`
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`& Zafman L.L.P., 1279 Oakmead Parkway, Sunnyvale, CA
`94086 (US).
`
`
`
`GP“ U Smnat
`
`Apex
`
`
`
`
`launder TAJiu’OP
`
`h Caller
`
`
`
`PNVH‘“ 40“»
`10 7a..
`ldm‘liiied
`5m” surest AMA—
`
`(57) Abstract
`
` A method and apparatus for protecting data using lock values in a computer system includes indicating that the computer system does
`
`not support locked accesses to the data. However, upon receipt of a request (310) to write to a storage area where the data is contained,
`the present invention checks (320) whether a lock value corresponding to the request matches a predetermined lock value. If the lock value
`
`
`
`
`matches the predetermined lock value, then the data is written to the storage area (330); otherwise, the storage area is left unmodified (340).
`
`HTC EX. 1017
`HTC v. Ancora
`
`US Patent No. 6,411,941
`
`Page 1
`
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`(51) International Patent Classification 6 :
`~
`(11) International Publication Number:
`WO 97/36241
`G06F 13/00
`
` (43) International Publication Date:
`2 October 1997 (02.10.97)
`
` (21) International Application Number:
`PCT/US97/03569
`(81) Designated States: AL. AM. AT, AT (Utility mOdCI), AU
`(Petty patent), AZ, BA, BB, BG, BR, BY, CA, CH, CN,
`
`(22) International Filing Date:
`11 March 1997 (11.03.97)
`CU, CZ, CZ (Utility model), DE, DE (Utility model), DK,
`DK (Utility model), EE, EE (Utility model), ES, F1, F1
`(Utility model), GB, GE, GH, HU, IL, IS, JP, KE, KG,
`KP, KR, KZ, LK, LR, LS, LT, LU, LV, MD, MG, MK,
`MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG,
`SI, SK, SK (Utility model), TJ, TM, TR, Tl", UA, UG, US,
`UZ, VN, YU, ARIPO patent (GH, KE, LS, MW, SD, 82,
`UG), Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU, TJ,
`TM), European patent (AT, BE, CH, DE, DK, ES, FI, FR,
`GB, GR, IE, IT, LU, MC, NL, PT, SE), OAPI patent (BF,
`BJ, CF, CG, CI, CM, GA, GN, ML, MR, NE, SN, TD, TG).
`
`(72) Inventors; and
`
`(75) Inventors/Applicants (for US only): SHIPMAN, Mark, S.
`
` Published
`[US/US]; 3616 SE. Willow Street, Hillsboro, OR 97123
`(US). CHRISTESON, Orville, H.
`[US/US]; 2930 N.W.
`With international search report.
`Whitman Court, Portland, OR 97229 (US). LABA'I'I'E,
`Timothy, E., W.
`[US/US]; 10605 N.W. Harding Court,
`
`Portland, OR 97229 (US).
` (74) Agents: TAYLOR, Edwin, H. et al.; Blakely. Sokoloff, Taylor
`
` (54) Title: METHOD AND APPARATUS FOR PROTECTING DATA USING LOCK VALUES IN A COMPUTER SYSTEM
`
` WNW-g apuu Dako-
`cAu
`fleeciuefl
`
`
`
`
`
`(30) Priority Data:
`08/623,930
`
`28 March 1996 (28.03.96)
`
`US
`
`
`(71) Applicant (for all designated States except US): INTEL COR-
`PORATION [US/US]; 2200 Mission College Boulevard,
`Santa Clara, CA 95052 (US).
`
`
`
`Page 1
`
`HTC EX. 1017
`HTC v. Ancora
`US Patent No. 6,411,941
`
`
`
`
`
`FOR THE PURPOSES OF INFORMATION ONLY
`
`Albania
`Armenia
`Austria
`Australia
`Azerbaijan
`Bosnia and Herzegovina
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`Cbte d’lvoire
`Cameroon
`China
`Cuba
`Czech Republic
`Germany
`Denmark
`Estonia
`
`Spain
`Finland
`France
`Gabon
`United Kingdom
`Georgia
`Ghana
`Guinea
`Greece
`Hungary
`Ireland
`lsrael
`Iceland
`Italy
`Japan
`Kenya
`Kyrgyzstan
`Democratic People's
`Republic of Korea
`Republic of Korea
`Kazakstan
`Saint Lucia
`Liechtenstein
`Sri Lanka
`Liberia
`
`KR
`KZ
`LC
`Ll
`LK
`LR
`
`Zimbabwe
`
`Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT.
