公开(公告)号：HK1018826A1

公开(公告)日：2000-01-07

申请号：HK99103889

申请日：1999-09-08

Applicant: IBM

Inventor： BLACKLEDGE JOHN WILEY JR ,  CLARKE GRANT LEACH JR ,  DAYAN RICHARD ALAN ,  LE KIMTHANH DO ,  MCCOURT PATRICK EDWARD ,  MITTELSTEDT MATTHEW TODD ,  MOELLER DENNIS LEE ,  NEWMAN PALMER EUGENE ,  RANDALL DAVE LEE ,  YODER JOANNA BERGER

IPC: G06F9/06 ,  G06F11/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/06 ,  G06F21/22 ,  G06F21/24 ,  G06F

Abstract: This invention relates to personal computer systems and, more particularly, to such a system having security features enabling control over access to data retained in such a system. In particular, a personal computer system in accordance with this invention has a normally closed enclosure, an erasable memory element for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state, an option switch operatively connected with the erasable memory element for setting the erasable memory element to the active and inactive states, a tamper detection switch operatively connected with the erasable memory element for detecting opening of the enclosure and for clearing any stored privileged access password from the erasable memory element in response to any switching of the tamper switch, and a system processor operatively connected with the erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between the active and inactive states of the memory element and between entry and non-entry of any stored privileged access password. In the presently preferred form of the invention, two non-volatile erasable memory elements are provided, one an EEPROM and the other battery backed CMOS RAM.

公开(公告)号：SG44435A1

公开(公告)日：1997-12-19

申请号：SG1996000369

申请日：1990-07-04

Applicant: IBM

Inventor： BEALKOWSHI RICHARD ,  BLACKLEDGE JOHN WILEY JR ,  CRONK DOYLE STANFILL ,  DAYAN RICHARD ALAN ,  KINNEAR SCOTT GERARD ,  KOVACH GEORGE D ,  PALKA MATTHEW STEPHEN JR ,  SACHSENMAIER ROBERT ,  ZYVOLOSKI KEVIN MARSHALL

IPC: G06F9/445 ,  G06F13/10

Abstract: An apparatus and method for decreasing the memory requirements of BIOS in a personal computer system (10) includes storing a first portion of BIOS in memory and a second portion on a direct storage access device. The personal computer system (10) comprises a system processor (26), a random access main memory, a read only memory (36), and at least one direct access storage device (62,66). The read only memory (36) includes the first portion of BIOS and data representing the type of system processor (26) and system planar (24) I/O configuration. The first portion of BIOS only includes routines for initializing the system (10) and the direct access storage device (62,66) to read in a master boot record into the system (10) from the direct access storage device (62,66). The master boot record includes a data segment (122-138) and an executable code segment (120). The data segment (122-138) includes data representing system hardware and a system configuration which is supported by the master boot record. The first BIOS portion confirms the master boot record is compatible with the system hardware by verifying that the data from the data segment (122-138) of the master boot record agrees with the system processor (26), system planar (24), and planar (24) I/O configuration. If the master boot record is compatible with the system hardware, the first BIOS portion vectors the system processor (26) to execute the executable code segment (120) of the master boot record. The executable code segment (120) confirms that the system conf iguration has not changed and loads in the remaining BIOS portion from the direct access storage device (62,66) into random access memory (32) superseding the first BIOS portion. The executable code segment (120) then verifies the authenticity of the remaining BIOS portion and vectors the system processor (26) to begin executing the remaining BIOS now in random access memory (32). The remaining BIOS in main memory includes reusable routines for operating the system (10) in a normal manner.

公开(公告)号：SG44409A1

公开(公告)日：1997-12-19

申请号：SG1996000216

申请日：1990-07-04

Applicant: IBM

Inventor： BEALKOWSKI RICHARD ,  BLACKLEDGE JOHN WILEY JR ,  CRONK DOYLE STANFILL ,  DAYAN RICHARD ALAN ,  KINNEAR SCOTT GERARD ,  KOVACH GEORGE D ,  PALKA MATTHEW STEPHEN JR ,  SACHSENMAIER ROBERT ,  ZYVOLOSKI KEVIN MARSHALL ,  DIXON JERRY DUANE ,  WACHTEL EDWARD IRVING

