Abstract: An information processing apparatus includes: a fingerprint information acquisition unit that acquires and holds fingerprint information of a finger operating a power button with a fingerprint sensor that is integrated with the power button to boot a system; and a processor that executes authentication processing by the system based on the fingerprint information acquired by the fingerprint authentication device. At the timing when authentication processing by the system is executed by the processor, the fingerprint information acquisition unit has a first mode that holds the fingerprint information and a second mode that does not hold the fingerprint information.

Abstract: An information processing apparatus includes a Basic Input Output System (BIOS) memory which stores a BIOS program, a management information memory which stores management information in which each BIOS function is associated with an expiration date of the BIOS function and a state of the BIOS function; and a processor. The processor executes a BIOS management process which, when a date acquired from a clock has passed the expiration date stored in the management information memory, disables the BIOS function corresponding to the expiration date and changes, to an invalid state, the state of the BIOS function corresponding to the disabled BIOS function in the management information.

Abstract: For validating computing device firmware, systems, apparatus, and methods are disclosed. The apparatus includes a processor, and a memory that stores code executable by the processor, the code including code that acquires a firmware manifest for locally stored firmware, authenticates a digital signature of the firmware manifest, and validates contents of the locally stored firmware using the firmware manifest. The apparatus may also include code that generates a local firmware manifest from the firmware, wherein validating the contents of the firmware includes comparing the local firmware manifest to the firmware manifest. In certain embodiments, the apparatus may indicate, to a user, one of success and failure of the firmware validation. The firmware manifest may be a location-specific firmware manifest corresponding to a geographical location of the apparatus and/or computing device including the locally stored firmware.

Abstract: For supervisor password access based on a key press of a hotkey, systems, apparatus, methods, and program products are disclosed. The apparatus may include a processor that monitors for a key press of a hotkey during a up process, that detects a supervisor password access attempt, that allows access to the supervisor password in response to hotkey being pressed during the boot up process, and that denies access to the supervisor password in response to hotkey not being pressed during the boot up process.

Abstract: For supervisor password access based on a key press of a hotkey, systems, apparatus, methods, and program products are disclosed. The apparatus may include a processor that monitors for a key press of a hotkey during a up process, that detects a supervisor password access attempt, that allows access to the supervisor password in response to hotkey being pressed during the boot up process, and that denies access to the supervisor password in response to hotkey not being pressed during the boot up process.

Abstract: A portable computer capable of protecting an encryption key that is sent out to a disk drive after a preboot process has ended is disclosed. The portable computer includes a disk drive for encrypting a volume as a whole, and for decoding data at the volume in response to a receipt of an encryption key from a system. The portable computer also includes a key transfer mechanism, a tamper detection mechanism and a protecting mechanism. In response to a boot process starting from a power-off state, the key transfer mechanism automatically sends the encryption key to the disk drive. The tamper detection mechanism detects a physical tampering of the disk drive. In response to a detection of a physical tampering by the tamper detection mechanism, the protecting mechanism prevents an operation of automatically sending the encryption key to the disk drive by the key transfer mechanism.

Abstract: A set of variables referred to by unified extensible firmware interface (UEFI) firmware is restored. The UEFI firmware stored in a read-only memory (ROM) is firstly executed after power-up. The UEFI firmware writes a variable set related to boot, into a variable area. As an operating system (OS) also writes a set of variables into the variable area, the boot-related variable set may be altered. The variable set is saved into a prescribed area, such as a universal serial bus (USB) memory key, when the computer boots normally. If alteration of the variable set in the reference area is detected during a boot of the computer, the variable set in the reference area is replaced with the saved variable set. The variable set alteration may be detected using a detection flag which is set immediately after a boot is started and reset immediately before an OS is loaded.

Abstract: For validating computing device firmware, systems, apparatus, and methods are disclosed. The apparatus includes a processor, and a memory that stores code executable by the processor, the code including code that acquires a firmware manifest for locally stored firmware, authenticates a digital signature of the firmware manifest, and validates contents of the locally stored firmware using the firmware manifest. The apparatus may also include code that generates a local firmware manifest from the firmware, wherein validating the contents of the firmware includes comparing the local firmware manifest to the firmware manifest. In certain embodiments, the apparatus may indicate, to a user, one of success and failure of the firmware validation. The firmware manifest may be a location-specific firmware manifest corresponding to a geographical location of the apparatus and/or computing device including the locally stored firmware.

Abstract: Provided is a method for temporarily skipping a secure boot function. A computer is configured so that a secure boot function is set as enabled by default. Depression of a power button of the computer in a power-off state generates a startup signal. At the time of startup from S4/S5 state, a switch is turned ON and PP bit indicating physical presence is set at a register. Depression of a specific key on a keyboard causes DE bit to be set at a register. When PP bit and DE bit are found, UEFI firmware stored in a firmware ROM temporarily skips integrity validation of a boot program only for boot this time.