`Slovenia
`SI
`Lesotho
`LS
`ES
`SK
`Slovakia
`Lithuania
`LT
`FI
`SN
`LU
`FR
`Senegal
`Luxembourg
`82
`Swaziland
`LV
`Latvia
`GA
`Chad
`TD
`Monaco
`MC
`GB
`TG
`MD
`GE
`Togo
`Republic of Moldova
`MG
`TJ
`Tajikistan
`GH
`Madagascar
`TM
`Turkmenistan
`MK
`GN
`The former Yugoslav
`TR
`Turkey
`GR
`Republic of Macedonia
`TT
`Mali
`Trinidad and Tobago
`HU
`Ukraine
`UA
`IE
`Mongolia
`UG
`Mauritania
`IL
`Uganda
`US
`United States of America
`Malawi
`IS
`Uzbekistan
`UZ
`Mexico
`IT
`VN
`Viet Nam
`JP
`Niger
`YU
`Netherlands
`KE
`Yugoslavia
`ZW
`KG
`Norway
`New Zealand
`KP
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`
`ML
`MN
`MR
`MW
`MX
`NE
`NL
`NO
`NZ
`PL
`PT
`R0
`RU
`SD
`SE
`SG
`
`Page 2
`
`Page 2
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`METHOD AND APPARATUS FOR PROTECTING DATA USING
`
`LOCK VALUES IN A COMPUTER SYSTEM
`
`BACKGROUND OF THE INVENTION
`
`Field of the Invention
`
`invention pertains to the field of data storage
`The present
`in a computer system. More particularly,
`this invention relates
`to protecting data stored in a computer system using lock values.
`
`5mm
`resulting
`technology is continuously advancing,
`Computer
`in modern computer systems which provide ever-increasing
`performance. One result of this improved performance is an
`increased use of computer systems by individuals in a wide
`variety of business, academic and personal applications. With
`the increased use of and demand for computer systems, a large
`number of manufacturers, developers, and suppliers of computer
`systems, components, and software have come into existence to
`
`service the demand.
`
`The large number of manufacturers, developers, and
`suppliers, combined with the flexibility afforded them due to the
`advances in technology, has resulted in a wide range of methods
`in which computer systems operate. Typically,
`in order for
`different components within a computer system to work together
`effectively, each must agree on certain specific operating
`parameters. Often, standards or specifications are adopted or
`agreed upon by various industries or groups of companies which
`define certain operating parameters.
`Thus,
`if two components
`comply with the same standard(s) or specification(s),
`then the
`
`Page 3
`
`Page 3
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`2
`
`two components should be able to work together effectively in
`
`the same system.
`For example, one such standard is the Plug and Play
`Specification. A component which conforms to the Plug and Play
`Specification should work properly in a system which also
`complies with the Plug and Play Specification by simply
`connecting the component
`to the system. Components which do
`not comply with the Plug and Play Specification may require
`additional configuration steps to be taken by the user before
`
`they function properly.
`
`Another current specification is
`the Desktop Management
`Interface (DMI) Specification. The DMI Specification provides,
`among other advantages, general purpose nonvolatile data areas
`which can be accessed to store various data by applications
`
`executing on the system. The DMl Specification, however, does
`not provide a rnechanimn to prevent an apphcanon froni
`updating data stored in one of these general purpose nonvolatile
`data areas by another application. Thus,
`it would be beneficial
`to
`provide a mechanism for preventing unwanted updates to these
`
`general purpose nonvcflanle data areas
`Additionally,
`in order to maintain compliance with the DMI
`Specification, any protection against unwanted updates to general
`purpose nonvolatile data areas must not violate the DMI
`Specificadon.
`'Thus,it “mnfld be advantageous to provide a
`mechanism for preventing unwanted updates
`to the general
`purpose nonvolatile data areas which maintains compliance with
`the Desktop Management
`Interface Specification.
