WO2001027770A1 - Security card - Google Patents
Security card Download PDFInfo
- Publication number
- WO2001027770A1 WO2001027770A1 PCT/AU2000/001213 AU0001213W WO0127770A1 WO 2001027770 A1 WO2001027770 A1 WO 2001027770A1 AU 0001213 W AU0001213 W AU 0001213W WO 0127770 A1 WO0127770 A1 WO 0127770A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- operating system
- secure operating
- security device
- stored
- memory means
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/1097—Boot, Start, Initialise, Power
Definitions
- This invention relates to a security device for personal computers.
- it relates to a hardware, software and firmware device consisting of an expansion card or mother board component that stores a secure operating system.
- the Lentz patent describes a virus protector board that plugs into the ISA bus of an IBM ® personal computer. After power up or reset of the computer, the BIOS (basic input output system) conducts house keeping routines, including checking for expansion ROM's on the ISA bus. An expansion ROM on the virus protector board takes control of the CPU and performs virus checking routines on the system files. If no virus is detected the control is passed back to the BIOS and the normal boot sequence proceeds. An alarm is generated if a virus is detected.
- BIOS basic input output system
- Lentz was an innovative solution but of limited value because of the narrow protection provided. Lentz does not detect the infection until the next power on event and does not provide any recovery measure. Furthermore, Lentz only checks the system files against data stored on recordable media in the computer. A virus that also adjusts the checksum value of the infected file can circumvent the Lentz device. At least two commercial products have been released utilizing a similar strategy to Lentz. These have been reviewed in a journal called Virus Bulletin. A product called Viruguard was reviewed in the February 1992 edition at page 24 and a product called StationLock was reviewed in the July 1995 edition at page 21. In both cases the reviewer has detailed the shortcomings of the products.
- United States patent number 5802277 has been issued to International Business Machines Corporation for a virus protection method.
- an executable virus checking routine is stored in the system ROM code and executes after POST (power on self test).
- Virus signatures for the virus checking routine are also stored in the system ROM. Obviously the virus signatures will be out of date by the time the computer reaches a user, so IBM propose storing the BIOS, the virus checking routine and the virus signatures in FLASH ROM that can be updated across the Internet. This approach is unacceptably restrictive and of limited value.
- the FLASH ROM has recently been found to be subject to virus attack. Although numerous approaches have been taken to providing computer security, none have proven to be sufficiently versatile and reliable to be valuable. An alternative approach is required.
- a security device for a personal computer comprising: a printed circuit board having configurable memory means resident thereon; a secure operating system executable from said configurable memory means; and interface means for two way communication between the configurable memory means and a CPU of the personal computer; wherein said secure operating system is loaded immediately after POST begins and before booting of a non-secure operating system; and wherein said secure operating system executes security tasks for protection of the personal computer.
- the invention resides in a method of protecting a personal computer having a central processing unit, a system memory in communication with said central processing unit via a system bus and containing a basic input output system, a storage device having resident therein a non-secure operating system and data, a security device in communication with said central processing unit via said system bus, and a secure operating system executable from said security device, the method including the steps of: initiating said basic input output system; interrupting said basic input output system after POST begins; loading the secure operating system from the security device; performing tasks under control of said secure operating system; returning control to said basic input output system; and loading said non-secure operating system.
- the invention resides in a security device for a personal computer of the type comprising a central processing unit, a system memory in communication with said central processing unit via a system bus and containing a basic input output system, and a storage memory having resident therein a non-secure operating system and data;
- the security device comprising: an expansion memory card insertable in the system bus of the computer for communication with the CPU, said expansion memory card including configurable memory means; a secure operating system executable from said configurable memory means to control the CPU; and programs executable in said secure operating system to provide security functions for the computer.
- the configurable memory means is configured such that all memory is read and write enabled before boot of the non-secure operating system, part of said memory is read and write disabled after boot of the non-secure operating system, and part of said memory is write disabled but read enabled after boot of the non-secure operating system.
