-03-08 | 2006-05-09 | Igt | Encryption in a secure computerized gaming system |
US7988559B2 (en) * | 2001-03-08 | 2011-08-02 | Igt | Computerized gaming system, method and apparatus |
US6934817B2 (en) | 2000-03-31 | 2005-08-23 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US7082615B1 (en) | 2000-03-31 | 2006-07-25 | Intel Corporation | Protecting software environment in isolated execution |
US7013484B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Managing a secure environment using a chipset in isolated execution mode |
US6760441B1 (en) | 2000-03-31 | 2004-07-06 | Intel Corporation | Generating a key hieararchy for use in an isolated execution environment |
US6769058B1 (en) | 2000-03-31 | 2004-07-27 | Intel Corporation | Resetting a processor in an isolated execution environment |
US6990579B1 (en) | 2000-03-31 | 2006-01-24 | Intel Corporation | Platform and method for remote attestation of a platform |
US6996710B1 (en) | 2000-03-31 | 2006-02-07 | Intel Corporation | Platform and method for issuing and certifying a hardware-protected attestation key |
US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
US7356817B1 (en) | 2000-03-31 | 2008-04-08 | Intel Corporation | Real-time scheduling of virtual machines |
US6687721B1 (en) | 2000-03-31 | 2004-02-03 | Intel Corporation | Random number generator with entropy accumulation |
US7073071B1 (en) | 2000-03-31 | 2006-07-04 | Intel Corporation | Platform and method for generating and utilizing a protected audit log |
US7089418B1 (en) | 2000-03-31 | 2006-08-08 | Intel Corporation | Managing accesses in a processor for isolated execution |
US7073064B1 (en) * | 2000-03-31 | 2006-07-04 | Hewlett-Packard Development Company, L.P. | Method and apparatus to provide enhanced computer protection |
US6754815B1 (en) | 2000-03-31 | 2004-06-22 | Intel Corporation | Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set |
US7194634B2 (en) | 2000-03-31 | 2007-03-20 | Intel Corporation | Attestation key memory device and bus |
US7013481B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Attestation key memory device and bus |
US6507904B1 (en) | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US6792438B1 (en) * | 2000-03-31 | 2004-09-14 | Intel Corporation | Secure hardware random number generator |
US6795905B1 (en) | 2000-03-31 | 2004-09-21 | Intel Corporation | Controlling accesses to isolated memory using a memory controller for isolated execution |
US6957332B1 (en) | 2000-03-31 | 2005-10-18 | Intel Corporation | Managing a secure platform using a hierarchical executive architecture in isolated execution mode |
US6633963B1 (en) | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US20030121027A1 (en) * | 2000-06-23 | 2003-06-26 | Hines Kenneth J. | Behavioral abstractions for debugging coordination-centric software designs |
US6976162B1 (en) | 2000-06-28 | 2005-12-13 | Intel Corporation | Platform and method for establishing provable identities while maintaining privacy |
US6986052B1 (en) * | 2000-06-30 | 2006-01-10 | Intel Corporation | Method and apparatus for secure execution using a secure memory partition |
US7389427B1 (en) | 2000-09-28 | 2008-06-17 | Intel Corporation | Mechanism to secure computer output from software attack using isolated execution |
US7793111B1 (en) * | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
US7111005B1 (en) * | 2000-10-06 | 2006-09-19 | Oracle International Corporation | Method and apparatus for automatic database encryption |
US7484081B1 (en) * | 2000-10-10 | 2009-01-27 | Altera Corporation | Method and apparatus for protecting designs in SRAM-based programmable logic devices |
US7797729B2 (en) * | 2000-10-26 | 2010-09-14 | O2Micro International Ltd. | Pre-boot authentication system |
US7215781B2 (en) | 2000-12-22 | 2007-05-08 | Intel Corporation | Creation and distribution of a secret value between two devices |
US20020083318A1 (en) * | 2000-12-26 | 2002-06-27 | Larose Gordon Edward | Method and system for software integrity control using secure hardware assist |