IPC: G06F9/445 ,  G06F13/10 ,  G06F12/14 ,  G06F21/22

Abstract: An apparatus and method for protecting BIOS stored on a direct access storage device (62) into a personal computer system (10). The personal computer system (JO) comprises a system processor (26), a system planar (24), a random access main memory (32), a read only memory (36), a protection means and at least one direct access storage device (62). The read only memory (36) includes a first portion of BIOS and data representing the type of system processor (26) and system planar (24) I/O configuration. The first portion of BIOS initializes the system (10) and the direct access storage device (62), and resets the protection means in order to read in a master boot record into the random access memory (32) from a protectable partition on the direct access storage device (62). The master boot record includes a data segment and an executable code segment. The data segment includes data representing system hardware and a system configuration which is supported by the master boot record. The first BIOS portion confirms the master boot record is compatible with the system hardware by verifying that the data from the data segment of the master boot record agrees with the system processor (26), system planar (24), and planar (24) I/O configuration. If the master boot record is compatible with the system hardware, the first BIOS portion vectors the system processor (26) to execute the executable code segment of the master boot record. The executable code segment confirms that the system configuration has not changed and loads in the remaining BIOS portion from the same protectable partition on the direct access storage device (62) into random access memory (32). The executable code segment then verifies the authenticity of the remaining BIOS portion and vectors the system processor (26) to begin executing the BIOS now in random access memory. BIOS, executing in random access memory (32), then activates the protection means to prevent further access to the protectable partition. BIOS boots up the operating system to begin operation of the personal computer system.

公开(公告)号：CA2099026C

公开(公告)日：1996-12-03

申请号：CA2099026

申请日：1993-06-23

Applicant: IBM

Inventor： BLACKLEDGE JOHN WILEY JR ,  DAYAN RICHARD ALAN ,  MOELLER DENNIS LEE ,  NEWMAN PALMER EUGENE ,  ZUBAY KENNETH JOHN PETER

IPC: G06F12/14 ,  G06F1/00 ,  G06F21/02 ,  G06F21/24

Abstract: This invention relates to personal computer systems and, more particularly, to such a system having security features enabling control over access to data retained in such a system. This invention contemplates protecting a personal computer system which has the capability of becoming a secure system from being placed into that condition by an attack on an unsecured machine. Additionally, in a network environment, it is important to maintain network security that any given particular system be uniquely identified to the network, in order to guard against the substitution of an insecure "alternate" which would open the network to attack through an insecure system. This invention contemplates provision for such identification in a secure manner.

公开(公告)号：AU663551B2

公开(公告)日：1995-10-12

申请号：AU3201993

申请日：1993-01-25

Applicant: IBM

Inventor： BLACKLEDGE JOHN WILEY JR ,  CLARKE GRANT LEACH JR ,  DAYAN RICHARD ALAN ,  LE KIMTHANH DO ,  MCCOURT PATRICK EDWARD ,  MITTELSTEDT MATTHEW TODD ,  MOELLER DENNIS LEE ,  NEWMAN PALMER EUGENE ,  RANDALL DAVE LEE ,  YODER JOANNA BERGER

IPC: G06F11/00 ,  G06F9/06 ,  G06F12/14 ,  G06F21/00 ,  G06F21/06 ,  G06F21/22 ,  G06F21/24

Abstract: This invention relates to personal computer systems and, more particularly, to such a system having security features enabling control over access to data retained in such a system. In particular, a personal computer system in accordance with this invention has a normally closed enclosure, an erasable memory element for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state, an option switch operatively connected with the erasable memory element for setting the erasable memory element to the active and inactive states, a tamper detection switch operatively connected with the erasable memory element for detecting opening of the enclosure and for clearing any stored privileged access password from the erasable memory element in response to any switching of the tamper switch, and a system processor operatively connected with the erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between the active and inactive states of the memory element and between entry and non-entry of any stored privileged access password. In the presently preferred form of the invention, two non-volatile erasable memory elements are provided, one an EEPROM and the other battery backed CMOS RAM.