- FIG 1 is a schematic of a personal computer architecture
- FIG 2 is a schematic of a first embodiment of a security device
- FIG 3 is a schematic of a second embodiment of a security device
- FIG 4 s a schematic of a third embodiment of a security device
- FIG 5 s a diagram of one memory scheme on the security device
- FIG 6 s a diagram of another memory scheme on the security device
- FIG 7 shows an expansion memory architecture
- FIG 8 shows a memory access decision tree
- FIG 9 is a flow chart of the operation of a personal computer with the security device installed.
- FIG 1 there is shown a block diagram of a conventional personal computer (PC) including the security device of the present invention.
- the PC consists of a CPU (central processing unit) 1 and system ROM 2 containing the BIOS.
- the CPU 1 communicates with a system bus 3, which may be any suitable bus including ISA, PCI, PCMCIA, USB, VL etc.
- a system bus 3 which may be any suitable bus including ISA, PCI, PCMCIA, USB, VL etc.
- RAM 4 random access memory
- video controller 5 to control display device 6
- storage controller 7 for controlling storage device 8
- Also connected to the system bus 3 is the security device 9.
- the storage controller 7 is represented schematically to indicate any of a family of devices for interfacing with the available storage devices 8 including hard drives, CD ROMs, diskettes, DVDs, etc.
- the storage device stores a non-secure operating system, such as Windows ® , Linux and Unix ® , as well as various programs and data.
- a first embodiment of the security device 9 is shown schematically in FIG 2.
- the security device 9 is an 8 bit, ISA class card 10.
- the card 10 includes an I/O decoder 11 , 4Mb Flash ROM 12, buffers and latches 13 and POST display 14.
- the edge connector 15 of the card 10 plugs into a standard ISA slot.
- a second embodiment of the security device is shown in FIG 3.
- the second embodiment is a 32 bit PCI card 16 including a field programmable gate array (FPGA) 17, Flash ROM 12, serial PROM 18 and POST display 14.
- the edge connector 15 plugs into a standard PCI slot.
- a third embodiment in the form of a PCMCIA card 19 is shown in FIG.
- the PCMCIA card has a similar structure to the PCI card including a FPGA 17, Flash ROM 12, serial PROM 18 and POST display 14.
- the edge connector 15 plugs into a standard PCMCIA slot.
- the FPGA could be replaced by an application specific integrated circuit (ASIC).
- ASIC application specific integrated circuit
- a complex programmable logic device (CPLD) could be used instead of the serial PROM 18.
- the CPLD would take data from the Flash ROM and load it into the FPGA.
- the Flash ROM 12 can be from 128kb to 32Mb or more. For the purpose of explanation a 4Mb embodiment is described with reference to FIG 5 and a 128kb embodiment is described with reference to FIG 6.
- the Flash ROM 12 is configured to change read/write characteristics during the boot process, as depicted in FIG's 5-6.
- All of the ROM Prior to execution of the bootstrap routine (INT 19h), all of the ROM is read/write enabled. This allows firmware to make updates as required, to keep logs in protected memory, and to perform other tasks requiring memory access as described below.
- the ROM On execution of the bootstrap routine (INT 19h), the ROM is put into protected mode by a write to a control register. In this mode, the first segment of the Flash is totally hidden from the non-secure operating system and cannot be read or changed until the next reset cycle of the computer. The second segment of the Flash is put into a Read Only mode, thus allowing vital data to be read, but not allowing software to corrupt the data.
- the remaining segments may be left in a read/write mode and full access is available to any software that is programmed to access the memory locations.
- a copy of all system ROMs and expansion ROMs may be stored in the Flash ROM 12 or in a secure section of the storage device 8.
- the copied versions may be used during the boot process if the original ROMs become corrupt. The installation process is described below in greater detail.
- Flash ROM A portion of the Flash ROM is seen by the computer system as an expansion ROM within the first megabyte of System RAM (768kb - 1024kb).
- the whole of the Flash ROM is visible via port access by using control registers.
- the architecture is depicted in FIG 7. To access the whole of the 4Mb ROM of FIG 5, three registers are used.
- the fourth register (32 bit) specifies the address in the ROM matrix to read or write.
- the second register (16 bit) contains the data to be read or written.