US7035963B2 (en) | 2000-12-27 | 2006-04-25 | Intel Corporation | Method for resolving address space conflicts between a virtual machine monitor and a guest operating system |
US6907600B2 (en) | 2000-12-27 | 2005-06-14 | Intel Corporation | Virtual translation lookaside buffer |
US7225441B2 (en) * | 2000-12-27 | 2007-05-29 | Intel Corporation | Mechanism for providing power management through virtualization |
US7818808B1 (en) | 2000-12-27 | 2010-10-19 | Intel Corporation | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
US6976172B2 (en) * | 2000-12-28 | 2005-12-13 | Intel Corporation | System and method for protected messaging |
US7350083B2 (en) * | 2000-12-29 | 2008-03-25 | Intel Corporation | Integrated circuit chip having firmware and hardware security primitive device(s) |
US7016494B2 (en) * | 2001-03-26 | 2006-03-21 | Hewlett-Packard Development Company, L.P. | Multiple cryptographic key precompute and store |
US7120248B2 (en) * | 2001-03-26 | 2006-10-10 | Hewlett-Packard Development Company, L.P. | Multiple prime number generation using a parallel prime number search algorithm |
US7096497B2 (en) * | 2001-03-30 | 2006-08-22 | Intel Corporation | File checking using remote signing authority via a network |
US7272831B2 (en) | 2001-03-30 | 2007-09-18 | Intel Corporation | Method and apparatus for constructing host processor soft devices independent of the host processor operating system |
US20020144121A1 (en) * | 2001-03-30 | 2002-10-03 | Ellison Carl M. | Checking file integrity using signature generated in isolated execution |
US7206933B2 (en) * | 2001-07-09 | 2007-04-17 | Advanced Micro Devices, Inc. | Software modem with privileged mode driver authentication |
US6973566B2 (en) * | 2001-07-09 | 2005-12-06 | Advanced Micro Devices, Inc. | Software modem with privileged mode oversight of control parameters |
US7096353B2 (en) * | 2001-07-09 | 2006-08-22 | Advanced Micro Devices, Inc. | Software modem with privileged mode decryption of control codes |
US7162036B2 (en) * | 2001-08-06 | 2007-01-09 | Igt | Digital identification of unique game characteristics |
US6685567B2 (en) * | 2001-08-08 | 2004-02-03 | Igt | Process verification |
US7191440B2 (en) | 2001-08-15 | 2007-03-13 | Intel Corporation | Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor |
US7484105B2 (en) * | 2001-08-16 | 2009-01-27 | Lenovo (Singapore) Ptd. Ltd. | Flash update using a trusted platform module |
US20030037244A1 (en) * | 2001-08-16 | 2003-02-20 | International Business Machines Corporation | System management interrupt generation upon completion of cryptographic operation |
WO2003023647A1 (en) * | 2001-09-10 | 2003-03-20 | Igt | Method for developing gaming programs compatible with a computerized gaming operating system and apparatus |
US6711690B2 (en) | 2001-09-17 | 2004-03-23 | International Business Machines Corporation | Secure write blocking circuit and method for preventing unauthorized write access to nonvolatile memory |
US7931533B2 (en) | 2001-09-28 | 2011-04-26 | Igt | Game development architecture that decouples the game logic from the graphics logics |
US6902481B2 (en) * | 2001-09-28 | 2005-06-07 | Igt | Decoupling of the graphical presentation of a game from the presentation logic |
US8708828B2 (en) * | 2001-09-28 | 2014-04-29 | Igt | Pluggable modular gaming modifiers and configuration templates for gaming environments |
US7024555B2 (en) * | 2001-11-01 | 2006-04-04 | Intel Corporation | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
CA2469839A1 (en) * | 2001-11-26 | 2003-06-05 | Igt | Pass-through live validation device and method |
US7865948B1 (en) | 2001-12-03 | 2011-01-04 | Advanced Micro Devices, Inc. | Method and apparatus for restricted execution of security sensitive instructions |
US7103771B2 (en) * | 2001-12-17 | 2006-09-05 | Intel Corporation | Connecting a virtual token to a physical token |
US20030126454A1 (en) * | 2001-12-28 | 2003-07-03 | Glew Andrew F. | Authenticated code method and apparatus |
DE10164419A1 (de) * | 2001-12-29 | 2003-07-17 | Philips Intellectual Property | Verfahren und Anordnung zum Schutz von digitalen Schaltungsteilen |