`As will be described in more detail below,
`
`the present
`
`invention provides a mechanism for protecting data using lock
`values in a computer system that achieves these and other
`
`Page 4
`
`Page 4
`
`
`
`
`
`W0 97/3624]
`
`PCT/US97/03569
`
`3
`
`desired results which will be apparent
`from the description to follow.
`
`to those skilled in the art
`
`SUMMARY OF THE INVENTION
`
`A method and apparatus for protecting data using lock
`values in a computer system is described herein.
`The present
`invention includes indicating that
`the computer system does not
`support
`locked accesses to the data. However, upon receipt of a
`request
`to write to the storage area where the data is contained,
`the present
`invention checks whether a lock value corresponding
`to the request matches a predetermined lock value.
`If the lock
`value matches the predetermined lock value,
`then the data is
`written to the storage area; otherwise,
`the storage area is left
`unmodified.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`The present
`invention is illustrated by way of example and
`limitation in the figures of the accompanying drawings,
`in
`not
`which like references indicate similar elements and in which:
`Figure l
`is a block diagram showing a portion of a
`computer system in accordance with one embodiment of the
`
`present
`
`invention;
`
`Figure 2 is a flowchart showing the steps used to read data
`from a storage area according to one embodiment of‘the present
`invention;
`
`Figure 3 is a flowchart showing the steps used to write data
`to a storage area according to one embodiment of the present
`invention;
`and
`
`Page 5
`
`Page 5
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`4
`
`Figure 4 is a block diagram of a computer system such as
`may be used with one embodiment of the present
`invention.
`
`DETAILED DESCRIPTION
`
`In the following detailed description numerous specific
`details are set forth in order to provide a thorough
`understanding of
`the present
`invention. However,
`it will be
`understood by those skilled in the art
`that
`the present
`invention
`may be practiced without
`these specific details.
`In other
`instances, well known methods, procedures, components, and
`circuits have not been described in detail so as not
`to obscure
`
`invention.
`aspects of the present
`The present
`invention provides a mechanism for protecting
`data saved in a storage area.
`In order to modify the data in the
`storage area, an application provides a lock value. Upon
`the
`receiving a request
`to modify the data in the storage area,
`present
`invention checks whether
`the lock value is valid for
`the
`storage area.
`If the lock value is valid,
`then the present
`invention modifies the data in the storage area as requested.
`However,
`if the lock value is not valid,
`then the present
`invention
`
`leaves the data unchanged.
`Figure 1
`is a block diagram showing a portion of a
`computer system in accordance with one embodiment of the
`present
`invention. A bus 110, a processor 120, a basic input
`output system (BIOS) memory 130, general purpose nonvolatile
`(GPNV) data storage 140, and a random access memory (RAM)
`The BIOS memory 130 stores a
`
`150 are interconnected as shown.
`sequence of instructions (referred to as the BIOS) which allows
`the processor 120 to input data from and output data to
`
`Page 6
`
`Page 6
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569 ’
`
`5
`
`in the computer system
`(I/O) devices (not shown)
`input/output
`100, such as display devices and mass storage devices.
`In one
`embodiment, when the system 100 is reset,
`the contents of BIOS
`
`memory 130 are copied into RAM 150 for access by the
`processor 120. Alternatively, processor 120 may access the BIOS
`memory 130 directly via bus 110. The BIOS memory 130 can be
`any of a wide variety of conventional nonvolatile data storage
`devices, such as a read only memory (ROM), Flash memory, an
`erasable programmable read only memory (EPROM) or an
`electrically erasable programmable read only memory (EEPROM).
`In one embodiment of the present
`invention,
`the BIOS
`stored in BIOS memory 130 is compliant with the Desktop
`Management BIOS Specification version 2.0, published September
`27, 1995, available from Intel Corporation of Santa Clara,
`California. The Desktop Management BIOS Specification includes
`a Desktop Management Interface (DMI). One aspect of DMI is the
`use of general-purpose nonvolatile (GPNV) data areas, shown in
`Figure I as GPNV storage areas 140. The GPNV storage areas 140
`are accessed by the processor 120 via the bus 110, however,
`the
`BIOS controls the access to the GPNV storage areas 140. Thus,
`when an application desires access to the GPNV storage areas
`140,
`it must call one of the procedures provided by the BIOS.
