United States Patent [19J
`Angelo
`
`[54] SECURE METHOD FOR ENABLING/
`DISABLING POWER TO A COMPUTER
`SYSTEM FOLLOWING TWO-PIECE USER
`VERIFICATION
`
`[75]
`
`Inventor: Michael F. Angelo, Houston, Tex.
`
`[73] Assignee: Compaq Computer Corporation,
`Houston, Tex.
`
`[ *] Notice:
`
`This patent is subject to a terminal dis(cid:173)
`claimer.
`
`[21] Appl. No.: 08/766,720
`
`[22] Filed:
`
`Dec. 13, 1996
`
`[51]
`[52]
`
`[58]
`
`[56]
`
`Int. Cl.6
`................................. H04L 9/00; H04L 9/08
`U.S. Cl. ................................... 380/25; 380/4; 380/21;
`380/23; 380/49; 380/50; 340/825.31; 340/825.34;
`235/380; 395/186; 395/187.01; 395/188.01
`Field of Search .................................... 380/23, 25, 4,
`380/24, 49, 50, 21, 9; 395/186, 187.01,
`188.01; 340/825.31, 825.34; 235/379, 380
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,405,829
`4,799,258
`4,890,323
`4,969,188
`5,276,737
`5,315,658
`5,375,243
`5,377,269
`5,432,851
`5,485,519
`5,511,122
`5,537,540
`5,590,199
`5,666,415
`
`9 /1983 Rivest et al. .
`1/1989 Davies .
`12/1989 Beker et al. .
`11/1990 Schobi .. ... ... ... .... ... ... ... ... ... .... ... . 380/23
`1/1994 Micali .
`5/1994 Micali .
`12/1994 Parzych et al. .
`12/1994 Heptig et al. .. ... ... ... ... .... ... ... ... .. 380/25
`7 /1995 Scheidt et al. . ... ... ... ... .... ... ... ... .. 380/25
`1/1996 Weiss ........................................ 380/23
`4/1996 Atkinson .
`7 /1996 Miller et al. .
`12/1996 Krawjewski et al. .
`9/1997 Kaufman ................................... 380/23
`
`I lllll llllllll Ill lllll lllll lllll lllll lllll 111111111111111111111111111111111
`US005960084A
`[11] Patent Number:
`[45] Date of Patent:
`
`5,960,084
`*Sep.28,1999
`
`OTHER PUBLICATIONS
`
`Applied Cryptography, Second Edition, pp. 1-74, 1996.
`Electronic Design, Products Newsletter, p. 167, Nov. 1996.
`Dallas Semiconductor, 64Kbit Touch Memory, DS1996,
`1995.
`Dallas Semiconductor, Touch Memory Starter Kit,
`DS9092K, 1995.
`Dallas Semiconductor, Touch COM Port Adapter, DS9097/
`DS9097E, 1995.
`Dallas Semiconductor, Touch Multikey, DS1991, 1995.
`
`Primary Examiner-Bernarr E. Gregory
`Attorney, Agent, or Firm-Akin, Gump, Strauss, Hauer &
`Feld
`
`[57]
`
`ABSTRACT
`
`A method for enabling power to all or portions of a computer
`system based upon the results of a two-piece user verifica(cid:173)
`tion process that is completed as part of a secure power-up
`procedure. At some point during the secure power-up
`procedure, the computer user provides an external token or
`smart card that is coupled to the computer through special(cid:173)
`ized hardware. The token or smart card is used to store an
`encryption algorithm furnished with an encryption key that
`is unique or of limited production. The computer user is then
`required to enter a plain text user password. Once entered,
`the user password is encrypted using the encryption algo(cid:173)
`rithm contained in the external token to create a system
`password. The system password is compared to a value
`stored in secure memory. If the two values match, the
`power-on sequence is completed and power to the computer
`system and/or secured computer resources is enabled. If the
`two values do not match, power to the entire computer
`system and/or secured computer resources is disabled. The
`two-piece nature of the authorization process requires the
`presence of both the user password and the external token in
`order to generate the system password.