US7308576B2 (en) | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
US20030126453A1 (en) * | 2001-12-31 | 2003-07-03 | Glew Andrew F. | Processor supporting execution of an authenticated code instruction |
US20030135744A1 (en) * | 2002-01-11 | 2003-07-17 | International Business Machines Corporation | Method and system for programming a non-volatile device in a data processing system |
US7480806B2 (en) | 2002-02-22 | 2009-01-20 | Intel Corporation | Multi-token seal and unseal |
US7124273B2 (en) * | 2002-02-25 | 2006-10-17 | Intel Corporation | Method and apparatus for translating guest physical addresses in a virtual machine environment |
US7631196B2 (en) | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
US7028149B2 (en) | 2002-03-29 | 2006-04-11 | Intel Corporation | System and method for resetting a platform configuration register |
US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US20030191943A1 (en) * | 2002-04-05 | 2003-10-09 | Poisner David I. | Methods and arrangements to register code |
US7076669B2 (en) * | 2002-04-15 | 2006-07-11 | Intel Corporation | Method and apparatus for communicating securely with a token |
US20030196100A1 (en) * | 2002-04-15 | 2003-10-16 | Grawrock David W. | Protection against memory attacks following reset |
US7058807B2 (en) * | 2002-04-15 | 2006-06-06 | Intel Corporation | Validation of inclusion of a platform within a data center |
US7127548B2 (en) | 2002-04-16 | 2006-10-24 | Intel Corporation | Control register access virtualization performance improvement in the virtual-machine architecture |
EP1357454A1 (en) * | 2002-04-23 | 2003-10-29 | Hewlett-Packard Company | Data processing system and method with protected BIOS |
US20030203755A1 (en) * | 2002-04-25 | 2003-10-30 | Shuffle Master, Inc. | Encryption in a secure computerized gaming system |
US7139890B2 (en) | 2002-04-30 | 2006-11-21 | Intel Corporation | Methods and arrangements to interface memory |
US20030226014A1 (en) * | 2002-05-31 | 2003-12-04 | Schmidt Rodney W. | Trusted client utilizing security kernel under secure execution mode |
US6820177B2 (en) | 2002-06-12 | 2004-11-16 | Intel Corporation | Protected configuration space in a protected environment |
US7142674B2 (en) | 2002-06-18 | 2006-11-28 | Intel Corporation | Method of confirming a secure key exchange |
US7392415B2 (en) * | 2002-06-26 | 2008-06-24 | Intel Corporation | Sleep protection |
US7124327B2 (en) | 2002-06-29 | 2006-10-17 | Intel Corporation | Control over faults occurring during the operation of guest software in the virtual-machine architecture |
US6996748B2 (en) | 2002-06-29 | 2006-02-07 | Intel Corporation | Handling faults associated with operation of guest software in the virtual-machine architecture |
US6904493B2 (en) * | 2002-07-11 | 2005-06-07 | Animeta Systems, Inc. | Secure flash memory device and method of operation |
US7296267B2 (en) | 2002-07-12 | 2007-11-13 | Intel Corporation | System and method for binding virtual machines to hardware contexts |
EP1391819A1 (en) * | 2002-08-19 | 2004-02-25 | Hewlett-Packard Company | Data processing system and method |
US7165181B2 (en) | 2002-11-27 | 2007-01-16 | Intel Corporation | System and method for establishing trust without revealing identity |
US20040117532A1 (en) * | 2002-12-11 | 2004-06-17 | Bennett Steven M. | Mechanism for controlling external interrupts in a virtual machine system |
US7073042B2 (en) | 2002-12-12 | 2006-07-04 | Intel Corporation | Reclaiming existing fields in address translation data structures to extend control over memory accesses |
US7318235B2 (en) * | 2002-12-16 | 2008-01-08 | Intel Corporation | Attestation using both fixed token and portable token |
US20040117318A1 (en) * | 2002-12-16 | 2004-06-17 | Grawrock David W. | Portable token controlling trusted environment launch |
US7318141B2 (en) | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
US7793286B2 (en) * | 2002-12-19 | 2010-09-07 | Intel Corporation | Methods and systems to manage machine state in virtual machine operations |
US7900017B2 (en) | 2002-12-27 | 2011-03-01 | Intel Corporation | Mechanism for remapping post virtual machine memory pages |