`These procedures are described in more detail below.
`
`Multiple GPNV storage areas 140 can be used in a computer
`system. The system 100 as shown includes n GPNV storage areas
`140.
`In one implementation, n is equal
`to three.
`In one
`Each of the GPNV areas 140 can be of any size.
`embodiment, one of the GPNV areas 140 is 128 bytes, a second is
`256 bytes, and a third is 384 bytes. The GPNV storage areas 140
`can be implemented using any of a wide variety of nonvolatile
`storage devices, such as blocks of Flash memory cells, EEPROMs,
`
`Page 7
`
`Page 7
`
`
`
`WO 97136241
`
`PCT/US97/03569 '
`
`6
`
`battery—backed complimentary metal oxide semiconductor
`
`(CMOS) cells, etc.
`
`The GPNV storage areas 140 can be used to store any of a
`
`wide variety of information.
`
`In one embodiment,
`
`the GPNV
`
`storage areas 140 are used to store data relating to the
`identification of hardware components in the system 100.
`
`For
`
`this identification can include the serial numbers and
`example,
`model numbers of each piece of hardware (e.g., display devices,
`
`mass storage devices, multimedia cards, etc.)
`
`in the system 100.
`
`DMI provides for locked access to the GPNV storage areas
`
`140. According to DMI, an application which desires to write to
`
`one of the storage areas 140 first reads from the storage area.
`
`If
`
`locked accesses are supported by the BIOS,
`then the BIOS
`generates a lock value and returns that
`lock value to the calling
`application. Then,
`in order to write to the GPNV area,
`the calling
`application writes to the storage area and provides the lock value
`it received from the BIOS.
`Failure to provide the proper lock
`
`value results in the BIOS denying the calling application access to
`the storage area. However,
`if locked accesses are not supported
`by the BIOS,
`then the BIOS returns a value of -l
`to indicate
`locked accesses to the GPNV storage areas 140 are not supported.
`
`Subsequent attempts to write to the GPNV storage areas 140 can
`then be either accepted by the BIOS without checking any lock
`
`values, or can be rejected.
`
`It should be noted that DMI does not require GPNV storage
`
`if the GPNV storage areas are
`areas to be supported. However,
`the BIOS returns a value of -1
`supported,
`then it
`is required that
`to indicate locked accesses are not supported, and that
`the BIOS
`
`allows write access to the GPNV area if the prOper password is
`
`supplied.
`
`Page 8
`
`Page 8
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`7
`
`implemented
`invention is
`the present
`In one embodiment,
`through a sequence of instructions executed on the processor
`120.
`Initially,
`the sequence of instructions is stored in the BIOS
`
`the
`memory 130. When the computer system is reset,
`instructions are copied from the BIOS memory 130 into the RAM
`150 and then accessed and executed by the processor 120.
`In an
`alternate embodiment,
`the sequence of instructions is stored on
`another nonvolatile memory device which is part of or
`is coupled
`to the system 100, such as a hard disk, an optical disk, or a
`removable floppy disk.
`The sequence of instructions can be
`loaded into the RAM 150 after an initial portion of the BIOS
`which includes instructions on how to access the memory device
`(e.g.,
`the hard disk) has been loaded into the RAM 150.
`
`Figure 2 is a flowchart showing the steps used to read data
`from a storage area according to one embodiment of the present
`invention. A Read GPNV‘ data call
`is first received by the BIOS,
`step 210. The Read GPNV data call
`is made by an application to
`access one of the GPNV areas 140.
`In one implementation,
`the
`calling application includes an identifier or “handle” identifying
`which one of the GPNV storage areas 140 is being accessed, as
`well as a pointer to a data buffer where the data from the
`identified GPNV storage area 140 should be placed.
`Upon receipt of the Read GPNV data call,
`the BIOS provides
`the identified GPNV storage area to the requesting application by
`copying the data in the identified GPNV storage area to the data
`buffer identified by the calling application, step 220.
