Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract: A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.

Abstract: A computer system and method of operation in which a second input device which requires a second authenticating input in order to enable recognition of an authenticating input from a conventional keyboard is selectively interposed between the keyboard and a security element associated with the system motherboard.

Abstract: Enhanced security in controlling access to data files stored in a read/write storage device is achieved in that the storage device may be specifically linked to a specific computer system, and linked in such a way that access will be granted only when a series of exchanges exemplary of that linkage occurs. Access to data stored in a read/write storage device is to be granted only when the device is associated with a specific computer system and further only when appropriate password entry is verified by the storage device. Trusted Computing Platform capabilities of the system are used in implementing the enhancement of security.

Abstract: Enhanced security in controlling access to data files stored in a read/write storage device is achieved in that the storage device may be specifically linked to a specific computer system, and linked in such a way that access will be granted only when a series of exchanges exemplary of that linkage occurs. Access to data stored in a read/write storage device is to be granted only when the device is associated with a specific computer system and further only when appropriate password entry is verified by the storage device.

Abstract: A method, system and computer program product for implementing a fault tolerant sleep mode of operation. The system state information may be stored in a volatile memory and in a non-volatile storage unit prior to entering the sleep mode of operation. If a memory corruption event, e.g., power outage, brownout, power surge, occurs during the sleep mode of operation, then, upon receiving an invocation to resume to a normal mode of operation, the system state information stored in the non-volatile storage unit may be reloaded into the volatile memory. By reloading the system state information stored in the non-volatile storage into the volatile memory, the computer system may resume to a normal mode of operation from a sleep mode of operation without any corruption or loss of data.

Abstract: A tamper detection mechanism for a personal computer (PC) and a method of use thereof is disclosed. Accordingly, a first aspect of the present invention comprises a tamper detection mechanism. The tamper detection mechanism comprises a first Root-of Trust Measurement (RTM) module which is coupled to and fixed within the PC, a second RTM module being removably attached to the PC and a diagnostic program for comparing a copy of the first RTM module with a copy of the second RTM module to determine whether the first RTM module is valid. A second aspect of the present invention comprises a method of provided tamper detection for a PC. The method comprises providing a first RTM module, providing a second RTM module and utilizing a diagnostic program to compare a copy of the first RTM module with the a copy of the second module to determine whether the first RTM module is valid.

Abstract: An embedded security subsystem, and method for implementing the same, which provide secure controllability of a data security device within a data processing system. The embedded security subsystem of the present invention includes a persistent enable flag for providing control access to the data security device, wherein the persistent enable flag is accessible only in response to a power-on reset cycle of the data processing system. The persistent enable flag is read-only accessible to runtime program instructions. A pending state change flag that is write accessible by runtime program instructions is utilized for setting an intended next state of the persistent enable flag such that control access to the data security device is enabled only during a subsequent power-on reset of said data processing system.

Abstract: A method and system for managing cryptology keys in a TCPA subsystem such as a Trusted Platform Module (TPM). The TPM encrypts/decrypts data being communicated with a processing system. Internal to the TPM is limited memory for storing cryptology private keys used in the encryption/decryption. Under the TCPA specification, the keys are hierarchical, such that a parent key must be in the TPM to load into the TPM the requested child cryptology private key. Thus there is an expense associated with replacing an existing key. This expense is determined by the probability that the evicted key will be needed and thus re-stored in the future and the likelihood that ancestor keys will have to be loaded into the TPM in order to load the requested child key. The present invention presents a method for determining this expense, in order to determine which key should be evicted.

Abstract: An apparatus and method for exclusively binding data to a data processing system. The logical binding apparatus of the present invention includes a detachable circuit device mounted within a system planar. Data to be bound within the system planar is stored in a memory device within the detachable circuit device. A battery signal is applied from the system planar to a binding pin on the detachable circuit device, wherein the binding pin is applied to the input of a binding latch. The binding latch remains in a reset state while the battery signal is applied. Upon removal of said binding signal from the binding pin, the binding latch is set thus signaling a processing unit within the detachable circuit device to remove the data from the memory device.

Abstract: A method, system and computer program product for securing decrypted files in a shared environment. A filter driver in a kernel space may be configured to control service requests to encrypted files stored in a shared area, e.g., a shared directory on a disk unit, accessible by multiple users. The filter driver may receive a service request to open an encrypted document in the shared area issued from an authorized user. Upon receiving the encrypted data, the filter driver may decrypt the encrypted data. The filter driver may subsequently store the decrypted data in a file in a non-shared area, e.g., a non-shared directory. The non-shared area may be accessible only by the authorized user that requested access to the encrypted file. By storing the decrypted data in a file in the non-shared area, a file once decrypted may be protected in a file sharing environment.

Abstract: A method and system for control of key pair usage in a computer system is disclosed. The method and system comprise creating key pair material for utilization with an embedded security chip of the computer system. The key pair material includes tag data. The method and system further includes determining whether the key pair material is bound to the embedded security chip based on the tag data.

Abstract: A method and system for binding a device to a planar is disclosed. According to the preferred embodiment of the method and system of the present invention, a programmable memory chip is provided on the planar and the device is detachably attached to the planar. The method and system further includes using the programmable memory chip to bind the device to the planar.

Abstract: When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.

Abstract: An SMI (System Management Interrupt) generation capability is added to the cryptographic verification operation utilized to verify an update of a system management utility, such as the BIOS update utility. With the addition of an SMI upon completion of a signature verification command, the SMI handler issues a signature verification request to a trusted platform module (TPM) and returns control to the controlling application with a status code indicating it should begin polling the SMI handler for status. Upon completion of the verification operation, the TPM issues the SMI. The SMI handler then queries the TPM for status. The SMI handler then updates its internal status and permits access to the requested resource assuming the verification is successful. Upon the next poll from the application, the SMI handler returns the status to the calling application, which would either continue or abort with the update operation.

Abstract: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.

Abstract: A personal computer furnishes a secure path for a security chip of the personal computer for entry of a personal identification number code (PIN). The path is not sniffable or surreptitiously detectable by software. The security chip is removably mounted on a daughter card rather than hardwired to the motherboard of the personal computer. With proper authorization, an interposer may be inserted between the daughtercard and the motherboard. When the PIN becomes necessary, it need not be entered through a keyboard and transmitted to the daughtercard over a bus where it is capable of surreptitious detection or interception. The PIN is instead entered directly from a keypad into the daughtercard.