公开(公告)号：AU5999390A

公开(公告)日：1991-02-28

申请号：AU5999390

申请日：1990-07-30

Applicant: IBM

Inventor： BEALKOWSKI RICHARD ,  BLACKLEDGE JOHN WILEY JR ,  CRONK DOYLE STANFILL ,  DAYAN RICHARD ALAN ,  KINNEAR SCOTT GERARD ,  KOVACH GEORGE D ,  PALKA MATTHEW STEPHEN JR ,  SACHSENMAIER ROBERT ,  ZYVOLOSKI KEVIN MARSHALL ,  DIXON JERRY DUANE ,  WACHTEL EDWARD IRVING

IPC: G06F13/10 ,  G06F9/445 ,  G06F12/14 ,  G06F21/22

Abstract: An apparatus and method for protecting BIOS stored on a direct access storage device (62) into a personal computer system (10). The personal computer system (JO) comprises a system processor (26), a system planar (24), a random access main memory (32), a read only memory (36), a protection means and at least one direct access storage device (62). The read only memory (36) includes a first portion of BIOS and data representing the type of system processor (26) and system planar (24) I/O configuration. The first portion of BIOS initializes the system (10) and the direct access storage device (62), and resets the protection means in order to read in a master boot record into the random access memory (32) from a protectable partition on the direct access storage device (62). The master boot record includes a data segment and an executable code segment. The data segment includes data representing system hardware and a system configuration which is supported by the master boot record. The first BIOS portion confirms the master boot record is compatible with the system hardware by verifying that the data from the data segment of the master boot record agrees with the system processor (26), system planar (24), and planar (24) I/O configuration. If the master boot record is compatible with the system hardware, the first BIOS portion vectors the system processor (26) to execute the executable code segment of the master boot record. The executable code segment confirms that the system configuration has not changed and loads in the remaining BIOS portion from the same protectable partition on the direct access storage device (62) into random access memory (32). The executable code segment then verifies the authenticity of the remaining BIOS portion and vectors the system processor (26) to begin executing the BIOS now in random access memory. BIOS, executing in random access memory (32), then activates the protection means to prevent further access to the protectable partition. BIOS boots up the operating system to begin operation of the personal computer system.

公开(公告)号：CA2082916C

公开(公告)日：1996-04-16

申请号：CA2082916

申请日：1992-11-13

Applicant: IBM

Inventor： BLACKLEDGE JOHN WILEY JR ,  CLARKE GRANT LEACH JR ,  DAYAN RICHARD ALAN ,  LE KIMTHANH DO ,  MCCOURT PATRICK EDWARD ,  MITTELSTEDT MATTHEW TODD ,  MOELLER DENNIS LEE ,  NEWMAN PALMER EUGENE ,  RANDALL DAVE LEE ,  YODER JOANNA BERGER

IPC: G06F11/00 ,  G06F9/06 ,  G06F12/14 ,  G06F21/00 ,  G06F21/06 ,  G06F21/22 ,  G06F21/24

Abstract: This invention relates to personal computer systems and, more particularly, to such a system having security features enabling control over access to data retained in such a system. In particular, a personal computer system in accordance with this invention has a normally closed enclosure, an erasable memory element for selective activation to active and inactive states and for receiving and storing a privileged access password when in the active state, an option switch operatively connected with the erasable memory element for setting the erasable memory element to the active and inactive states, a tamper detection switch operatively connected with the erasable memory element for detecting opening of the enclosure and for clearing any stored privileged access password from the erasable memory element in response to any switching of the tamper switch, and a system processor operatively connected with the erasable memory element for controlling access to at least certain levels of data stored within the system by distinguishing between the active and inactive states of the memory element and between entry and non-entry of any stored privileged access password.

公开(公告)号：AT136667T

公开(公告)日：1996-04-15

申请号：AT90307307

申请日：1990-07-04

Applicant: IBM

Inventor： BEALKOWSKI RICHARD ,  BLACKLEDGE JOHN WILEY JR ,  CRONK DOYLE STANFILL ,  DAYAN RICHARD ALAN ,  KINNEAR SCOTT GERARD ,  KOVACH GEORGE D ,  PALKA JR MATTHEW STEPHEN ,  SACHSENMAIER ROBERT ,  ZYVOLOSKI KEVIN MARSHALL

IPC: G06F9/06 ,  G06F9/445

Abstract: An apparatus and method for loading BIOS stored on a direct access storage device (62,66) into a personal computer system (10). The personal computer system (10) comprises a system processor (26), a system planar (24), a random access main memory, a read only memory (36), and at least one direct access storage device (62,66). The read only memory (36) includes a first portion of BIOS and data representing the type of system processor (26) and system planar (24) I/O configuration. The first portion of BIOS initializes the system (10) and the direct access storage device (62,66) to read in a master boot record into the system (10) from the direct access storage device (62,66). The master boot record includes a data segment (122-138) and an executable code segment (120). The data segment (122-138) includes data representing system hardware and a system (10) configuration which is supported by the master boot record. The first BIOS portion confirms the master boot record is compatible with the system hardware by verifying that the data from the data segment (122-138) of the master boot record agrees with the system processor (26), system planar (24), and planar I/O configuration. If the master boot record is compatible with the system hardware, the first BIOS portion vectors the system processor (26) to execute the executable code segment (120) of the master boot record. The executable code segment (120) confirms that the system configuration has not changed and loads in the remaining BIOS portion from the direct access storage device (62,66) into random access memory (32). The executable code segment (120) then verifies the authenticity of the remaining BIOS portion and vectors the system processor (26) to begin executing the BIOS now in random access memory (32). BIOS executing in random access memory (32) then boots up the operating system to begin operation of the personal computer system (10).