`It should
`be noted that
`in this embodiment any application can read the
`GPNV storage areas 140;
`the lock values do not prohibit reading
`from the GPNV storage areas 140.
`
`as a lock
`invention then returns a value of —l
`The present
`value to the calling application, step 230. Typically,
`the lock
`
`Page 9
`
`Page 9
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`8
`
`values in DMI are used in a multi—tasking environment
`
`to ensure
`
`that only one of multiple applications being executed
`concurrently is accessing a particular storage area at any one
`time. Thus,
`the typical response to a Read GPNV data call
`is to
`provide the data in the storage area and a lock value. The lock
`value is either a —1, which indicates locks to the storage areas
`140 are not supported by the computer system, or a value of
`zero or greater which can be used by the application to write
`data to that storage area at a later time as discussed above.
`Thus, according to the method of Figure 2,
`the calling application
`is informed that
`the computer system does not support
`locking.
`This indication, however, prevents the calling application from
`attempting to write to the GPNV storage area in the typical DMI
`manner.
`
`is Function
`the Read GPNV data call
`In one embodiment,
`56h of the Plug and Play BIOS. For more information on the Plug
`and Play BIOS,
`the reader is directed to the Plug and Play BIOS
`Specification, Version 1.0A, published May 5, 1994, available
`from Intel Corporation of Santa Clara, California. As parameters
`for the Read GPNV data call,
`the application provides a handle
`identifying which GPNV storage area is to be read and the
`In
`address of a buffer into which the GPNV data is to be placed.
`one implementation,
`the calling application also provides a lock
`value of zero when making a Read GPNV data call.
`Figure 3 is a flowchart showing the steps used to perform a
`locked write of data to a storage area according to one
`embodiment of the present
`invention. A Write GPNV data call
`first received by the BIOS, step 310. The Write GPNV data call
`made by an application to access one of the GPNV storage areas
`140.
`In one implementation,
`the calling application includes an
`identifier or “handle” identifying which one of the GPNV storage
`
`is
`is
`
`Page 10
`
`Page 10
`
`
`
`
`
`WO 97/36241
`
`PCT/U897103569
`
`9
`
`areas 140 is being accessed, as well as a lock value for the GPNV
`
`area being accessed.
`
`the present
`Upon receipt of the Write GPNV data call,
`invention checks whether
`the lock value provided with the
`
`is valid for the identified GPNV storage area, step 320.
`request
`In one implementation,
`this determination is made by checking
`whether the lock value provided with the request matches one or
`more predetermined lock values.
`If the lock value provided with
`the request
`is valid for the identified GPNV storage area,
`then the
`data provided with the request
`is written into the identified
`GPNV storage area, step 330. However,
`if the lock value
`
`provided with the request
`
`is not valid for the identified GPNV
`
`is not
`then the data provided \vhh the request
`storage area,
`written into the identified GPNV storage area and a bad
`
`returned to the calling application, step
`parameter indicator is
`340.
`Thus,
`the lock value(s) provide a password—type protection
`to the GPNV storage areas 140 of Figure 1.
`
`invention maintains compliance with DMI
`the present
`Thus,
`by returning a -l
`in response to a read to one of the GPNV
`
`storage areas 140 to indicate that
`
`locked access to the GPNV
`
`storage areas are not supported, and by allowing write access to
`the GPNV area if the proper lock value is supplied by the calling
`application.
`
`In one embodiment,
`
`the Write GPNV data call
`
`is Function
`
`57h of the Plug and Play BIOS mentioned above. As parameters
`for the Write GPNV data call,
`the application provides a handle
`identifying which GPNV storage area is trying to be written to,
`the address of a buffer containing the data to be written to the
`GPNV storage area, and a lock value.
`
`to be appreciated that multiple predetermined lock
`is
`It
`values can correspond to a single data area of the GPNV storage
`
`Page 11
`
`Page 11
`
`
`
`WO 97/36241
`
`PCT/US97I03569
`
`10
`
`areas 140.
`
`In this situation, each of the multiple predetermined
`
`lock values are checked by the present
`
`invention in determining
`
`whether the lock value provided with 3 Write GPNV data request
`
`is valid for the area.