- the third register is a data auto increment register.
- the IO decoding circuitry on the security device is made up of buffers and latches 13.
- the protected mode is activated by a lock, which is a dual triggered flip-flop attached to the reset line of the computer. This ensures that the only way to reset the lock is by resetting the computer.
- the first three registers can be updated any time, the fourth register will only allow a read or write according to the decision process in FIG 8.
- the process for the second and third embodiments is the same but using programmable components instead of discrete components.
- the boot process is depicted in FIG 9.
- control is passed to the system ROM 2 and the BIOS is executed.
- the BIOS runs power-on self test (POST) procedures to test and initialize the devices in the computer.
- POST power-on self test
- Each of the POST procedures is assigned a code, the value of which is an 8-bit code that is displayed by the security device by reading the code from the system bus 3 and displaying the result on the POST display 14.
- the POST display is suitably an array of LED's.
- the BIOS looks for the video controller 5 that normally resides at memory location COOOh.
- the system BIOS executes the video controller BIOS that is stored in a ROM on the video controller card.
- Video controller cards usually display a message on the display device 6 to indicate that the video controller 5 is operating correctly.
- the system BIOS looks for other devices that include a ROM having executable BIOS programs.
- the security device ROM 12 is found and security tasks are performed. These tasks may include verifying the system BIOS module, the CMOS module and other expansion ROM modules. These tasks are described in detail later. If any of the integrity checks of hardware and firmware fail a message is displayed and an appropriate action is taken (such as halting the system). If the integrity checks are good control is returned to the BIOS and other expansion ROMs are executed.
- the BIOS is again interrupted at INT19h and the secure operating system is loaded. An initialisation file (like the DOS autoexec file) is loaded and initialisation tasks, such as login, are performed. Other applications, such as virus checking, network authorisation and security tracking may be executed. A selection of modules are described later.
- the security card may also run a check for any updated modules that may have been installed since the previous boot sequence. These are authenticated and loaded.
- the secure operating system allows the boot process to proceed by returning control to the system BIOS for memory tests, port tests, plug and play setup, loading ROMs on network cards and other cards, etc. While the system BIOS proceeds, the secure operating system may run other routines. For example, advertising material can be displayed while the system BIOS tests are being run.
- the program modules include Y2K tests and fixes, SMART (hard disk drive diagnostic) tests, partition override, and encryption. These modules are also described in greater detail below.
- the Flash ROM 12 is put into protect mode to electronically isolate the first segment of memory.
- This memory space may contain the secure data including the username and password, copies of the system BIOS and other ROMs, and checksum data. Alternatively it may contain pointers to an encrypted section of a storage device that holds this information.
- the operating system in the Flash ROM 12 is secure because it can only be written to prior to execution of the bootstrap routine (INT 19h). After bootstrap, the secure operating system can not be accessed and therefore the data contained there cannot be altered by malicious users or software.
- Control is then returned to the system BIOS to detect a boot device and load the non-secure operating system.
- the security device can be configured to identify the Master Boot Record to the system BIOS to control which non-secure operating system is booted.
- a partitioned hard drive can contain several operating systems such as Windows ® , Unix ® , or Linux. Each partition can be independently encrypted so that the partition is logically isolated from the other partitions. A single computer can therefore be used to access multiple network environments without fear of cross-contamination or corruption.
- the secure operating system may continue to run in the background while the non-secure operating system runs. This option may be useful for running background tasks.
- 128kb Flash ROM example shown in FIG 6, a portion
- Flash ROM stores executable code to create a RAM drive.
- the secure operating system and any applications are loaded into the RAM drive from an image on the storage device 8 (HDD, CDROM, Network drive, or Flash ROM).
- the secure operating system then boots from the RAM drive and executes security tasks, as indicated in FIG 9. It will also be appreciated that the security device renders tne computer useless if it is stolen. A thief will not be able to use the computer unless the username and password are known. If the security card is removed from the computer, the computer will still be useless because the encryption key stored in the security card will not be resident for decrypting data on the hard drive.
- Each module is an optional feature that can be incorporated in the security device.