`
`18 Claims, 4 Drawing Sheets
`
`.------..1165
`
`114
`
`VIDEO
`CONTROLLER
`
`HOST AOOR
`PA116 .. 3J
`
`64·BIT HOST DATA
`PD(0 .. 631
`116
`
`102 106
`.----~......... HOST ADDR
`
`Voc1 Voc2
`
`~~~i
`
`IDE
`ISA BUS
`
`159
`
`TOKEN
`
`IPR2017-00430
`UNIFIED EX1014
`
`

`
`s~
`--~
`- - - - - -
`- - -
`:
`104
`CACHE CTRL
`
`,-100
`---------L-----------
`..1==:;i
`CPU/MEMORY
`I 114
`64-BIT MEMORY DATA
`HB
`MD(0 .. 63)
`118
`
`DRAM's
`
`I
`
`DATA
`BUFFERS
`
`J
`
`RAS#, CAS#
`
`120
`
`:
`
`:
`I
`~
`I
`1
`1
`
`HOST ADDR
`PA(16 .. 3)
`64-BIT HOST DATA
`PD(0 .. 63)
`)
`116
`*
`102
`MICRO·
`PROCESSOR
`
`MEM ADDA, MEMWEI
`1
`
`106
`CACHE &
`HOST ADDR
`PA(31..31
`MEMORY
`108
`t4--....i.---e~ CONTROLLER
`I
`1
`I
`110
`HOST CTRL/STATUS
`- - - - - - - - - - - - - - - - ____________ J
`130
`IDE
`PCI BUS
`
`I
`
`j../165
`
`VIDEO MEMORY
`
`17~
`
`MONITOR
`
`VIDEO
`CONTROLLER
`
`·---:.r--- I
`
`BUS GRANT
`DEASSERT
`LOGIC
`
`NETWORK
`INTERFACE
`CONTROLLER
`
`128
`
`122
`124
`
`WRITE
`PROTECT
`LOGIC
`
`.......____. 124
`
`I PARALLEL PORT t-132
`CONN
`Xl
`t
`
`X-BUS
`
`__ _.,
`
`PCI·
`ISA
`BRIDGE
`
`ISA BUS
`
`I~
`ISA BUS (ISA ADDR/DATA/CTRLI
`
`POWER Lr 180
`SUPPLY
`
`I
`
`ISA CONN
`
`PCI BUS (PCI AID & CTRLI J
`
`PCI CONN
`
`142
`
`P
`
`ISA CONN
`
`PCI CONN
`
`134
`
`134
`
`FIG. 1
`
`FLOPPY CONTROLLER
`RTC/CMOS
`UARTS
`KEYBOARD CONTROLLER
`
`KYBD MOUSE
`CONN
`CONN
`
`160
`
`138
`136
`0 ===0=
`180 158
`I
`
`159
`
`164
`
`154
`
`f 8M-
`
`ADAPTER
`
`184
`
`TOKEN
`
`-- rl
`?'1
`186 188
`
`d •
`\JJ.
`•
`~
`~ ......
`~ = ......
`
`'Jl
`~ '?
`N
`~CIO
`'"""'
`\C
`\C
`\C
`
`'Jl =(cid:173)~
`~ .....
`'"""' 0 .....,
`
`.i;;..
`
`Ul
`....