`
`It
`
`is also to be appreciated that a single
`
`predetermined lock value can correspond to multiple data areas
`
`of the GPNV storage areas 140.
`
`In one embodiment,
`
`the predetermined lock value(s) used
`
`by the present
`
`invention and an indicator of its corresponding
`
`GPNV storage area(s) are embedded (e.g., hard—coded)
`
`in the
`
`sequence of instructions stored in the BIOS memory 130.
`
`In an
`
`alternate embodiment,
`
`the predetermined lock value is stored in
`
`a reprogrammable nonvolatile storage device (such as a Flash
`
`memory) coupled to the bus 110.
`
`In one embodiment of the present
`
`invention, each lock
`
`value is a two—byte value.
`
`It
`
`is to be appreciated, however,
`
`that
`
`the lock values can be of any size.
`
`Figure 4 is a block diagrani of a cornputer systeni such as
`may be used with one embodiment of the present
`invention. A
`system 400 is shown comprising a bus or other communication
`device 410 for communicating information to and from the
`processor 415.
`The processor 415 is for processing information
`and inschfions.
`In one innuenunnauon,the ruesentinvendon
`includes an Intel® architecture microprocessor as
`the processor
`
`invention may utilize any type of
`the present
`415; however,
`In one embodiment,
`the‘ bus 410
`microprocessor architecture.
`includes address, data and control buses.
`The system 400 also
`
`includes a random access memory (RAM) 425 coupled with the
`
`bus 410 for storing information and instructions for
`the
`processor 415, a read only memory (ROM) 430 coupled with the
`bus 410 for storing static information and instructions for
`the
`processor 415, a rnass storage device 435 such as a rnagneuc or
`
`Page 12
`
`Page 12
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`1]
`
`optical disk and disk drive coupled with the bus 410 for storing
`infonnafion and inschfions for
`the processor 415, and
`input/output
`(I/O) devices 440 coupled with the bus 410 which
`input and output data and control
`information to and from the
`
`processor 415. The I/O devices 440 include, for example, a
`display device, an alphanumeric input device including
`alphanumeric and function keys, and a cursor control device. A
`hard copy device such as a plouer or prhner rnay also be
`included in the I/C) devices 440 for providing a visual
`representation of computer
`images.
`In an alternate embodiment,
`the bus 410 is coupled to a
`separate I/O bus (not shown), such as a' Peripheral Component
`Interconnect (PCI) bus, which is coupled to the bus 410 via a bus
`bridge.
`In this alternate embodiment,
`the I/O devices 440 are
`coupled to the I/O bus rather than the bus 410.
`
`to be appreciated that certain implementations of the
`is
`It
`system 400 may include additional processors or other
`the
`components.
`Furthermore, certain implementations of
`present
`invention may not require nor include all of the above
`
`For example,
`components.
`display device.
`
`I/O devices 440 may not
`
`include a
`
`invention, each of the
`In one embodiment of the present
`GPNV storage areas 140 of Figure 1
`is protected using a
`predetermined lock value(s), as described above.
`In an alternate
`embodiment, some of the GPNV storage areas 140 are protected
`using a predetermined lock value(s), while other GPNV storage
`areas 140 are treated in the typical manner provided for by DMI,
`where any of the applications can read the GPNV storage area
`and obtain a lock value for that area.
`In this alternate
`embodiment, which of the GPNV storage areas 140 are protected
`
`Page 13
`
`Page 13
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`12
`
`is encoded in the sequence
`using the predetermined lock value(s)
`of instructions stored in the BIOS memory 130.
`
`In the discussions above,
`
`the present
`
`invention is described
`
`with reference to DM1 and the Desktop Management BIOS
`
`It
`Specification.
`invention is not
`
`the present
`that
`to be appreciated, however,
`is
`limited to computer systems operating in
`
`accordance with the Desktop Management BIOS Specification or
`
`with DMI, but
`
`is also applicable to similar systems with a BIOS
`
`which supports lock values in substantially the same manner as
`
`DMI.
`
`In an alternate embodiment of the present
`
`invention,
`
`the
`
`GPNV areas 140 of Figure 1 are volatile storage devices rather
`
`invention operates
`The present
`than nonvolatile storage devices.
