FUSE-ENABLED SECURE BIOS MECHANISM IN A TRUSTED COMPUTING SYSTEM

FUSE-ENABLED SECURE BIOS MECHANISM IN A TRUSTED COMPUTING SYSTEM

An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), a tamper detector, a random number generator, a JTAG control chain, a fuse, and an access controller. The BIOS ROM includes BIOS contents stored as...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: HENRY, G. Glenn
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator HENRY, G. Glenn
description An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), a tamper detector, a random number generator, a JTAG control chain, a fuse, and an access controller. The BIOS ROM includes BIOS contents stored as plaintext, and an encrypted message digest, where the encrypted message digest has an encrypted version of a first message digest that corresponds to the BIOS contents. The tamper detector is operatively coupled to the BIOS ROM, and is configured to generate a BIOS check interrupt at a combination of prescribed intervals and event occurrences, and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest, and is configured to compare the second message digest with the decrypted message digest, and is configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The random number generator disposed within the microprocessor, and generates a random number at completion of a current BIOS check, which is employed to set a following prescribed interval, whereby the prescribed intervals are randomly varied. The JTAG control chain is configured to program the combination of prescribed intervals and event occurrences within tamper detection microcode storage. The fuse is configured to indicate whether programming of the combination of prescribed intervals and event occurrences is to be disabled. The access control element is coupled to the fuse and the JTAG control chain, and is configured to determine a state of the fuse, and is configured to direct the JTAG control chain to disable programming of the combination of prescribed intervals and event occurrences if the fuse is blown.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_EP3316168B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EP3316168B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_EP3316168B13</originalsourceid><addsrcrecordid>eNrjZHBwCw121XX1c3TycXVRCHZ1Dg1yVXDy9A9W8HV19nD08wz2VfD0U3BUCAkKDQ4BKnH29w0IDfH0c1cIjgQK-PIwsKYl5hSn8kJpbgYFN9cQZw_d1IL8-NTigsTk1LzUknjXAGNjQzNDMwsnQ2MilAAATDoqOw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>FUSE-ENABLED SECURE BIOS MECHANISM IN A TRUSTED COMPUTING SYSTEM</title><source>esp@cenet</source><creator>HENRY, G. Glenn</creator><creatorcontrib>HENRY, G. Glenn</creatorcontrib><description>An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), a tamper detector, a random number generator, a JTAG control chain, a fuse, and an access controller. The BIOS ROM includes BIOS contents stored as plaintext, and an encrypted message digest, where the encrypted message digest has an encrypted version of a first message digest that corresponds to the BIOS contents. The tamper detector is operatively coupled to the BIOS ROM, and is configured to generate a BIOS check interrupt at a combination of prescribed intervals and event occurrences, and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest, and is configured to compare the second message digest with the decrypted message digest, and is configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The random number generator disposed within the microprocessor, and generates a random number at completion of a current BIOS check, which is employed to set a following prescribed interval, whereby the prescribed intervals are randomly varied. The JTAG control chain is configured to program the combination of prescribed intervals and event occurrences within tamper detection microcode storage. The fuse is configured to indicate whether programming of the combination of prescribed intervals and event occurrences is to be disabled. The access control element is coupled to the fuse and the JTAG control chain, and is configured to determine a state of the fuse, and is configured to direct the JTAG control chain to disable programming of the combination of prescribed intervals and event occurrences if the fuse is blown.</description><language>eng ; fre ; ger</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2021</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20210407&amp;DB=EPODOC&amp;CC=EP&amp;NR=3316168B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76516</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20210407&amp;DB=EPODOC&amp;CC=EP&amp;NR=3316168B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>HENRY, G. Glenn</creatorcontrib><title>FUSE-ENABLED SECURE BIOS MECHANISM IN A TRUSTED COMPUTING SYSTEM</title><description>An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), a tamper detector, a random number generator, a JTAG control chain, a fuse, and an access controller. The BIOS ROM includes BIOS contents stored as plaintext, and an encrypted message digest, where the encrypted message digest has an encrypted version of a first message digest that corresponds to the BIOS contents. The tamper detector is operatively coupled to the BIOS ROM, and is configured to generate a BIOS check interrupt at a combination of prescribed intervals and event occurrences, and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest, and is configured to compare the second message digest with the decrypted message digest, and is configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The random number generator disposed within the microprocessor, and generates a random number at completion of a current BIOS check, which is employed to set a following prescribed interval, whereby the prescribed intervals are randomly varied. The JTAG control chain is configured to program the combination of prescribed intervals and event occurrences within tamper detection microcode storage. The fuse is configured to indicate whether programming of the combination of prescribed intervals and event occurrences is to be disabled. The access control element is coupled to the fuse and the JTAG control chain, and is configured to determine a state of the fuse, and is configured to direct the JTAG control chain to disable programming of the combination of prescribed intervals and event occurrences if the fuse is blown.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2021</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZHBwCw121XX1c3TycXVRCHZ1Dg1yVXDy9A9W8HV19nD08wz2VfD0U3BUCAkKDQ4BKnH29w0IDfH0c1cIjgQK-PIwsKYl5hSn8kJpbgYFN9cQZw_d1IL8-NTigsTk1LzUknjXAGNjQzNDMwsnQ2MilAAATDoqOw</recordid><startdate>20210407</startdate><enddate>20210407</enddate><creator>HENRY, G. Glenn</creator><scope>EVB</scope></search><sort><creationdate>20210407</creationdate><title>FUSE-ENABLED SECURE BIOS MECHANISM IN A TRUSTED COMPUTING SYSTEM</title><author>HENRY, G. Glenn</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_EP3316168B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng ; fre ; ger</language><creationdate>2021</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>HENRY, G. Glenn</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>HENRY, G. Glenn</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>FUSE-ENABLED SECURE BIOS MECHANISM IN A TRUSTED COMPUTING SYSTEM</title><date>2021-04-07</date><risdate>2021</risdate><abstract>An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), a tamper detector, a random number generator, a JTAG control chain, a fuse, and an access controller. The BIOS ROM includes BIOS contents stored as plaintext, and an encrypted message digest, where the encrypted message digest has an encrypted version of a first message digest that corresponds to the BIOS contents. The tamper detector is operatively coupled to the BIOS ROM, and is configured to generate a BIOS check interrupt at a combination of prescribed intervals and event occurrences, and is configured to access the BIOS contents and the encrypted message digest upon assertion of the BIOS check interrupt, and is configured to direct a microprocessor to generate a second message digest corresponding to the BIOS contents and a decrypted message digest corresponding to the encrypted message digest, and is configured to compare the second message digest with the decrypted message digest, and is configured to preclude the operation of the microprocessor if the second message digest and the decrypted message digest are not equal. The random number generator disposed within the microprocessor, and generates a random number at completion of a current BIOS check, which is employed to set a following prescribed interval, whereby the prescribed intervals are randomly varied. The JTAG control chain is configured to program the combination of prescribed intervals and event occurrences within tamper detection microcode storage. The fuse is configured to indicate whether programming of the combination of prescribed intervals and event occurrences is to be disabled. The access control element is coupled to the fuse and the JTAG control chain, and is configured to determine a state of the fuse, and is configured to direct the JTAG control chain to disable programming of the combination of prescribed intervals and event occurrences if the fuse is blown.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng ; fre ; ger
recordid cdi_epo_espacenet_EP3316168B1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
title FUSE-ENABLED SECURE BIOS MECHANISM IN A TRUSTED COMPUTING SYSTEM
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-19T11%3A31%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=HENRY,%20G.%20Glenn&rft.date=2021-04-07&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EEP3316168B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true