- the invention is not limited to any particular combination of modules nor is it necessary that any particular module be present in the security device. It is anticipated that some modules may be provided by third party vendors. In these cases it is expected that the functionality of the modules will be similar to existing versions that operate under non-secure operating systems but modified to run under the secure operating system resident in the security device.
- the login module verifies the allowed user access.
- a limit may be placed on the number of logon attempts allowed in a given period.
- SmartChk Module facilitates automatic installation of software such as device drivers, diagnostics, utilities, applications and other data to the storage devices attached to the computer. It is able to check integrity of the software and replace or upgrade if it is required. This occurs prior to the bootstrap of the non-secure operating system. Verify System BIOS Module
- This module compares the whole system BIOS ROM (E000-FFFF) with the backup version stored in the first memory block of the Flash ROM on the security device. If corruption is found a message is presented recommending that the corrupt chip be removed. This module is redundant when all ROM chips are removed from the computer and the computer is run from the copies on the security device. veriTv CMOS Module
- This module verifies that the CMOS configuration has not been changed. If it is changed, an option is given to save the new settings.
- Verify Expansion ROM Module This module compares all BIOS ROM extensions (C000-DFFF) against the copies stored on the security device. This check is redundant if the ROMs have been removed from the computer. Reordering of the ROMs is possible when they are stored in the security device. The order of execution can therefore be easily chosen by the user. Partition Override Module
- the partition override module intercepts the Interrupt 13h (BIOS disk calls) and responds with the information stored in the Flash ROM on the security device. If a write is made to the partition table, master boot record or boot sectors, the physical write will occur and the amended sector will be read from then on. At the next boot the security device will warn the user of the change and offer save or recover options.
- Interrupt 13h BIOS disk calls
- New IDE hard disk drives support the SMART diagnostic mode.
- the security device uses this technology to check for errors and potential errors before they become critical hard.
- the security device can encrypt the hard drive using any selected encryption system.
- the module traps the 13h interrupt and encodes all read and write calls to the selected drive/partition.
- the security device can therefore access a network file server to obtain user authentication before allowing access to the hard drive of the protected computer. This provides a high level of security in server/client networks.
- This module checks and corrects the system time and date before any program accesses the system clock.
- the normal boot time can be used to present advertising information to the computer user.
- the advertisements may be stored in the Flash ROM on the security device. If the user accesses the Internet, the advertisement can be changed by downloading the latest advertisement from a secure file server.
- the boot manager module allows the user to select which non- secure operating system to load after the secure operating system completes the security tasks. Unlike known software programmes that offer this facility, the selection is made prior to the booting of any non- secure operating system. It is therefore impossible to corrupt the partition table because the information is stored in the protected part of the Flash ROM on the security device. Virus Scan Module
- the virus scan module loads a run time component of a third party virus package.
- the module may access data stored on a local hard drive to perform checksums or obtain virus signatures.
- the virus scanner is loaded by the non-secure operating system. If a virus has infected the master boot record, the boot sector or the boot files, it will be loaded and run before the virus scanner has loaded. In some cases this will allow the virus to hide, and could destroy the data on the computer.
- the virus scan module detects viruses before the non-secure operating system (or systems) is loaded. Update Module
- the secure operating system and executable files stored in the configurable memory of the security device can be updated without risk.
- updates can be downloaded from a secure server. These can be keyed to the security protocols resident in the security device.
- the read/write sectors of the configurable memory (2 Mb in the embodiment of FIG 5) store the updates until the next power on event (or reset event). The updates are then integrity checked before being written to the secure segments of the configurable memory.
- the updates are stored on the hard drive (or other storage device) but otherwise the same format is followed.
- each security device will have a unique identifier that will be read before access is allowed to a secure server.
- the security tracking module allows the location of every computer utilising the security device to be ascertained when the computer is connected to the Internet. This feature can be useful to track a stolen machine. The next time the user of the stolen machine accesses the Internet, the identifier can be read and the location determined from the identity of the ISP and the telephone number of the user.
- the security device is loaded to occupy the first memory location available after the video BIOS.