Abstract: A portable computer capable of protecting an encryption key that is sent out to a disk drive after a preboot process has ended is disclosed. The portable computer includes a disk drive for encrypting a volume as a whole, and for decoding data at the volume in response to a receipt of an encryption key from a system. The portable computer also includes a key transfer mechanism, a tamper detection mechanism and a protecting mechanism. In response to a boot process starting from a power-off state, the key transfer mechanism automatically sends the encryption key to the disk drive. The tamper detection mechanism detects a physical tampering of the disk drive. In response to a detection of a physical tampering by the tamper detection mechanism, the protecting mechanism prevents an operation of automatically sending the encryption key to the disk drive by the key transfer mechanism.

Abstract: A set of variables referred to by unified extensible firmware interface (UEFI) firmware is restored. The UEFI firmware stored in a read-only memory (ROM) is firstly executed after power-up. The UEFI firmware writes a variable set related to boot, into a variable area. As an operating system (OS) also writes a set of variables into the variable area, the boot-related variable set may be altered. The variable set is saved into a prescribed area, such as a universal serial bus (USB) memory key, when the computer boots normally. If alteration of the variable set in the reference area is detected during a boot of the computer, the variable set in the reference area is replaced with the saved variable set. The variable set alteration may be detected using a detection flag which is set immediately after a boot is started and reset immediately before an OS is loaded.

Abstract: A method for protecting a password of a computer having a non-volatile memory is disclosed. A password is stored in a non-volatile memory of a computer. The computer is then transitioned to a power saving state. In response to a detection of an unauthorized access to the non-volatile memory during the power saving state transition, a password input is requested from a user. The computer returns to a power-on state from the power saving state when there is a success in authentication of the input password.

Abstract: A method for protecting a privilege level of a system management mode (SMM) of a computer system is disclosed. A SMM program is loaded into a special memory (SMRAM) area within a system memory of a computer. A first program, a second program, and a vector table are loaded into a general area of the system memory. Before the booting process of the computer has been completed, a reference hash value of the first program is determined by the SMM program, and the reference hash value is stored in the SMRAM area. A hash value of the first program is the computed by the SMM program. After the computer has been operating under an operating environment of an operating system, the computed hash value is compared to the reference hash value. When the computed hash value matches the reference hash value, the first program is called by the SMM program.

Abstract: A method for protecting a privilege level of a system management mode (SMM) of a computer system is disclosed. A SMM program is loaded into a special memory (SMRAM) area within a system memory of a computer. A first program, a second program, and a vector table are loaded into a general area of the system memory. Before the booting process of the computer has been completed, a reference hash value of the first program is determined by the SMM program, and the reference hash value is stored in the SMRAM area. A hash value of the first program is the computed by the SMM program. After the computer has been operating under an operating environment of an operating system, the computed hash value is compared to the reference hash value. When the computed hash value matches the reference hash value, the first program is called by the SMM program.

Abstract: Preventing malicious code from reading an authenticator and being falsely authenticated using the read authenticator. Authenticator accepting period detection means detects an authenticator accepting period during which inoperativeness of all unauthenticated programs is guaranteed. Program executing means transmits its authenticator only during the authenticator accepting period. After authentication means is authenticated as genuine, the authentication means computes a one-way function value of the authenticator received from the program executing means and compares the one-way function value X with a stored value Y for the program executing means. If X=Y, then the authentication means authenticates the program executing means.

Abstract: The present invention facilitates the operational management and usability of a portable computing device by providing an apparatus, method and program product to allow a user to select the operational and power state of a device operably connected with a computer and the power state of the computer prior to removing the computer from an apparatus such as a docking station.

Abstract: A first series of bits corresponds to compatibility information of firmware of a computer system. Each bit corresponds to an attribute of the firmware or the system, is equal to one when the attribute denotes a potential incompatibility factor as to the attribute, and is otherwise equal to zero. A second series of bits corresponds to a firmware image with which the firmware is to be upgraded. Each bit indicates whether the firmware image is compatible with the attribute of a corresponding first series bit, is equal to one where the firmware image is compatible with the attribute, and is otherwise equal to zero. A logical AND operation is performed on the first and the second series of bits. Where the result of the logical AND operation is equal to the first series of bits, the firmware is allowed to be upgraded with the image, and otherwise is disallowed.

Abstract: The present invention facilitates the operational management and usability of a portable computing device by providing an apparatus, method and program product to allow a user to select the operational and power state of a device operably connected with a computer and the power state of the computer prior to removing the computer from an apparatus such as a docking station.

Abstract: An expansion unit control method for use with an expansion control unit containing at least one device, includes allocating a predetermined input/output (I/O) resource, ensured not to be used in processing, to the at least one device as an I/O resource used for sending and receiving information, performing a predetermined process for the at least one device by sending and receiving information to and from the at least one device through the predetermined I/O resource, and deallocating the predetermined I/O resource allocated to the at least one device.

Abstract: Preventing malicious code from reading an authenticator and being falsely authenticated using the read authenticator. Authenticator accepting period detection means detects an authenticator accepting period during which inoperativeness of all unauthenticated programs is guaranteed. Program executing means transmits its authenticator only during the authenticator accepting period. After authentication means is authenticated as genuine, the authentication means computes a one-way function value of the authenticator received from the program executing means and compares the one-way function value X with a stored value Y for the program executing means. If X=Y, then the authentication means authenticates the program executing means.