公开(公告)号：MX171879B

公开(公告)日：1993-11-22

申请号：MX2205990

申请日：1990-08-22

Applicant: IBM

Inventor： DAYAN RICHARD ALAN ,  KINNEAR SCOTT GERARD ,  KOVACH GEORGE D ,  PALKA MATTHEW STEPHEN JR ,  SCHSENMAIER ROBERTO ,  DIXON KEVIN MARSHALL ZYVOLOSKI ,  MACNEILL ANDREW BOYCE ,  WACHTEL EDWARD IRVING ,  BEALKOWSKI RICHARD ,  BLACKLEDGE JOHN WILEY JR ,  CRONK DOYLE STANFILL

IPC: G06F9/445 ,  G06F13/10 ,  G06F12/14 ,  G06F21/22 ,  H04L9/32

Abstract: An apparatus and method for protecting BIOS stored on a direct access storage device (62) into a personal computer system (10). The personal computer system (JO) comprises a system processor (26), a system planar (24), a random access main memory (32), a read only memory (36), a protection means and at least one direct access storage device (62). The read only memory (36) includes a first portion of BIOS and data representing the type of system processor (26) and system planar (24) I/O configuration. The first portion of BIOS initializes the system (10) and the direct access storage device (62), and resets the protection means in order to read in a master boot record into the random access memory (32) from a protectable partition on the direct access storage device (62). The master boot record includes a data segment and an executable code segment. The data segment includes data representing system hardware and a system configuration which is supported by the master boot record. The first BIOS portion confirms the master boot record is compatible with the system hardware by verifying that the data from the data segment of the master boot record agrees with the system processor (26), system planar (24), and planar (24) I/O configuration. If the master boot record is compatible with the system hardware, the first BIOS portion vectors the system processor (26) to execute the executable code segment of the master boot record. The executable code segment confirms that the system configuration has not changed and loads in the remaining BIOS portion from the same protectable partition on the direct access storage device (62) into random access memory (32). The executable code segment then verifies the authenticity of the remaining BIOS portion and vectors the system processor (26) to begin executing the BIOS now in random access memory. BIOS, executing in random access memory (32), then activates the protection means to prevent further access to the protectable partition. BIOS boots up the operating system to begin operation of the personal computer system.

公开(公告)号：AU7926791A

公开(公告)日：1992-01-30

申请号：AU7926791

申请日：1991-06-21

Applicant: IBM

Inventor： ARNOLD LISA RUOTOLO ,  BEALKOWSKI RICHARD ,  BLACKLEDGE JOHN WILEY JR ,  CRONK DOYLE STANFILL ,  DAYAN RICHARD ALAN ,  GEISLER DOUGLAS RICHARD ,  MITTELSTEDT MATTHEW TODD ,  PALKA MATTHEW STEPHEN JR ,  PAUL JOHN DAVID ,  SACHSENMAIER ROBERT ,  SMELTZER KENNETH DONALD ,  WOYTOVECH PETER ANDREW ,  ZYVOLOSKI KEVIN MARSHALL

IPC: G06F3/06 ,  G06F9/445 ,  G06F11/08 ,  G06F11/22 ,  G06F13/10 ,  G06F12/14 ,  G06F12/16

Abstract: A personal computer system according to the present invention comprises a system processor, a random access memory, a read only memory, and at least one direct access storage device. A direct access storage device controller coupled between the system processor and direct access storage device includes a protection mechanism for protecting a region of the storage device. The protected region of the storage device includes a master boot record, a BIOS image and a system reference diskette image. The BIOS image includes a section known as Power on Self Test (POST). POST is used to test and initialise a system. Upon detecting any configuration error, system utilities from the system reference diskette image, such as set configuration programs, diagnostic programs and utility programs can be automatically activated from the direct access storage device.