- the desired memory location may be occupied by another device, such as a SCSI card.
- the security device intercepts the BIOS, copies the existing expansion ROMs, and writes its own address to all expansion KUM memory locations. Control is then returned to the BIOS and the BIOS checks for expansion ROMs.
- the BIOS finds the security device at the first memory location after the video card, and control is taken by the security device.
- the security device then reconfigures the addresses of the other expansion ROMs so that when control is passed back to the BIOS the other expansion ROMs are found and loaded normally.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002386805A CA2386805A1 (en) | 1999-10-08 | 2000-10-06 | Security card |
GB0208740A GB2371656A (en) | 1999-10-08 | 2000-10-06 | Security card |
AU78905/00A AU7890500A (en) | 1999-10-08 | 2000-10-06 | Security card |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AUPQ3342 | 1999-10-08 | ||
AUPQ3342A AUPQ334299A0 (en) | 1999-10-08 | 1999-10-08 | Security card |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001027770A1 true WO2001027770A1 (en) | 2001-04-19 |
Family
ID=3817502
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/AU2000/001213 WO2001027770A1 (en) | 1999-10-08 | 2000-10-06 | Security card |
Country Status (4)
Country | Link |
---|---|
AU (1) | AUPQ334299A0 (en) |
CA (1) | CA2386805A1 (en) |
GB (1) | GB2371656A (en) |
WO (1) | WO2001027770A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007097700A3 (en) * | 2006-02-24 | 2007-10-25 | Projectmill Ab | Method and system for secure software provisioning |
WO2009005437A1 (en) | 2007-06-29 | 2009-01-08 | Oniteo Ab | Method and system for secure hardware provisioning |
EP1669863A3 (en) * | 2004-12-09 | 2009-01-14 | Samsung Electronics Co., Ltd. | Secure booting apparatus and method |
EP2729893A1 (en) * | 2011-07-06 | 2014-05-14 | F-Secure Corporation | Security method and apparatus |
EP2735969A1 (en) * | 2012-11-27 | 2014-05-28 | Oberthur Technologies | Electronic assembly including a deactivation module |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4975950A (en) * | 1988-11-03 | 1990-12-04 | Lentz Stephen A | System and method of protecting integrity of computer data and software |
US5121345A (en) * | 1988-11-03 | 1992-06-09 | Lentz Stephen A | System and method for protecting integrity of computer data and software |
GB2304213A (en) * | 1995-08-10 | 1997-03-12 | Samsung Electronics Co Ltd | Safeguarding hard drive data and preventing certain user input |
WO1998015086A1 (en) * | 1996-09-30 | 1998-04-09 | Intel Corporation | Secure boot |
US5742758A (en) * | 1996-07-29 | 1998-04-21 | International Business Machines Corporation | Password protecting ROM based utilities in an adapter ROM |
-
1999
- 1999-10-08 AU AUPQ3342A patent/AUPQ334299A0/en not_active Abandoned
-
2000
- 2000-10-06 GB GB0208740A patent/GB2371656A/en not_active Withdrawn
- 2000-10-06 CA CA002386805A patent/CA2386805A1/en not_active Abandoned
- 2000-10-06 WO PCT/AU2000/001213 patent/WO2001027770A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4975950A (en) * | 1988-11-03 | 1990-12-04 | Lentz Stephen A | System and method of protecting integrity of computer data and software |
US5121345A (en) * | 1988-11-03 | 1992-06-09 | Lentz Stephen A | System and method for protecting integrity of computer data and software |
GB2304213A (en) * | 1995-08-10 | 1997-03-12 | Samsung Electronics Co Ltd | Safeguarding hard drive data and preventing certain user input |
US5742758A (en) * | 1996-07-29 | 1998-04-21 | International Business Machines Corporation | Password protecting ROM based utilities in an adapter ROM |
WO1998015086A1 (en) * | 1996-09-30 | 1998-04-09 | Intel Corporation | Secure boot |
Non-Patent Citations (1)
Title |
---|