`\C
`
`0--, =
`.... = 00
`
`~
`
`

`
`U.S. Patent
`
`Sep.28,1999
`
`Sheet 2 of 4
`
`5,960,084
`
`200
`
`202
`
`POWER ON
`
`BEGIN EXECUTION
`OF BIOS
`
`POST
`
`204
`
`206
`
`BEGIN SECURE
`POWER-UP
`PROCEDURE
`
`N
`
`DISPLAY MESSAGE
`REQUESTING TOKEN
`
`210
`
`212
`
`214
`
`PROMPT USER FOR
`POWER-ON PASSWORD
`
`ENCRYPT PASSWORD
`USING ENCRYPTION
`ALGORITHM IN TOKEN
`
`FIG. 2A
`
`

`
`U.S. Patent
`
`Sep.28,1999
`
`Sheet 3 of 4
`
`5,960,084
`
`_____ ,,.-218
`>N---3..c DISABLE POWER
`SUPPLY
`
`N
`
`224
`
`CLEAR ATTEMPT
`COUNTER
`
`PROMPT USER FOR
`PERIPHERAL PASSWORD
`
`INCREMENT
`COUNTER
`
`ENCRYPT PERIPHERAL
`PASSWORD USING
`ENCRYPTION ALGORITHM
`IN TOKEN
`
`DOWNLOAD ENCRYPTED
`PASSWORD TO PERIPHERAL
`
`FIG. 28
`
`238
`SEND ERROR
`MESSAGE
`
`240
`
`CONTINUE SECURE
`POWER-UP PROCEDURE
`
`

`
`p
`
`PCIBUS
`
`~
`
`130
`
`PCl-ISA
`BRIDGE
`
`;111
`I
`:-INT-ERRUPT -
`1 CONTROLLER{
`1 POWER SUPPLY
`CONTROL
`I
`
`ISA BUS
`
`I
`
`SHUTDOWN1
`
`SHUTDOWN2
`
`POWER
`SUPPLY
`
`POWERGOOD
`
`FIG. 3
`
`TO SECURED
`PERIPHERAL DEVICES,
`BAY DOORS, ETC.
`
`TO CORE
`COMPONENTS
`
`Vac1I
`
`•
`
`Vac2
`
`180
`
`---'- 190
`I
`"',
`__ .J
`
`192
`
`d •
`\JJ.
`•
`~
`~ ......
`~ = ......
`
`'Jl
`~ '?
`N
`~CIO
`""""
`\C
`\C
`\C
`
`'Jl =-~
`~ .....
`
`.i;;..
`0 .....,
`.i;;..
`
`Ul
`....
`\C
`
`0--, =
`.... = 00
`
`~
`
`

`
`5,960,084
`
`1
`SECURE METHOD FOR ENABLING/
`DISABLING POWER TO A COMPUTER
`SYSTEM FOLLOWING TWO-PIECE USER
`VERIFICATION
`
`BACKGROUND OF THE INVENTION
`
`2
`It is generally very difficult to calculate the decryption key
`from an encryption key. In typical operation, the "public
`key" used for encryption is made public via a readily
`accessible directory, while the corresponding "private key"
`5 used for decryption is known only to the recipient of the
`ciphertext. In an exemplary public key transaction, a sender
`retrieves the recipient's public key and uses it to encrypt the
`message prior to sending it. The recipient then decrypts the
`message with the corresponding private key. It is also
`possible to encrypt a message using a private key and
`10 decrypt it using a public key. This is sometimes used in
`digital signatures to authenticate the source of a message.
`One problem with public key algorithms is speed. Public
`key algorithms are typically on the order of 1,000 times
`slower than symmetric algorithms. This is one reason that
`secure communications are often implemented using a
`hybrid cryptosystem. In such a system, one party encrypts a
`random "session key" with the other party's public key. The
`receiving party recovers the session key by decrypting it
`with his/her private key. All further communications are
`encrypted using the same session key (which effectively is
`a secret key) and a symmetric algorithm.
`The number of cryptographic algorithms is constantly
`growing. The two most popular are DES (Data Encryption
`25 Standard) and RSA (named after its inventors-Rivest,
`Shamir, and Adleman). DES is a symmetric algorithm with
`a fixed key length of 56 bits. RSA is a public key algorithm
`that can be used for both encryption and digital signatures.
`DSA(Digital Signature Algorithm) is another popular public
`30 key algorithm that is only used for digital signatures. With
`any of these algorithms, the relative difficulty of breaking an
`encrypted message by guessing a key with a brute force
`attack is proportional to the length of the key. For example,
`if the key is 40 bits long, the total number of possible keys
`35 (240
`) is about 110 billion. Given the computational power of
`modern computers, this value is often considered inad(cid:173)
`equate. By comparison, a key length of 56 bits provides
`65,636 times as many possible values as the 40 bit key.
`While much attention has been given to protecting com-
`40 munications and data as they are transmitted via internal
`networks (intranets) and external networks (such as the
`Internet), few security improvements have focused on the
`hardware itself. One known method of offering limited
`access to hardware and the data it contains is by the use of
`45 passwords. A password is typically stored in battery-backed
`CMOS RAM memory. Before the user is allowed access to
`the computer or secured computer resources, the user is
`required to enter a password. Once a password is entered, the
`computer's power-on routines compares the password to the
`50 password in CMOS memory and, if they match, the user is
`allowed access.
