4. Electrical computers and digital processing systems: support
  5. Multiple computer communication using cryptography
  6. Particular node for directing data and applying cryptography

Integrated circuit for security and manageability

Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular node for directing data and applying cryptography

Reexamination Certificate

Rate now
  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C713S164000, C713S168000, C713S152000, C713S152000

Reexamination Certificate

active

06823451

ABSTRACT:

BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates generally to computing systems, and, more particularly, to an apparatus for increasing security and manageability.
2. Description of the Related Art
FIG. 1A
illustrates an exemplary computer system
100
. The computer system
100
includes a processor
102
, a north bridge
104
, memory
106
, Advanced Graphics Port (AGP) memory
108
, a Peripheral Component Interconnect (PCI) bus
110
, a south bridge
112
, a battery, an AT Attachment (ATA) interface
114
(more commonly known as an Integrated Drive Electronics (IDE) interface), a universal serial bus (USB) interface
116
, a Low Pin Count (LPC) bus
118
, an input/output controller chip (SuperI/O™)
120
, and BIOS memory
122
. It is noted that the north bridge
104
and the south bridge
112
may include only a single chip or a plurality of chips, leading to the collective term “chipset.” It is also noted that other buses, devices, and/or subsystems may be included in the computer system
100
as desired, e.g. caches, modems, parallel or serial interfaces, SCSI interfaces, network interface cards, etc. [“SuperI/O” is a trademark of National Semiconductor Corporation of Santa Clara, Calif.]
The processor
102
is coupled to the north bridge
104
. The north bridge
104
provides an interface between the processor
102
, the memory
106
, the AGP memory
108
, and the PCI bus
110
. The south bridge
112
provides an interface between the PCI bus
110
and the peripherals, devices, and subsystems coupled to the IDE interface
114
, the USB interface
116
, and the LPC bus
118
. The battery
113
is shown coupled to the south bridge
112
. The Super I/O™ chip
120
is coupled to the LPC bus
118
.
The north bridge
104
provides communications access between and/or among the processor
102
, memory
106
, the AGP memory
108
, devices coupled to the PCI bus
10
, and devices and subsystems coupled to the south bridge
112
. Typically, removable peripheral devices are inserted into PCI “slots” (not shown) that connect to the PCI bus
110
to couple to the computer system
100
. Alternatively, devices located on a motherboard may be directly connected to the PCI bus
110
.
The south bridge
112
provides an interface between the PCI bus
110
and various devices and subsystems, such as a modem, a printer, keyboard, mouse, etc., which are generally coupled to the computer system
100
through the LPC bus
118
(or its predecessors, such as an X-bus or an ISA bus). The south bridge
112
includes the logic used to interface the devices to the rest of computer system
100
through the IDE interface
114
, the USB interface
116
, and the LPC bus
118
.
FIG. 1B
illustrates certain aspects of the prior art south bridge
112
, including those provided reserve power by the battery
113
, so-called “being inside the RTC battery well”
125
. The south bridge
112
includes south bridge (SB) RAM
126
and a clock circuit
128
, both inside the RTC battery well
125
. The SB RAM
126
includes CMOS RAM
126
A and RTC RAM
126
B. The RTC RAM
126
B includes clock data
129
and checksum data
127
. The south bridge
112
also includes, outside the RTC battery well
125
, a CPU interface
132
, power and system management units
133
, PCI bus interface logic
134
A, USB interface logic
134
C, IDE interface logic
134
B, and LPC bus interface logic
134
D.
Time and date data from the clock circuit
128
are stored as the clock data
129
in the RTC RAM
126
B. The checksum data
127
in the RTC RAM
126
B may be calculated based on the CMOS RAM
126
A data and stored by BIOS during the boot process, such as is described below, e.g. block
148
, with respect to FIG.
2
A. The CPU interface
132
may include interrupt signal controllers and processor signal controllers. The power and system management units
133
may include an ACPI (Advanced Configuration and Power Interface) controller.
From a hardware point of view, an x86 operating environment provides little for protecting user privacy, providing security for corporate secrets and assets, or protecting the ownership rights of content providers. All of these goals, privacy, security, and ownership (collectively, PSO) are becoming critical in an age of Internet-connected computers. The original personal computers were not designed in anticipation of PSO needs.
From a software point of view, the x86 operating environment is equally poor for PSO. The ease of direct access to the hardware through software or simply by opening the cover of the personal computer allows an intruder or thief to compromise most security software and devices. The personal computer's exemplary ease of use only adds to the problems for PSO.
SUMMARY OF THE INVENTION
In one aspect of the present invention, a device is disclosed. The device includes a port, one or more secured assets; and security hardware. The port is configured to receive at least one operating mode signal. The at least one operating mode signal is indicative of a first operating mode. The security hardware is coupled to receive the at least one operating mode signal. The security hardware is further coupled to control access to the secured assets dependant upon the at least one operating mode signal.
In various embodiments of the device, the one or more secured assets may be a random number generator, a secure management register, a monotonic counter, and/or a secure memory. The first operating mode may be system management mode. In various embodiments, the security hardware may include an initiation register coupled to receive a request to change to the first operating mode and control logic coupled to the initiation register. The control logic is configured to assert a control signal indicative of the request to change to the first operating mode. The control signal initiates the change to the first operating mode. The control signal indicative of the request to change to the first operating mode may be a system management interrupt.
In another aspect of the present invention, another device is disclosed. This device includes first bus interface logic for coupling to a first external bus, a port, one or more secured assets, and security hardware coupled to control the one or more secured assets. The port is configured to receive at least one operating mode signal, indicative of a first operating mode. The one or more secured assets are coupled to the first bus interface logic. The security hardware includes an initiation register, control logic coupled to the initiation register, a kick-out timer coupled to receive the at least one operating mode signal, a re-initiation timer, and access filters. The initiation register is coupled to receive a request to change to the first operating mode. The control logic is configured to assert a control signal indicative of the request to change to the first operating mode. The control signal initiates the change to the first operating mode. The kick-out timer is coupled to receive the at least one operating mode signal. The kick-out timer is configured to output a signal indicating when the at least one operating mode signal is continuously active for at least a predetermined period. The re-initiation timer is coupled to receive the signal indicating when the at least one operating mode signal is active for a predetermined period. The re-initiation timer is configured to output a signal indicating that another predetermined period of time has elapsed since the kick-out timer output the signal indicating when the at least one operating mode signal is continuously active for at least the predetermined period of time. The access filters are coupled to receive an indication when the at least one operating mode signal is active. The access filters are configured to provide access requests to each of the one or more secured assets when the at least one operating mode signal is active. The access filters are further configured to provide a predetermined response in lieu of data when the at least one operating mode signal i

Gulick Dale E.

Inventor

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Strongin Geoffrey S.

Inventor

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Peeso Thomas R.

Examiner

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Williams Morgan & Amerson

Law Firm

  [ 0.00 ] – not rated yet Voters 0   Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Integrated circuit for security and manageability does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Integrated circuit for security and manageability, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Integrated circuit for security and manageability will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3308592

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

 Charities
 Companies
 MP Candidates
 Patents
 Employee Salary Disclosure

World

 Places of the World
 Scientific Papers

United States

 Banks
 Companies
 Counties
 Patents
 Employee Salary Disclosure