US20040128345A1 (en) * | 2002-12-27 | 2004-07-01 | Robinson Scott H. | Dynamic service registry |
US20040128465A1 (en) * | 2002-12-30 | 2004-07-01 | Lee Micheil J. | Configurable memory bus width |
US20040153601A1 (en) * | 2003-02-04 | 2004-08-05 | Blankenagel John A. | General purpose lines for memory write protection |
US7123143B2 (en) * | 2003-02-11 | 2006-10-17 | Topaz Systems, Inc. | Wireless signature management system |
EP1447733A1 (en) * | 2003-02-17 | 2004-08-18 | Hewlett-Packard Development Company, L.P. | Data processing system and method |
JP4346326B2 (ja) * | 2003-02-27 | 2009-10-21 | 富士通株式会社 | セキュリティシステム、情報管理システム、暗号化支援システム、およびコンピュータプログラム |
JP2004287541A (ja) * | 2003-03-19 | 2004-10-14 | Matsushita Electric Ind Co Ltd | 不揮発性メモリのアクセス制御システム |
US7415708B2 (en) | 2003-06-26 | 2008-08-19 | Intel Corporation | Virtual machine management using processor state information |
GB2404487A (en) * | 2003-07-31 | 2005-02-02 | Sony Uk Ltd | Access control for digital storage medium content |
US7177888B2 (en) | 2003-08-01 | 2007-02-13 | Intel Corporation | Programmable random bit source |
US7424709B2 (en) | 2003-09-15 | 2008-09-09 | Intel Corporation | Use of multiple virtual machine monitors to handle privileged events |
US7287197B2 (en) * | 2003-09-15 | 2007-10-23 | Intel Corporation | Vectoring an interrupt or exception upon resuming operation of a virtual machine |
US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
US7610611B2 (en) | 2003-09-19 | 2009-10-27 | Moran Douglas R | Prioritized address decoder |
US7681046B1 (en) | 2003-09-26 | 2010-03-16 | Andrew Morgan | System with secure cryptographic capabilities using a hardware specific digital secret |
US20050080934A1 (en) | 2003-09-30 | 2005-04-14 | Cota-Robles Erik C. | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US7366305B2 (en) | 2003-09-30 | 2008-04-29 | Intel Corporation | Platform and method for establishing trust without revealing identity |
US7177967B2 (en) | 2003-09-30 | 2007-02-13 | Intel Corporation | Chipset support for managing hardware interrupts in a virtual machine system |
US7237051B2 (en) | 2003-09-30 | 2007-06-26 | Intel Corporation | Mechanism to control hardware interrupt acknowledgement in a virtual machine system |
US7562230B2 (en) * | 2003-10-14 | 2009-07-14 | Intel Corporation | Data security |
US7636844B2 (en) | 2003-11-17 | 2009-12-22 | Intel Corporation | Method and system to provide a trusted channel within a computer system for a SIM device |
US20050108534A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Providing services to an open platform implementing subscriber identity module (SIM) capabilities |
US20050108171A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform |
US7694151B1 (en) * | 2003-11-20 | 2010-04-06 | Johnson Richard C | Architecture, system, and method for operating on encrypted and/or hidden information |
US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
CN1632828A (zh) * | 2003-12-24 | 2005-06-29 | 劲永国际股份有限公司 | 一种对资料加密保护的usb界面资料处理卡 |
US20050152539A1 (en) * | 2004-01-12 | 2005-07-14 | Brickell Ernie F. | Method of protecting cryptographic operations from side channel attacks |
US7836219B1 (en) * | 2004-02-10 | 2010-11-16 | Pmc-Sierra Us, Inc. | System and method for authentication of embedded RAID on a host RAID card |
US7802085B2 (en) | 2004-02-18 | 2010-09-21 | Intel Corporation | Apparatus and method for distributing private keys to an entity with minimal secret, unique information |
FR2867871B1 (fr) * | 2004-03-19 | 2007-08-24 | Secure Machines Sa | Procede et dispositif de securisation de l'acces a un peripherique |
US20050216920A1 (en) * | 2004-03-24 | 2005-09-29 | Vijay Tewari | Use of a virtual machine to emulate a hardware device |
US7356735B2 (en) | 2004-03-30 | 2008-04-08 | Intel Corporation | Providing support for single stepping a virtual machine in a virtual machine environment |
US7620949B2 (en) | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
US7490070B2 (en) | 2004-06-10 | 2009-02-10 | Intel Corporation | Apparatus and method for proving the denial of a direct proof signature |