`A main disadvantage of this system is that certain forms
`of attack can bypass the CMOS memory because in many
`cases it is not read protected. To address this concern, the
`password can be encoded. Most encoding schemes can be
`reverse engineered by a sophisticated computer virus or
`malicious code, however, potentially leading to a costly
`security breach. Further, the CMOS memory could simply
`be disconnected from its battery, causing the loss of the
`password and any other contents.
`Physical keys or tokens, such as those used to unlock a
`door, have also been used to permit access to a computer
`system. Like the password approach, this type of security is
`"one-piece" in nature, and is compromised if the key or
`65 token is stolen. Anyone possessing the key can gain access
`to the computer's data and is accorded the same level of
`access as the authorized user.
`
`20
`
`15
`
`1. Field of the Invention
`The invention relates to security in a computer system,
`and more particularly to enabling power to all or portions of
`a computer system based upon the results of a two-piece user
`verification process.
`2. Description of the Related Art
`Large amounts of money are invested by companies and
`individuals to purchase computer hardware and software,
`and even more money is spent developing the information
`contained in data files such as text documents and spread(cid:173)
`sheets. Protecting these investments can be critical to the
`success and reputation of a business. Public accounts of the
`exploits of computer "hackers"-as malicious code(cid:173)
`breakers or eavesdroppers are sometimes called-have
`therefore focused and magnified corporate desires for more
`secure communications and better methods to protect data.
`The scope of the problem is undoubtedly even more serious
`than reported, given the reluctance of many businesses to
`report security breaches. As a result, security conscious
`users are requesting that security and integrity features be
`incorporated into their computers to restrict access to data
`contained on hard drives, as well as information contained
`in other critical system components.
`One known approach to security involves encryption or
`cryptography. Cryptography is typically used to protect both
`data and communications. Generally, the original message
`or data item is referred to as "plain text", while "encryption"
`denotes the process of disguising or altering a message in
`such a way that its substance is not readily discernable. An
`encrypted message is called "ciphertext". Ciphertext is
`returned to plain text by an inverse operation referred to as
`"decryption". Encryption is typically accomplished through
`the use of a cryptographic algorithm, which is essentially a
`mathematical function. There are many types of crypto(cid:173)
`graphic algorithms, providing varying levels of security.
`The most common cryptographic algorithms are key(cid:173)
`based, where special knowledge of variable information
`called a "key" is required to decrypt ciphertext. There are
`two prevalent types of key-based algorithms: "symmetric"
`(also called secret key or single key algorithms) and "public
`key" (also called asymmetric algorithms). The security in
`these algorithms is centered around the keys-not the details
`of the algorithm itself. This makes it possible to publish the
`algorithm for public scrutiny and then mass produce it for
`incorporation into security products.
`In most symmetric algorithms, the encryption key and the
`decryption key are the same. This single key encryption 55
`arrangement is not flaw-free. The sender and recipient of a
`message must somehow exchange information regarding the
`secret key. Each side must trust the other not to disclose the
`key. Further, the sender must generally communicate the key
`via another media (similar to a bank sending the personal 60
`identification number for an ATM card through the mail).
`This arrangement is not practical when, for example, the
`parties interact electronically for the first time over a net(cid:173)
`work. The number of keys also increases rapidly as the
`number of users increases.
`With public key algorithms, by comparison, the key used
`for encryption is different from the key used for decryption.
`
`

`
`10
`
`3
`Providing sufficient security can be particularly difficult in
`the case of portable computers. Unlike their desktop
`counterparts, portable computers are easily stolen. Once
`stolen, the security afforded by physical keys or passwords
`used to protect data stored on hard drives or other mass 5
`storage devices is readily bypassed. For example, it is a
`simple procedure to physically remove the hard drive unit or
`other system component from the stolen computer-which
`is password protected-and install it in a second, unsecured
`computer system. Further, automated brute force attacks
`against the passwords of a stolen computer can nullify
`protection. Currently, there exists no satisfactory method of
`protecting vulnerable or stolen computer equipment and the
`data it might contain from unauthorized access.
