Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
2001-05-11
2004-12-14
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S168000, C713S152000, C713S152000
Reexamination Certificate
active
06832317
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates generally to computing systems, and, more particularly, to a method and apparatus for personal computer component, subsystem and system security using components that authenticate to a master.
2. Description of the Related Art
FIG. 1A
illustrates an exemplary computer system
100
. The computer system
100
includes a processor
102
, a north bridge
104
, memory
106
, Advanced Graphics Port (AGP) memory
108
, a Peripheral Component Interconnect (PCI) bus
110
, a south bridge
112
, a battery, an AT Attachment (ATA) interface
114
(more commonly known as an Integrated Drive Electronics (IDE) interface), a universal serial bus (USB) interface
116
, a Low Pin Count (LPC) bus
118
, an input/output controller chip (SuperI/O™)
120
, and BIOS memory
122
. It is noted that the north bridge
104
and the south bridge
112
may include only a single chip or a plurality of chips, leading to the collective term “chipset” It is also noted that other buses, devices, and/or subsystems may be included in the computer system
100
as desired, e.g. caches, modems, parallel or serial interfaces, SCSI interfaces, network interface cards, etc. [“SuperI/O” is a trademark of National Semiconductor Corporation of Santa Clara, Calif.]
The processor
102
is coupled to the north bridge
104
. The north bridge
104
provides an interface between the processor
102
, the memory
106
, the AGP memory
108
, and the PCI bus
110
. The south bridge
112
provides an interface between the PCI bus
110
and the peripherals, devices, and subsystems coupled to the IDE interface
114
, the USB interface
116
, and the LPC bus
118
. The battery
113
is shown coupled to the south bridge
112
. The Super I/O™ chip
120
is coupled to the LPC bus
118
.,
The north bridge
104
provides communications access between and/or among the processor
102
, memory
106
, the AGP memory
108
, devices coupled to the PCI bus
110
, and devices and subsystems coupled to the south bridge
112
. Typically, removable peripheral devices are inserted into PCI “slots” (not shown) that connect to the PCI bus
110
to couple to the computer system
100
. Alternatively, devices located on a motherboard may be directly connected to the PCI bus
110
.
The south bridge
112
provides an interface between the PCI bus
110
and various devices and subsystems, such as a modem, a printer, keyboard, mouse, etc., which are generally coupled to the computer system
100
through the LPC bus
118
(or its predecessors, such as an X-bus or an ISA bus). The south bridge
112
includes the logic used to interface the devices to the rest of computer system
100
through the IDE interface
114
, the USB interface
116
, and the LPC bus
118
.
FIG. 1B
illustrates certain aspects of the prior art south bridge
112
, including those provided reserve power by the battery
113
, so-called “being inside the RTC battery well”
125
. The south bridge
112
includes south bridge (SB) RAM
126
and a clock circuit
128
, both inside the RTC battery well
125
. The SB RAM
126
includes CMOS RAM
126
A and RTC RAM
126
B. The RTC RAM
126
B includes clock data
129
and checksum data
127
. The south bridge
112
also includes, outside the RTC battery well
125
, a CPU interface
132
, power and system management units
133
, PCI bus interface logic
134
A, USB interface logic
134
C, IDE interface logic
134
B, and LPC bus interface logic
134
D.
Time and date data from the clock circuit
128
are stored as the clock data
129
in the RTC RAM
126
B. The checksum data
127
in the RTC RAM
126
B may be calculated based on the CMOS RAM
126
A data and stored by BIOS during the boot process, such as is described below, e.g. block
148
, with respect to FIG.
2
A. The CPU interface
132
may include interrupt signal controllers and processor signal controllers. The power and system management units
133
may include an ACPI (Advanced Configuration and Power Interface) controller.
From a hardware point of view, an x86 operating environment provides little for protecting user privacy, providing security for corporate secrets and assets, or protecting the ownership rights of content providers. All of these goals, privacy, security, and ownership (collectively, PSO) are becoming critical in an age of Internet-connected computers. The original personal computers were not designed in anticipation of PSO needs.
From a software point of view, the x86 operating environment is equally poor for PSO. The ease of direct access to the hardware through software or simply by opening the cover of the personal computer allows an intruder or thief to compromise most security software and devices. The personal computer's exemplary ease of use only adds to the problems for PSO.
SUMMARY OF THE INVENTION
In one aspect of the present invention, a device for use in a personal computer system is presented. The device includes a storage location for storing a GUID. The device is configured to provide the GUID to a master in the computer system during a trusted setup. The device is further configured to provide at least an indication of the GUID during a data transaction.
According to another aspect of the present invention, a device for use in a personal computer system is presented. The device includes one or more storage locations for storing one or more of the group consisting of a GUID, a secret, and a system GUID. The device is configured to perform, during a trusted setup, at least one or more from the group consisting of providing the GUID to a master in the computer system, receiving and storing the secret, and receiving and storing the system GUID. The device is further configured to provide at least an indication of one or more of the group consisting of the GUID, the secret, and the system GUID during a data transaction.
According to still another aspect of the present invention, a computer system is presented. The computer system includes a master device and a device comprising a storage location for storing a GUID. The device is configured to provide the GUID to the master device during a trusted setup. The device is further configured to provide at least an indication of the GUID during a data transaction.
In another aspect of the present invention, a method is presented. The method includes providing a GUID and receiving a request for a data transaction. The method also includes transmitting data in the data transaction and at least an indication of the GUID in the data transmitting and authenticating the data using at least the indication of the GUID in the data transaction.
In still another aspect of the present invention, a method is presented. The method includes providing a GUID to a master device during a trusted setup and setting an introduced bit during the trusted setup. The method also includes receiving a data transaction request and refusing the data transaction request once the introduced bit is set unless at least and indication of the GUID is provided in the data transaction request.
REFERENCES:
patent: 6694336 (2004-02-01), Multer et al.
patent: 6694378 (2004-02-01), Lortz
patent: 6697944 (2004-02-01), Jones et al.
Intel, “Low Pin Count (LPC) Interface Specification Revision 1.0,” pp. 1-31 (Sep. 29, 1997).
Standard Microsystems Corporation, “100 Pin Enhanced Super I/O for LPC Bus with SMBus Controller for Commercial Application,” Part No. LPC47B37x, pp. 1-254 (Jun. 17, 1999).
FIPS Pub 140-1 Federal Information Processing Standards Publication, “Security Requirements for Cryptographic Modules” (Jan. 11, 1994).
Intel, “Communication and Networking Riser Specification,” Revision 1.0 (Feb. 7, 2000).
“Handbook of Applied Cryptography” CRC Press 1997 pp. 154-157, 160-161, 191-198, 203-212.
Gulick Dale E.
Strongin Geoffrey S.
Advanced Micro Devices , Inc.
Peeso Thomas R.
Williams Morgan & Amerson
LandOfFree
Personal computer security mechanism does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Personal computer security mechanism, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Personal computer security mechanism will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3313939