US20050288056A1 (en) * | 2004-06-29 | 2005-12-29 | Bajikar Sundeep M | System including a wireless wide area network (WWAN) module with an external identity module reader and approach for certifying the WWAN module |
US7305592B2 (en) | 2004-06-30 | 2007-12-04 | Intel Corporation | Support for nested fault in a virtual machine environment |
WO2006005292A1 (de) * | 2004-07-14 | 2006-01-19 | Siemens Aktiengesellschaft | Anordnung, umfassend einen prozessor und einen über eine datenverbindung mit dem prozessor verbundenen speicher |
FR2874440B1 (fr) * | 2004-08-17 | 2008-04-25 | Oberthur Card Syst Sa | Procede et dispositif de traitement de donnees |
EP1632829A1 (en) * | 2004-09-03 | 2006-03-08 | Canal + Technologies | Data integrity checking circuit |
US8566616B1 (en) | 2004-09-10 | 2013-10-22 | Altera Corporation | Method and apparatus for protecting designs in SRAM-based programmable logic devices and the like |
US8612772B1 (en) * | 2004-09-10 | 2013-12-17 | Altera Corporation | Security core using soft key |
US7840962B2 (en) | 2004-09-30 | 2010-11-23 | Intel Corporation | System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time |
US7711965B2 (en) | 2004-10-20 | 2010-05-04 | Intel Corporation | Data security |
US8146078B2 (en) | 2004-10-29 | 2012-03-27 | Intel Corporation | Timer offsetting mechanism in a virtual machine environment |
US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
US8745364B2 (en) * | 2004-12-13 | 2014-06-03 | Intel Corporation | Method and apparatus for enabling non-volatile content filtering |
US8533777B2 (en) | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
US7685418B1 (en) | 2005-01-19 | 2010-03-23 | Altera Corporation | Mechanisms and techniques for protecting intellectual property |
US7395405B2 (en) | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
US7774596B2 (en) * | 2005-02-02 | 2010-08-10 | Insyde Software Corporation | System and method for updating firmware in a secure manner |
US7487222B2 (en) * | 2005-03-29 | 2009-02-03 | International Business Machines Corporation | System management architecture for multi-node computer system |
US20060265544A1 (en) * | 2005-05-17 | 2006-11-23 | John Rudelic | Internally authenticated flash remediation |
US8670561B1 (en) * | 2005-06-02 | 2014-03-11 | Altera Corporation | Method and apparatus for limiting use of IP |
US7600259B2 (en) * | 2005-06-08 | 2009-10-06 | Symantec Corporation | Critical period protection |
US8639946B2 (en) | 2005-06-24 | 2014-01-28 | Sigmatel, Inc. | System and method of using a protected non-volatile memory |
US20070168574A1 (en) * | 2005-09-28 | 2007-07-19 | Dell Products L.P. | System and method for securing access to general purpose input/output ports in a computer system |
US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
FR2893436B1 (fr) * | 2005-11-15 | 2008-02-15 | Oberthur Card Syst Sa | Securisation entre des composants electroniques d'une entite electronique securisee portable |
US8195945B2 (en) * | 2005-12-01 | 2012-06-05 | Sony Mobile Communications Ab | Secure digital certificate storing scheme for flash memory and electronic apparatus |
US7496727B1 (en) | 2005-12-06 | 2009-02-24 | Transmeta Corporation | Secure memory access system and method |
US8219829B2 (en) * | 2005-12-08 | 2012-07-10 | Intel Corporation | Scheme for securing locally generated data with authenticated write operations |
US20070162733A1 (en) * | 2006-01-06 | 2007-07-12 | Dell Products L.P. | Secure CMOS |
JP2007233725A (ja) * | 2006-03-01 | 2007-09-13 | Freescale Semiconductor Inc | 集積回路、ウェハ及び集積回路の製造方法 |
GB0604784D0 (en) * | 2006-03-09 | 2006-04-19 | Ttp Communications Ltd | Integrity protection |
US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
EP1845707A1 (en) * | 2006-04-10 | 2007-10-17 | Telsey S.p.A. | System and method for controlling conditional access by a decoder to multimedia information distributed over a communication network |
JP4288292B2 (ja) * | 2006-10-31 | 2009-07-01 | 株式会社エヌ・ティ・ティ・ドコモ | オペレーティングシステム監視設定情報生成装置及びオペレーティングシステム監視装置 |