`SUMMARY OF THE INVENTION
`Briefly, a system according to the invention utilizes a
`secure two-piece password verification process to enable
`power to a computer system or secured computer resources.
`In the disclosed embodiment, the password verification
`process is carried out during a secure power-up procedure. 20
`At some point during the secure power-up procedure, the
`computer system checks for the presence of an external
`token or smart card that is coupled to the computer through
`specialized hardware. The token or smart card is used to
`store an encryption algorithm furnished with an encryption 25
`key that is unique or of limited production.
`Following detection of the external token, the computer
`user is required to enter a plain text user password. Once
`entered, the user password is encrypted using the encryption
`algorithm contained in the external token, thereby creating 30
`a system password. The system password is compared to a
`value stored in secure memory. If the two values match, the
`power-on sequence is completed and power to the computer
`system and/or secured computer resources is enabled. If the
`two values do not match, power to the entire computer 35
`system and/or secured computer resources is disabled.
`In the disclosed embodiment of the invention, a bifurcated
`power supply is utilized to provide separate supply voltages.
`A first one of the supply voltages is used to power core
`computer components needed to complete the power-on 40
`sequence. This first supply voltage is enabled when the
`computer is turned on. If a valid system password is not
`provided, the first supply voltage is disabled. The resulting
`delay associated with re-booting the computer system dis(cid:173)
`courages brute force attacks against the user password in 45
`situations where the external token has been misappropri(cid:173)
`ated.
`A second supply voltage is used to power peripheral
`computer resources, including bay door/case locks and mass
`data storage devices. The computer system is configured to
`enable the second supply voltage only after a valid system
`password is detected. By requiring entry of a valid system
`password before enabling power to peripheral devices and
`bay door/case locks, the possessor of a stolen computer is
`forced to physically damage the computer casing before
`gaining access to secured resources. The value of stolen
`computer equipment is thereby reduced and computer theft
`is discouraged.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`A better understanding of the present invention can be
`obtained when the following detailed description of the
`preferred embodiment is considered in conjunction with the
`following drawings, in which:
`FIG. 1 is a schematic block diagram of a computer system
`incorporating secure power-on capabilities in accordance
`with the present invention;
`
`60
`
`5,960,084
`
`4
`FIGS. 2A and 2B are flowchart diagrams illustrating a
`secure power-on sequence incorporating two-piece user
`authentication according to the present invention; and
`FIG. 3 is a schematic diagram of an exemplary power
`supply according to the present invention.
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENT
`
`The following patents and applications are hereby incor(cid:173)
`porated by reference:
`Commonly-assigned U.S. Pat. No. 5,537,540, entitled
`"TRANSPARENT, SECURE COMPUTER VIRUS
`DETECTION METHOD AND APPARATUS", referred to
`15 as the "SAFESTART patent";
`Commonly-assigned U.S. patent application Ser. No.
`08/398,343, entitled, "SECURITY CONTROL FOR A PER(cid:173)
`SONAL COMPUTER," filed on Mar. 3, 1995, now aban(cid:173)
`doned;
`Commonly-assigned U.S. Pat. No. 5,375,243, entitled
`"HARD DISK PASSWORD SECURITY SYSTEM";
`Commonly-assigned U.S. patent application Ser. No.
`08/632,892, entitled "SECURE POWER SUPPLY," filed on
`Apr. 16, 1996, now U.S. Pat. No. 5,751,950; and
`Commonly-assigned U.S. patent application Ser. No.
`08/657,982, entitled "METHOD AND APPARATUS FOR
`PROVIDING SECURE AND PRIVATE KEYBOARD
`COMMUNICATIONS IN COMPUTER SYSTEMS", filed
`on May 29, 1996 now U.S. Pat. No. 5,748,888.
`Referring first to FIG. 1, a computer system S according
`to the present invention is shown. In the preferred
`embodiment, the system S incorporates two primary buses:
`a Peripheral Component Interconnect (PCI) bus P which
`includes an address/data portion and a control signal portion;
`and an Industry Standard Architecture (ISA) bus I which
`includes an address portion, a data portion, and a control
`signal portion. The PCI and ISA buses P and I form the
`architectural backbone of the computer system S.