`as described above, however, any data to be maintained in the
`storage areas 140 rnust be re-wwinen to the areas 140 each tune
`
`re—applied to the system.
`power is
`In another alternate embodiment of
`
`the present
`
`invention,
`
`the lock values are used for reading from the GPNV storage areas
`
`in an analogous manner to writing to the GPNV storage areas
`described above.
`In this alternate embodiment, any requests to
`
`read a GPNV storage area include a lock value.
`If the lock value
`provided by the request
`is valid for the identified GPNV storage
`area,
`then the data in the GPNV storage area is copied to the
`buffer identified by the requesting application. However,
`if the
`lock value provided by the request
`is not valid for the identified
`GPNV storage area,
`then the data in the GPNV storage area is not
`provided to the requesung apphcauon.
`Whereas many alterations and modifications of
`the present
`invention will be comprehended by a person skilled in the art
`after having read the foregoing description,
`it
`is to be understood
`that
`the particular embodiments shown and described by way of
`
`Page 14
`
`Page 14
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`l3
`
`illustration are in no way intended to be considered limiting.
`References to details of particular embodiments are not
`intended
`to limit
`the scope of the claims.
`
`W
`
`Thus, a method and apparatus for protecting data using
`lock values in a computer system has been described.
`
`Page 15
`
`Page 15
`
`
`
`
`
`W0 97/3_6241
`
`PCT/US97/03569
`
`l 4
`
`W
`
`What
`
`is claimed is:
`
`l.
`
`A method for protecting a storage area in a computer
`
`the method comprising the steps of:
`system,
`(3)
`indicating that
`the storage area does not support
`
`locked accesses;
`
`(b)
`
`receiving a request
`
`to perform a locked access write
`
`to the storage area;
`lock value corresponding to
`(c)
`checking whether a first
`the request matches
`a predetermined lock value notwithstanding
`having performed step (a)
`indicating that
`the storage area does
`
`locked accesses; and
`not support
`to the
`(d) writing data corresponding to the request
`storage area provided the first
`lock value matches the
`predetermined lock value, otherwise leaving the storage area
`unmodified.
`
`2.
`
`The method of claim 1, wherein the receiving step (b)
`
`comprises the steps of:
`— receiving a storage area write call;
`
`lock value;
`— receiving the first
`-
`receiving data corresponding to the storage area write
`
`call; and
`
`- receiving an identifier which identifies the storage area.
`
`3.
`The method of claim 1, wherein the receiving step (b)
`comprises the step of receiving a desktop management
`interface-
`compatible write request
`to a general purpose nonvolatile
`
`storage area.
`
`Page 16
`
`Page 16
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569 ‘
`
`15
`
`4.
`
`The method of claim 1, further comprising the steps of:
`— receiving a request
`to read the storage area;
`— providing data from the storage area; and
`— providing an indicator that
`the computer system does not
`support
`locking of the storage area.
`
`A method for protecting a nonvolatile storage area in a
`5.
`computer system, wherein the computer system is compatible
`with a desktop management
`interface BIOS specification, wherein
`the method comprises
`the computer—implemented steps of:
`(a)
`indicating that
`the computer system does not support
`locked writes to the nonvolatile storage area;
`(b)
`receiving a request
`to perform a locked write to the
`nonvolatile storage area;
`lock value corresponding to
`(0)
`checking whether a first
`the request
`is valid based on a predetermined lock value,
`notwithstanding having indicated that
`the computer system does
`not support
`locked writes to the nonvolatile storage area; and
`(d) writing data corresponding to the request
`to the
`nonvolatile storage area provided the first
`lock value is valid,
`otherwise leaving the nonvolatile storage area unmodified.
`
`The method of claim 5, wherein the receiving step (b)
`6.
`comprises the steps of:
`‘
`- receiving a nonvolatile storage area write call;
`— receiving the first
`lock value;
`—
`receiving data corresponding to the nonvolatile storage
`area write call; and
`
`receiving an identifier which identifies the nonvolatile
`-
`storage area.
`
`Page 17
`
`Page 17
`
`
`
`
`
`W0 97/3_6241
`
`PCTfUS97/03569
`
`I6
`
`7.