US8539238B2 (en) * | 2007-05-09 | 2013-09-17 | Intel Corporation | Authenticated nonvolatile memory signing operations |
US8402536B2 (en) * | 2008-04-15 | 2013-03-19 | Nokia Corporation | Signature based authentication of the configuration of a configurable logic component |
US20100229069A1 (en) * | 2008-07-01 | 2010-09-09 | Takahiro Yamaguchi | Drive device, content reproduction device, recording device, data readout method, program, recording medium, and integrated circuit |
TWI361382B (en) * | 2008-07-30 | 2012-04-01 | Pegatron Corp | Electronic apparatus and update bios method thereof |
US8495354B2 (en) * | 2008-09-24 | 2013-07-23 | Hewlett-Packard Development Company, L.P. | Apparatus for determining during a power-on sequence, a value to be written to a first register in a secure area and the same value to a second register in non-secure area, which during a protected mode, the value is compared such that if it is equal, enabling writing to a memory |
US8768843B2 (en) | 2009-01-15 | 2014-07-01 | Igt | EGM authentication mechanism using multiple key pairs at the BIOS with PKI |
US8528046B2 (en) * | 2010-04-19 | 2013-09-03 | Dell Products, Lp | Selective management controller authenticated access control to host mapped resources |
US8589702B2 (en) * | 2010-05-28 | 2013-11-19 | Dell Products, Lp | System and method for pre-boot authentication of a secure client hosted virtualization in an information handling system |
US8909852B1 (en) * | 2011-12-30 | 2014-12-09 | Google Inc. | Disabling write protection on a serial peripheral interface chip |
US9367689B2 (en) * | 2013-11-13 | 2016-06-14 | Via Technologies, Inc. | Apparatus and method for securing BIOS in a trusted computing system |
US9767288B2 (en) | 2013-11-13 | 2017-09-19 | Via Technologies, Inc. | JTAG-based secure BIOS mechanism in a trusted computing system |
US9547767B2 (en) | 2013-11-13 | 2017-01-17 | Via Technologies, Inc. | Event-based apparatus and method for securing bios in a trusted computing system during execution |
US9798880B2 (en) | 2013-11-13 | 2017-10-24 | Via Technologies, Inc. | Fuse-enabled secure bios mechanism with override feature |
US9779242B2 (en) | 2013-11-13 | 2017-10-03 | Via Technologies, Inc. | Programmable secure bios mechanism in a trusted computing system |
US10049217B2 (en) | 2013-11-13 | 2018-08-14 | Via Technologies, Inc. | Event-based apparatus and method for securing bios in a trusted computing system during execution |
US10055588B2 (en) | 2013-11-13 | 2018-08-21 | Via Technologies, Inc. | Event-based apparatus and method for securing BIOS in a trusted computing system during execution |
US9183394B2 (en) | 2013-11-13 | 2015-11-10 | Via Technologies, Inc. | Secure BIOS tamper protection mechanism |
US10095868B2 (en) | 2013-11-13 | 2018-10-09 | Via Technologies, Inc. | Event-based apparatus and method for securing bios in a trusted computing system during execution |
US9507942B2 (en) | 2013-11-13 | 2016-11-29 | Via Technologies, Inc. | Secure BIOS mechanism in a trusted computing system |
US9779243B2 (en) | 2013-11-13 | 2017-10-03 | Via Technologies, Inc. | Fuse-enabled secure BIOS mechanism in a trusted computing system |
US9318221B2 (en) | 2014-04-03 | 2016-04-19 | Winbound Electronics Corporation | Memory device with secure test mode |
ES2683998T3 (es) * | 2014-05-15 | 2018-10-01 | Winbond Electronics Corp. | Dispositivo de memoria con modo de prueba segura |
CN104462965B (zh) * | 2014-11-14 | 2018-03-13 | 华为技术有限公司 | 应用程序完整性验证方法及网络设备 |
US20160314288A1 (en) * | 2015-04-22 | 2016-10-27 | Qualcomm Incorporated | Method and apparatus for write restricted storage |
US10116451B2 (en) * | 2016-11-11 | 2018-10-30 | Intel Corporation | File backups using a trusted storage region |
US10402273B2 (en) | 2016-12-14 | 2019-09-03 | Microsoft Technology Licensing, Llc | IoT device update failure recovery |
US10416991B2 (en) * | 2016-12-14 | 2019-09-17 | Microsoft Technology Licensing, Llc | Secure IoT device update |
US10715526B2 (en) | 2016-12-14 | 2020-07-14 | Microsoft Technology Licensing, Llc | Multiple cores with hierarchy of trust |