`A CPU/memory subsystem 100 is connected to the PCI
`bus P. The processor 102 is preferably the Pentium® pro(cid:173)
`cessor from Intel Corporation, but could be an 80486 or any
`number of similar or next-generation processors. The pro(cid:173)
`cessor 102 drives data, address, and control portions 116,
`106, and 108 of a host bus HB. A level 2 (L2) or external
`cache memory 104 is connected to the host bus HB to
`provide additional caching capabilities that improve the
`overall performance of the computer system S. The L2 cache
`104 may be permanently installed or may be removable if
`50 desired. A cache and memory controller 110 and a PCI-ISA
`bridge chip 130 are connected to the control and address
`portions 108 and 106 of the host bus HB. The cache and
`memory controller chip 110 is configured to control a series
`of data buffers 112. The data buffers 112 are preferably the
`55 82433LX from Intel, and are coupled to and drive the host
`data bus 116 and a MD or memory data bus 118 that is
`connected to a memory array 114. A memory address and
`memory control signal bus is provided from the cache and
`memory controller 110.
`The data buffers 112, cache and memory controller 110,
`and PCI-ISA bridge 130 are all connected to the PCI bus P.
`The PCI-ISA bridge 130 is used to convert signals between
`the PCI bus P and the ISA bus I. The PCI-ISA bridge 130
`includes: the necessary address and data buffers, arbitration
`65 and bus master control logic for the PCI bus P, ISA arbitra(cid:173)
`tion circuitry, an ISA bus controller as conventionally used
`in ISA systems, an IDE (intelligent drive electronics)
`
`

`
`5,960,084
`
`5
`
`40
`
`5
`interface, and a DMA controller. A hard disk drive 140 is
`connected to the IDE interface of the PCI-ISA bridge 130.
`Tape drives, CD-ROM devices or other peripheral storage
`devices (not shown) can be similarly connected.
`In the disclosed embodiment, the PCI-ISAbridge 130 also
`includes miscellaneous system logic. This miscellaneous
`system logic contains counters and activity timers as con(cid:173)
`ventionally present in personal computer systems, an inter(cid:173)
`rupt controller 111 (FIG. 3) for both the PCI and ISA buses
`P and I, and power management logic. Additionally, the 10
`miscellaneous system logic may include circuitry for a
`security management system used for password verification
`and to allow access to protected resources as described more
`fully below.
`The PCI-ISA bridge 130 also includes circuitry to gener- 15
`ate a "soft" SMI (System Management Interrupt), as well as
`SMI and keyboard controller interface circuitry. The mis(cid:173)
`cellaneous system logic is connected to the flash ROM 154
`through write protection logic 164. As discussed below,
`separate enable/interrupt signals are also communicated 20
`from the PCI-ISA bridge 130 to the power supply 180 and
`the hard drive 140. Preferably, the PCI-ISA bridge 130 is a
`single integrated circuit, but other combinations are pos(cid:173)
`sible.
`A series of ISA slots 134 are connected to the ISA bus I 25
`to receive ISA adapter cards. A series of PCI slots 142 are
`similarly provided on the PCI bus P to receive PCI adapter
`cards.
`A video controller 165 is also connected to the PCI bus P.
`Video memory 166 is used to store graphics data and is
`connected to the video graphics controller 165 and a digital/
`analog converter (RAMDAC) 168. The video graphics con(cid:173)
`troller 165 controls the operation of the video memory 166,
`allowing data to be written and retrieved as required. A 35
`monitor connector 169 is connected to the RAMDAC 168
`for connecting a monitor 170.
`A network interface controller (NIC) 122 is also con(cid:173)
`nected to the PCI bus P. Preferably, the controller 122 is a
`single integrated circuit that includes the capabilities nec(cid:173)
`essary to act as a PCI bus master and slave, as well as
`circuitry required to act as an Ethernet interface. Attachment
`Unit Interface (AUi) and 10 base-T connectors 124 are
`provided in the system S, and are connected to the NIC 122
`via filter and transformer circuitry 126. This circuitry forms 45
`a network or Ethernet connection for connecting the com(cid:173)
`puter system S to a local area network (LAN).