`
`The method of claim 5, wherein the receiving step (b)
`
`comprises receiving a write request
`
`to a general purpose
`
`nonvolatile storage area of
`
`the computer system.
`
`8.
`
`The method of claim 5, further comprising the steps of:
`
`to read the nonvolatile storage area;
`receiving a request
`~
`— providing data from the nonvolatile storage area; and
`— providing an indicator that
`the computer system does not
`
`support
`
`locking of the nonvolatile storage area.
`
`9.
`
`The method of claim 8, wherein the indicator comprises a
`
`second lock value.
`
`A computer-readable medium having stored thereon a
`10.
`plurality of instructions,
`the plurality of instructions including
`instructions which, when executed by a processor, cause the
`
`processor to perform the steps of:
`(a)
`indicating that one or more storage areas do not
`
`locked accesses;
`support
`(b)
`receiving a request
`
`to perform a locked write to a
`
`first storage area of the one or more storage areas;
`(c)
`checking whether a first
`lock value corresponding to
`the request matches
`a predetermined lock value notwithstanding
`the indicating step (a); and
`to the first
`(d) writing data corresponding to the request
`storage area provided the first
`lock value matches the
`predetermined lock value, otherwise leaving the first storage
`area unmodified.
`
`Page 18
`
`Page 18
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`17
`
`11.
`The computer-readable medium of claim 10, wherein the
`receiving step (b) executed by the processor comprises the steps
`of:
`
`- receiving a storage area write call;
`
`- receiving the first
`
`lock value;
`
`receiving data corresponding to the storage area write
`-
`call; and
`
`— receiving an identifier which identifies the first storage
`
`area.
`
`The computer—readable medium of claim 10, wherein the
`12.
`plurality of instructions is compatible with a desktop
`management
`interface BIOS specification.
`
`The computer—readable medium of claim 10, wherein the
`13.
`predetermined lock value is embedded in the plurality of
`instructions.
`
`The computer—readable medium of claim 10, wherein the
`14.
`plurality of
`instructions further causes the processor
`to perform
`the steps of:
`
`to read the first storage area;
`- receiving a request
`- providing data from the first storage area; and
`— providing an indicator that
`the processor does not support
`locking of the one or more storage areas.
`
`15.
`
`A computer system comprising:
`a processor;
`
`one or more storage areas;
`
`a memory coupled to the processor and to the one or more
`
`storage areas, wherein the memory stores a sequence of
`
`Page 19
`
`Page 19
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`18
`
`instructions which, when executed by the processor, cause the
`
`processor to perform the steps of:
`(3)
`indicating that
`the one or more storage areas
`
`cannot be locked;
`
`(b)
`
`receiving a request
`
`to perform a locked write to
`
`a first storage area of the one or more storage areas;
`(c)
`checking whether a first
`lock value
`corresponding to the request
`is valid notwithstanding
`having indicated that
`the one or more storage areas cannot
`
`be locked; and
`to the
`(d) writing data corresponding to the request
`first storage area provided the first
`lock value is valid,
`otherwise leaving the first storage area unmodified.
`
`The computer system of claim 15, wherein the receiving
`16.
`step (b) performed by the processor comprises the steps of:
`- receiving a storage area write call;
`
`lock value;
`- receiving the first
`-
`receiving data corresponding to the storage area write
`
`call; and
`-
`receiving an identifier which identifies the first storage
`
`area.
`
`The computer system of claim 15, wherein the one or more
`17.
`storage areas comprises a plurality of general purpose
`
`nonvolatile storage areas.
`
`The computer system of claim 15, wherein the sequence of
`18.
`instructions is compatible with a desktOp management
`interface
`
`BIOS specification.
`
`Page 20
`
`Page 20
`
`
`
`
`
`WO 97/36241
`
`PCT/US97/03569
`
`19
`
`19.
`The computer system of claim 15, wherein the
`predetermined lock value is embedded in the sequence of
`instructions.
`
`The computer system of claim 15, wherein the memory is a
`20.
`read only memory.
`
`The computer system of claim 15, wherein the sequence of
`21.
`instructions further causes the processor
`to perform the steps of:
`—