US10846162B2 (en) * | 2018-11-29 | 2020-11-24 | Oracle International Corporation | Secure forking of error telemetry data to independent processing units |
CN113094060A (zh) * | 2019-12-23 | 2021-07-09 | 瑞昱半导体股份有限公司 | 电子装置与软体更新方法 |
US11928205B1 (en) | 2022-03-01 | 2024-03-12 | CSP Inc. | Systems and methods for implementing cybersecurity using blockchain validation |
Family Cites Families (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4278837A (en) * | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
US4405829A (en) | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
US4590552A (en) * | 1982-06-30 | 1986-05-20 | Texas Instruments Incorporated | Security bit for designating the security status of information stored in a nonvolatile memory |
US4521852A (en) * | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Data processing device formed on a single semiconductor substrate having secure memory |
US5175840A (en) * | 1985-10-02 | 1992-12-29 | Hitachi, Ltd. | Microcomputer having a PROM including data security and test circuitry |
US5144659A (en) * | 1989-04-19 | 1992-09-01 | Richard P. Jones | Computer file protection system |
US5022077A (en) * | 1989-08-25 | 1991-06-04 | International Business Machines Corp. | Apparatus and method for preventing unauthorized access to BIOS in a personal computer system |
US5103444A (en) | 1990-04-12 | 1992-04-07 | At&T Bell Laboratories | Conference connection method in a multicast packet switching network |
US5050212A (en) | 1990-06-20 | 1991-09-17 | Apple Computer, Inc. | Method and apparatus for verifying the integrity of a file stored separately from a computer |
KR940004404B1 (ko) * | 1990-11-30 | 1994-05-25 | 삼성전자 주식회사 | 불휘발성 반도체 메모리장치 |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5454000A (en) | 1992-07-13 | 1995-09-26 | International Business Machines Corporation | Method and system for authenticating files |
US5287519A (en) | 1992-09-17 | 1994-02-15 | International Business Machines Corp. | LAN station personal computer system with controlled data access for normal and unauthorized users and method |
US5293424A (en) * | 1992-10-14 | 1994-03-08 | Bull Hn Information Systems Inc. | Secure memory card |
US5465299A (en) * | 1992-12-03 | 1995-11-07 | Hitachi, Ltd. | Electronic document processing system and method of forming digital signature |
FR2703800B1 (fr) * | 1993-04-06 | 1995-05-24 | Bull Cp8 | Procédé de signature d'un fichier informatique, et dispositif pour la mise en Óoeuvre. |
GB9307488D0 (en) * | 1993-04-08 | 1993-06-02 | Amp Holland | Optical fibre connector latching mechanism |
WO1994026083A1 (en) * | 1993-04-23 | 1994-11-10 | Irvine Sensors Corporation | Electronic module comprising a stack of ic chips |
JP3243331B2 (ja) * | 1993-05-14 | 2002-01-07 | 富士通株式会社 | ソフトウェア管理用階層媒体の作成方法,ソフトウェア管理用階層媒体の作成装置およびソフトウェア管理用階層媒体 |
US5444850A (en) | 1993-08-04 | 1995-08-22 | Trend Micro Devices Incorporated | Method and apparatus for controlling network and workstation access prior to workstation boot |
US5377264A (en) * | 1993-12-09 | 1994-12-27 | Pitney Bowes Inc. | Memory access protection circuit with encryption key |
US5442704A (en) * | 1994-01-14 | 1995-08-15 | Bull Nh Information Systems Inc. | Secure memory card with programmed controlled security access control |
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5999711A (en) | 1994-07-18 | 1999-12-07 | Microsoft Corporation | Method and system for providing certificates holding authentication and authorization information for users/machines |
US5623673A (en) * | 1994-07-25 | 1997-04-22 | Advanced Micro Devices, Inc. | System management mode and in-circuit emulation memory mapping and locking method |
US5881287A (en) * | 1994-08-12 | 1999-03-09 | Mast; Michael B. | Method and apparatus for copy protection of images in a computer system |
US5731629A (en) * | 1995-03-10 | 1998-03-24 | Data-Disk Technology, Inc. | Personal memory devices carried by an individual which can be read and written to |
US5713009A (en) | 1995-09-08 | 1998-01-27 | Digital Equipment Corporation | Method and apparatus for configuring a computer system |