`A combination 1/0 chip 136 is connected to the ISA bus
`I. The combination 1/0 chip 136 preferably includes a real
`time clock, two UARTS, a floppy disk controller for con(cid:173)
`trolling a floppy disk drive 138, and various address decode
`logic and security logic to control access to an internal or
`external CMOS/NVRAM memory (not shown) and stored
`password values. Further details of contemplated uses of the
`NVRAM memory are provided below. Additionally, a con- 55
`trol line is provided to the read and write protection logic
`164 to further control access to the flash ROM 154. Serial
`port connectors 146 and parallel port connector 132 are also
`connected to the combination 1/0 chip 136.
`An 8042, or keyboard controller, is also included in the
`combination 1/0 chip 136. The keyboard controller is of
`conventional design and is connected in turn to a keyboard
`connector 158 and a mouse or pointing device connector
`160. A keyboard 159 is connected to the computer system S
`through the keyboard connector 158.
`A buffer 144 is connected to the ISA bus I to provide an
`additional X-bus X for various additional components of the
`
`6
`computer system S. A flash ROM 154 receives its control,
`address and data signals from the X-bus X. Preferably, the
`flash ROM 154 contains the BIOS information for the
`computer system and can be reprogrammed to allow for
`revisions of the BIOS.
`In the computer system S of FIG. 1, all electronic devices
`discussed above, including the processor 102, are powered
`by a regulated power supply 180. In the preferred
`embodiment, the regulated power supply has a power supply
`supervisory circuit that provides shutdown capability via
`power supply control signals SHUTDOWN! and SHUT-
`DOWN2 (FIG. 3). The power supply 180 receives an AC
`voltage supply via an AC plug 192 (FIG. 3).
`In the disclosed embodiment, the computer system S
`contains circuitry for communicating with a removable
`cryptographic token 188. The precise physical nature of the
`token 188 is not considered critical to the invention. The
`token can take many forms, such as a Touch Memory™
`device supplied by Dallas Semiconductor, Inc., a smart card,
`or an encryption card. Preferably, the token 188 is easily
`decoupled from the computer system S and easily transport-
`able by the token bearer. The token 188 contains at least one
`of a variety of encryption algorithms (such as DES,
`Blowfish, elliptic curve-based algorithms, etc.). Although
`the base algorithm can be the same in each token 188, it is
`preferable that the encryption key be different in each token
`188. Ideally, the token 188 is capable of communicating
`digitally with the computer system S during momentary
`contact with or proximity to the computer system S. The
`30 token 188 of the disclosed embodiment is capable of storing
`the encryption algorithm in a non-volatile manner and can
`be permanently write-protected to discourage tampering.
`In the disclosed embodiment of the invention, the cir(cid:173)
`cuitry used for establishing a communication link between
`the token 188 and the computer system S consists of a probe
`186 connected to a COM or serial port adapter 184. The port
`adapter 184 is connected to the RS232 connector 146. In
`operation, the token 188 is detachably received by the probe
`186. The probe 186 includes circuitry for reading and
`writing memory in the token 188, and can be fully powered
`through the RS232connector146. In addition, the probe 186
`includes presence detector circuitry for ascertaining the
`presence of a token 188.
`An additional feature of the computer system S is a
`System Management Mode (SMM), which is generally
`known to those skilled in the art. It is also noted that FIG.
`1 presents an exemplary embodiment of the computer sys(cid:173)
`tem S and it is understood that numerous other effective
`50 embodiments could readily be developed as known to those
`skilled in the art.
`Referring now to FIGS. 2A and 2B, an exemplary power-
`on sequence incorporating two-piece user verification
`according to the invention is shown. The sequence builds
`upon a secure power-up procedure, such as that described in
`the SAFESTART patent. Briefly, this invention reduces the
`administrative requirements of earlier techniques. A
`reserved non-DOS hard disk partition is used to pre-boot the
`computer system and provide a secure environment from
`60 which to verify files. Upon power-up or reset, the computer
`performs the power-on self test (POS1), during which it
`checks a SAFESTART track by comparing its hash value to
`a value stored in NVRAM. If the integrity of the SAF(cid:173)
`ESTART track is verified, the first "SAFESTART" routine is
`65 loaded into memory and executed.
