Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract: A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.

Abstract: A system and method for access control of a hardfile responsive to a computer system having an operating system is disclosed. The method includes detecting a special boot condition during a pre-boot test of the computer system; and altering, in response to the special boot condition, an operating system access configuration of the hardfile. The system includes a computer system that adjusts an operating system access to a hardfile based upon various boot conditions.

Abstract: During power up initialization, security data such as passwords and other sensitive data which are stored in a lockable memory device are read and copied to protected system management interrupt (SMI) memory space, subject to verification by code running in the SMI memory space that the call to write the security data originates with a trusted entity. Once copied to SMI memory space, the security data is erased from regular system memory and the lockable storage device is hard locked (requiring a reset to unlock) against direct access prior to starting the operating system. The copy of the security data within the SMI memory space is invisible to the operating system. However, the operating system may initiate a call to code running in the SMI memory space to check a password entered by the user, with the SMI code returning a “match” or “no match” indication. The security data may thus be employed after the lockable memory device is hard locked and the operating system is started.

Abstract: A method for providing security in password-based access to computer networks, the network including a server and a remote user, includes: signing a phrase by a security chip of the server using an encryption key; associating the signed phrase with the remote user; signing the phrase with an encryption key obtained by the security chip when a request for access to the computer network is received from the remote user; comparing the phrase signed with the obtained encryption key with the signed phrase associated with the remote user; and granting access to the remote user if the phrase signed with the obtained encryption key is the same as the stored signed phrase associated with the remote user. The use of the encryption key protects against “dictionary attacks”. Use of the security chip protects against offline attacks. These provide greater security for the computer network.

Abstract: A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.

Abstract: A method is disclosed for securely updating system attributes of a client computer with a BIOS and includes signing a public key of a secure server with a private key of the BIOS prior to completion of manufacturing of the client computer to create an encrypted public key and embedded private key stored at the server. The method includes receiving at the server a request packet transmitted from the client computer requesting system attribute modification, encrypting the request packet to create an encrypted packet, and transmitting a return packet to client computer comprising the encrypted packet, the server's public key, and server instructions. The client computer decrypts the request packet using the server's public key and compares it to the original request packet, and if identical, executes the server instructions to modify the client computer's boot block to update client computer's system attributes.

Abstract: An apparatus, system, and method are disclosed for securing I/O communications between a blade and peripheral interface device. The apparatus includes a determination module, a source security module, and a source communication module. The determination module identifies I/O data configured for transmission to a destination module configured to receive secure I/O data. The source security module encrypts the I/O data to generate secured I/O data such that subsequent decryption of the secured I/O data is restricted to a destination module. The source communication module transmits the secured I/O data over a vulnerable communication link to the destination module. The vulnerable communication link comprises a message intercept vulnerability. The destination module is configured to unencrypt the secure I/O data for a destination device such as a display device.

Abstract: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method and system of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from one of the computers in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. Further, the sleeping computer compares a transit value in the incoming packet to a predetermined value stored at the sleeping computer. The transit value indicates how far the data packet has traveled through the network, indicating the approximate origin of the data packet. Knowing the approximate origin of the data packet allows the client system to identify if the data packet originated from an external network.

Abstract: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.

Abstract: When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.

Abstract: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from an administration system in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. If the incoming packet matches the particular data sequence associated with the sleeping computer, the sleeping computer transmits a reply message to the administration system. Upon receiving the reply, the administration system modifies the reply message in a predetermined manner and transmits the modified reply to the sleeping computer.

Abstract: A method, system and computer readable medium containing programming instructions for booting a computer system having a plurality of devices is disclosed. They include provisions for initiating a boot sequence in the computer system and determining whether a device of the plurality of devices is either a bootable device or a nonbootable device. If the device is a nonbootable device, a clean restart of the boot sequence is performed, wherein the nonbootable device is bypassed during the clean restart.

Abstract: A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract: A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised.

Abstract: Authentication of an entity remotely managing a data processing system is enabled to allow changes by the remote entity to hard-locked critical security information normally accessible only during the POST and only to trusted entities such as the system BIOS. The remote entity builds a change request and generates a hash from the change request with a current password appended. The change request and the hash are stored in a lockable non-volatile buffer which, once locked, requires a system reset to access. During the next POST, a trusted entity such as the system BIOS reads the change request, generates an authentication hash from the change request and the current password within the hard-locked security information, and compares the buffered hash with the generated hash. If a match is determined, the security information is updated; otherwise a tamper error is reported.

Abstract: A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.

Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.