US5657445A (en) * | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US5848231A (en) | 1996-02-12 | 1998-12-08 | Teitelbaum; Neil | System configuration contingent upon secure input |
JPH103745A (ja) * | 1996-06-12 | 1998-01-06 | Sony Corp | 記録媒体、デジタルコピー管理方法、再生装置、及び記録装置 |
US5729760A (en) * | 1996-06-21 | 1998-03-17 | Intel Corporation | System for providing first type access to register if processor in first mode and second type access to register if processor not in first mode |
US5844986A (en) | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5919257A (en) | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
US6009524A (en) * | 1997-08-29 | 1999-12-28 | Compact Computer Corp | Method for the secure remote flashing of a BIOS memory |
US6061794A (en) * | 1997-09-30 | 2000-05-09 | Compaq Computer Corp. | System and method for performing secure device communications in a peer-to-peer bus architecture |
US6189100B1 (en) * | 1998-06-30 | 2001-02-13 | Microsoft Corporation | Ensuring the integrity of remote boot client data |
-
1996
- 1996-02-09 US US08/598,803 patent/US5835594A/en not_active Expired - Lifetime
-
1997
- 1997-01-31 TW TW086101163A patent/TW401562B/zh not_active IP Right Cessation
- 1997-02-06 WO PCT/US1997/001965 patent/WO1997029569A1/en active IP Right Grant
- 1997-02-06 EP EP04014094A patent/EP1467513A3/en not_active Withdrawn
- 1997-02-06 EP EP97904266A patent/EP0879515B1/en not_active Expired - Lifetime
- 1997-02-06 AU AU18591/97A patent/AU1859197A/en not_active Abandoned
- 1997-02-06 DE DE69733123T patent/DE69733123T2/de not_active Expired - Lifetime
-
1998
- 1998-01-05 US US09/002,776 patent/US6249872B1/en not_active Expired - Lifetime
- 1998-07-08 US US09/111,542 patent/US6510521B1/en not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
US6510521B1 (en) | 2003-01-21 |
AU1859197A (en) | 1997-08-28 |
EP1467513A3 (en) | 2007-11-07 |
WO1997029569A1 (en) | 1997-08-14 |
DE69733123T2 (de) | 2006-01-12 |
EP1467513A2 (en) | 2004-10-13 |
US5835594A (en) | 1998-11-10 |
EP0879515A4 (en) | 2000-05-10 |
US6249872B1 (en) | 2001-06-19 |
EP0879515B1 (en) | 2005-04-27 |
EP0879515A1 (en) | 1998-11-25 |
DE69733123D1 (de) | 2005-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TW401562B (en) | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage | |
TWI245182B (en) | Method, chipset, system and recording medium for responding to a sleep attack | |
KR940001756B1 (ko) | 컴퓨터 데이타 및 소프트웨어의 보호를 위한 시스템과 방법 | |
CN101894224B (zh) | 保护客户端平台上的内容 | |
US5325430A (en) | Encryption apparatus for computer device | |
CN101454751B (zh) | 在点对点互连中执行安全环境初始化的装置与方法 | |
JPH0260009B2 (zh) | ||
TW480443B (en) | Virus resistant and hardware independent method of flashing system BIOS | |
US8332635B2 (en) | Updateable secure kernel extensions | |
KR101081118B1 (ko) | 보안되는 프로그램을 복원하는 컴퓨터 구현 방법, 정보 처리 시스템 및 컴퓨터 판독 가능한 기록 매체 | |
TW201535145A (zh) | 使用保護讀取儲存器安全地儲存韌體數據之系統及方法 | |
US20080301468A1 (en) | Cryptographic Secure Program Overlays | |
US20070234073A1 (en) | Random password automatically generated by bios for securing a data storage device | |
WO1996034334A1 (fr) | Dispositif pour l'execution d'un programme chiffre | |
KR100831441B1 (ko) | 신뢰 주변 장치 메커니즘 | |
WO2003085498A2 (en) | System and method for resetting a platform configuration register | |
US20120233671A1 (en) | System and method for selective protection of information elements | |
RU2353969C2 (ru) | Способ и устройство для привязки памяти компьютера к системной плате | |
KR20080071549A (ko) | 플래시 대량 저장 메모리를 구비한 보안적 장치들을 위한보안이 되면서도 적응성 있는 시스템 구조 | |
JPS5947646A (ja) | 計算機デ−タ処理装置および方法 | |
US20020169976A1 (en) | Enabling optional system features | |
JP2008546122A (ja) | トークン使用可能コンピュータシステムを評価するメカニズム | |
JP2007048008A (ja) | 外部記憶装置およびコンピュータおよびsbc制御方法 | |
TWI276971B (en) | Trusted input for mobile platform transactions | |
JPS59173847A (ja) | コンピユ−タソフトウエアの保護方法およびその装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GD4A | Issue of patent certificate for granted invention patent | ||
MM4A | Annulment or lapse of patent due to non-payment of fees |