`The SAFESTART routine first checks the master boot
`record and boot sectors of the hard disk. This verification
`
`

`
`5,960,084
`
`10
`
`7
`captures a large majority of viruses and is performed before
`any code residing in those areas is executed, thus preventing
`the spread of any discovered viruses. Further checks are
`performed on SAFESTART files before each is executed.
`Eventually, system files and any additional designated user
`files are verified. Since the computer system was booted
`from an atypical partition, the drives are remapped to
`account for the shift in logical disk drive addressing. When
`the verification process is completed, SAFESTART files are
`cleaned up, a latch is set to prevent unauthorized modifica-
`tion of the initial hash values, and control is returned to the
`BIOS to boot the user operating system. Thus, a computer
`system implemented according to the SAFESTART patent
`insures that designated software and passwords are trust(cid:173)
`worthy following a power-up cycle.
`As shown in FIG. 2A, when power to the computer 15
`system S is initially applied or the system undergoes a cold
`restart, the POWER-ON sequence 200 is commenced. In the
`first step 202 of the POWER-ON sequence 200 the computer
`system S begins executing from BIOS ROM. The BIOS is
`preferably stored in flash ROM 154 and contains low level 20
`programming for booting the operating system, and an
`interrupt handler for accessing the hard drive 140. Control
`then proceeds to step 204 where the computer system S
`performs a power-on self test (POST) to determine if all
`system hardware is operating properly.
`Following additional power-up steps (optional), control
`next proceeds to step 206 for commencement of a secure
`power-up procedure such as that described in the SAF(cid:173)
`ESTART patent. In the preferred embodiment, operating
`sequences for the secure power-up procedure are configured 30
`as an option ROM and located in the option ROM address
`space in a conventional manner. Preferably, the operating
`sequences are provided as the last option ROM in order to
`allow any other option ROM's to be installed at the outset.
`The system BIOS executes this portion of the secure power- 35
`on sequence as a part of its scan for option RO Ms, which are
`executed when encountered in POST. This arrangement
`requires address decoding for the power-on sequence, but
`also simplifies distribution into a family of computer sys(cid:173)
`tems. Alternatively, the power-on sequence could be imple- 40
`mented as a direct call from the BIOS, rather than an option
`ROM call.
`Control next proceeds to step 208 to determine if a token
`188 containing an encryption algorithm is present. If the
`aforementioned presence detection circuitry determines that
`a token is not present, control loops to step 210 to display a
`message requesting that the user provide a token 188. When
`a token 188 is present as determined in step 208, control
`passes to step 212 where the user is prompted to enter a plain
`text power-on password. As an alternative to a memorized
`value, the plain text password could be generated with the
`aid of biometrics. For example, a scanned fingerprint could
`be converted into a plain text password value.
`Control next proceeds to step 214 and the plain text
`password entered by the user is encrypted using the encryp(cid:173)
`tion algorithm provided by the external token 188. The
`encrypted plain text password effectively becomes the sys(cid:173)
`tem password, and is referred to as such through throughout
`this specification. The encryption algorithm that is utilized
`can take many forms, including DES, RSA, DSA, RC2,
`RC4, Blowfish, IDEA, 3-WAY, and MDC among others.
`Ideally, the algorithm in each token 188 is enabled by an
`encryption key that is unique or of limited production, such
`that it is impractical or impossible to circumvent the veri(cid:173)
`fication process by using a substitute token.
`It is contemplated that the actual encryption process could
`be carried out by the token 188 itself. In this embodiment of
`
`8
`the invention, the plain text password is transmitted to the
`token 188 through the RS232 connector 146 or alternate
`connection port. The token 188 then performs the encryption
`procedure using its stored encryption algorithm and associ-
`5 ated encryption key. Following the encryption process, the
`encrypted password is returned to the computer system S via
`the RS232 connector 146.
`In an alternate embodiment of the invention, the encryp(cid:173)
`tion algorithm is downloaded into secure computer memory.
`After the user password has been entered, the encryption
`process is then performed by the computer system S. In