WILLIAM A. ARBAUGH ET AL.: "A Secure and Reliable Bootstrap Architecture", UNIVERSITY OF PENNSYLVANIA, 2 December 1996 (1996-12-02), Retrieved from the Internet <URL:http://www.cis.upenn.edu/switchware/papers/aegis.pl> * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1669863A3 (en) * | 2004-12-09 | 2009-01-14 | Samsung Electronics Co., Ltd. | Secure booting apparatus and method |
US7681024B2 (en) | 2004-12-09 | 2010-03-16 | Samsung Electronics Co., Ltd. | Secure booting apparatus and method |
WO2007097700A3 (en) * | 2006-02-24 | 2007-10-25 | Projectmill Ab | Method and system for secure software provisioning |
US8694763B2 (en) | 2006-02-24 | 2014-04-08 | Oniteo Ab | Method and system for secure software provisioning |
WO2009005437A1 (en) | 2007-06-29 | 2009-01-08 | Oniteo Ab | Method and system for secure hardware provisioning |
US8762737B2 (en) | 2007-06-29 | 2014-06-24 | Oniteo Ab | Method and system for secure hardware provisioning |
EP2729893A1 (en) * | 2011-07-06 | 2014-05-14 | F-Secure Corporation | Security method and apparatus |
EP2729893A4 (en) * | 2011-07-06 | 2014-12-10 | F Secure Corp | Security method and apparatus |
EP2735969A1 (en) * | 2012-11-27 | 2014-05-28 | Oberthur Technologies | Electronic assembly including a deactivation module |
FR2998689A1 (en) * | 2012-11-27 | 2014-05-30 | Oberthur Technologies | ELECTRONIC ASSEMBLY COMPRISING A DEACTIVATION MODULE |
US9817972B2 (en) | 2012-11-27 | 2017-11-14 | Oberthur Technologies | Electronic assembly comprising a disabling module |
Also Published As
Publication number | Publication date |
---|---|
AUPQ334299A0 (en) | 1999-11-04 |
GB2371656A (en) | 2002-07-31 |
GB0208740D0 (en) | 2002-05-29 |
CA2386805A1 (en) | 2001-04-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1022655B1 (en) | Computer with bootable secure program | |
KR100938305B1 (en) | High integrity firmware | |
US5537540A (en) | Transparent, secure computer virus detection method and apparatus | |
US6993649B2 (en) | Method of altering a computer operating system to boot and run from protected media | |
US6915420B2 (en) | Method for creating and protecting a back-up operating system within existing storage that is not hidden during operation | |
US6546489B1 (en) | Disk drive which provides a secure boot of a host computer system from a protected area of a disk | |
US5802277A (en) | Virus protection in computer systems | |
US8028174B2 (en) | Controlling update of content of a programmable read-only memory | |
US8868933B2 (en) | Persistent servicing agent | |
JP4510945B2 (en) | Method and system for providing custom software images to a computer system | |
US7330977B2 (en) | Apparatus, system, and method for secure mass storage backup | |
JP6054908B2 (en) | Method for repairing variable sets, computer program and computer | |
EP3627368B1 (en) | Auxiliary memory having independent recovery area, and device applied with same | |
WO2003048944A1 (en) | Virtual data storage (vds) system | |
JP2011503689A (en) | Computer storage device having removable read-only area and read / write area, removable media component, system management interface, and network interface | |
SG193100A1 (en) | Authentication device and authentication method | |
US6405311B1 (en) | Method for storing board revision | |
KR100678974B1 (en) | Apparatus and method for security and user comfortability in rebooting computer system | |
WO2001027770A1 (en) | Security card | |
AU7890500A (en) | Security card | |
US7917952B1 (en) | Replace malicious driver at boot time | |
JP2005535003A (en) | A computer system capable of supporting multiple independent computing environments | |
Rankin | Knoppix Pocket Reference | |
Terzić et al. | BASIC INPUT/OUTPUT SYSTEM BIOS FUNCTIONS AND MODIFICATIONS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 10110074 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2386805 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 78905/00 Country of ref document: AU |
|
ENP | Entry into the national phase |
Ref country code: GB Ref document number: 200208740 Kind code of ref document: A Format of ref document f/p: F |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |