[go: up one dir, main page]

TW530272B - BIOS for password management and the method thereof - Google Patents

BIOS for password management and the method thereof Download PDF

Info

Publication number
TW530272B
TW530272B TW89110675A TW89110675A TW530272B TW 530272 B TW530272 B TW 530272B TW 89110675 A TW89110675 A TW 89110675A TW 89110675 A TW89110675 A TW 89110675A TW 530272 B TW530272 B TW 530272B
Authority
TW
Taiwan
Prior art keywords
data
bios
random number
password
host bus
Prior art date
Application number
TW89110675A
Other languages
Chinese (zh)
Inventor
Yung-Ming Lin
Original Assignee
Integrated Technology Express
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Integrated Technology Express filed Critical Integrated Technology Express
Priority to TW89110675A priority Critical patent/TW530272B/en
Application granted granted Critical
Publication of TW530272B publication Critical patent/TW530272B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A BIOS chip for password management includes a first flash memory storing the internal BIOS data, a second flash memory storing the password data, and components integrating password management. When an external component is going to modify the BIOS data, the chip first generate a password data and stores it; then, conducting encryption process on the password data to generate an encrypted data and sending to the external component for decryption to recover as a decrypted data; finally, comparing the decrypted data with the original password data, then modifying the BIOS data if they are matched. Because the encryption process uses such as an asymmetric RSA engine, the virus cannot get the correct RSA key. Thus, the BIOS data can have more safe protection.

Description

經濟部智慧財產局員工消費合作社印製 530272 A7 6045twf.doc/008 B7 五、發明說明(h 本發明是有關於一種基本輸入輸出系統(Basie Input and Output System ; BIOS),且特別有關於一種具有常碼吕 理之BIOS及密碼管理BIOS之方法。 當我們一打開個人電腦電源後,電腦內部的中央處理機 (CPU)便會自動執行一連串的指令,這些指令所作的工作依 照功能大致可分成三類: 1 ·系統組態分析(System Configuration Analysis).为析 CPU型號、記憶體大小、軟、硬碟機的數量與型式、是否 安裝浮點運算器等,以作爲其他動作的重要參考。 2. 開機自我測試程式(POST ; Power On Self Test):測試 記憶體、晶片組、CMOS、儲存資料、鍵盤和磁碟機等硬體 狀態,若有錯誤則以訊息告之問題所在。 3. 載入作業系統:藉由一小段稱爲”Bootstrap Loader”的 程式,找出作業系統(如MS DOS、Window 95/98)在硬碟上 的位置並載入,之後便將控制權交給作業系統掌控’正式 結束開機動作。 上述追些指令組織起來的程式’我們稱它爲基本輸入 輸出系統(Basic Input and Output System ; BIOS)程式”,簡 稱”BIOS”。所以說BIOS係爲個人電腦開機後所執行的第 一道程式。倘若在開機過程中,無法正常跑完BIOS程式, 通常代表某些硬體可能有問題,應該先排除問題後,再繼 續操作,才能確保電腦處在最佳的運作狀態。 上述這些BIOS程式儲存在一快閃記憶體ROM(Flash ROM)晶片上,此種Flash ROM不但能夠隨時修改內容,而 且在關機後能維持不變,所以可以在每一次打開個人電腦 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) ---------訂---I----· *5^ · 530272 A7 R7 6045twf. doc/008 五、發明說明(>) 電源後就自動執行。但也因爲能夠隨時修改內容,所以容 易受到病毒攻擊後而遭到修改,使得系統受到損壞而無法 回復。 有鑒於此,本發明就是在提供一種密碼管理之BIOS及 其方法,利用一整合密碼管理之元件,來產生一密碼資料 進行儲存,並同時以非對稱性之RSA引擎或對稱性之數據 加常標準(Data Encryption Standard ;DES)引擎來作加密處 理,然後再送到外部元件解密還原成解密資料,最後再送 回與密碼資料檢驗相符後,才可進行BIOS資料修改。 本發明所提供之一種密碼管理之BIOS晶片,用來對一 外部元件所輸入的一修改命令進行檢驗後,再判斷是否接 收外部元件之一修改BIOS資料。 本發明之密碼管理之BIOS晶片包括由第一快問記憶 體、第二快閃記憶體以及整合密碼管理之元件所構成。^ 中上述第一快閃記憶體用以儲存一內部BI〇S資料,而第二 快閃記憶體用以儲存一密碼資料。至於整合密碼管理之元 件則連接外部元件、第一快閃記憶體與第二快閃記憶體, 並在接收修改命令後,產生密碼資料,並對密碼資料進行 加密處理產生一加密資料,然後再送到外部元件進行解密 斑原爲一解密資料,最後將解密資料與原先密碼資料檢験 相符後,再對內部BI0S資料以修改BI〇s資料取代。 上述的整合密碼管理之元件包括由一主機匯流排、—微 控制器、一隨機數目產生器以及一 RSA引擎或數據加密^ 準引擎所構成。其中,主機匯流排連接外部元件,用 收修改命令與修改BI0S資料,而微控制器連接主機匯流 -----^----^-----------訂---------線 (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 4 經濟部智慧財產局員工消費合作社印製 530272 A7 6 04 5 twf. doc/00 8 B7 五、發明說明(、) 排,用以接收從主機匯流排之修改命令後,送出一請求驗 證命令,另外隨機數目產生器爲連接在微控制器,用以接 收請求驗證命令後,產生一第一隨機數目,至於RSA引擎 或數據加密標準引擎,則連接隨機數目產生器與主機匯流 排,用以接收第一隨機數目後,產生一 RSA加密資料或數 據加密標準資料,再經主機匯流排送到外部元件,進行角军 密還原爲一第二隨機數目,最後再將第二隨機數目與原先 第一隨機數目檢驗相符後,再對內部BIOS資料以修改Bl〇s 資料取代。 此外本發明亦提供一具有密碼管理BIOS之方法,當— 外部元件輸入的一修改命令時,判斷是否接收該外部元件 之一修改BIOS資料。 上述具有密碼管理BIOS之方法,包括下面步驟:首先, 儲存修改BIOS資料於一暫存器,接著產生一隨機碼並儲 存,然後對隨機碼進行加密處理產生一加密資料,接著送 出加密資料到外部元件,並使加密資料進行解密還原爲一 解密資料,最後將解密資料與原先儲存隨機碼檢驗,兩者 相符後,接收修改BIOS資料,若兩者不符,則不接收修改 BIOS資料。 上述,隨機碼產生可使用一隨機碼產生器,而對於隨機 碼進行加密處理產生一加密資料,可使用非對稱式加密的 RSA引擎或對稱式的數據加密標準引擎。 爲讓本發明之上述和其他目的、特徵、和優點能更明顯 易懂,下文特舉較佳實施例,並配合所附圖式,作詳細說 明如下: 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) ------:----Γ---4^^--------訂---------線 (請先閱讀背面之注咅?事項再填寫本頁} 530272 A7 6045twf. doc/008 B7 五、發明說明(0 ) 圖式之簡單說明: 第1圖繪示的是依照本發明一較佳實施例的一種密碼 管理之BIOS晶片。 圖式之標號說明: 1〇:密碼管理之BIOS晶片 12:第一快閃記憶體 14:第二快閃記憶體 15:整合密碼管理之元件 16: RSA引擎 18·· DES引擎 20:微處理器 22:隨機碼產生器 24:主機匯流排Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 530272 A7 6045twf.doc / 008 B7 V. Description of the invention (h This invention relates to a basic input and output system (BIOS), and in particular to a device with a basic input and output system (BIOS) Constant code Lu Li's BIOS and password management BIOS method. When we turn on the power of the personal computer, the central processing unit (CPU) inside the computer will automatically execute a series of instructions. The work done by these instructions can be roughly divided into three categories according to their functions: 1 · System Configuration Analysis. To analyze the CPU model, memory size, number and type of software and hard drives, whether to install floating point arithmetic, etc., as an important reference for other actions. Self-test program (POST; Power On Self Test): Tests the hardware status of memory, chipset, CMOS, stored data, keyboard, and drive. If there is an error, the problem is reported with a message. 3. Load operation System: Use a small program called "Bootstrap Loader" to find out the position of the operating system (such as MS DOS, Window 95/98) on the hard disk. And load it, and then give control to the operating system to control the formal end of the boot action. The program organized by the above instructions is called “Basic Input and Output System (BIOS) program”, for short "BIOS". So BIOS is the first program executed after the personal computer is booted. If the BIOS program cannot be run normally during the boot process, it usually means that some hardware may have a problem, and the problem should be eliminated first. Then continue the operation to ensure that the computer is in the best operating state. The above BIOS programs are stored on a Flash ROM (Flash ROM) chip. This Flash ROM can not only modify the content at any time, but also maintain it after shutdown. The same, so you can open the personal computer every time the paper size of this paper applies Chinese National Standard (CNS) A4 specifications (210 X 297 mm) (Please read the precautions on the back before filling this page) ------- --Order --- I ---- · * 5 ^ · 530272 A7 R7 6045twf. Doc / 008 V. Description of the invention (>) It will be executed automatically after power supply. However, it can also modify the content at any time. It is easy to be modified after being attacked by a virus, so that the system is damaged and cannot be restored. In view of this, the present invention is to provide a password management BIOS and a method for generating a password data using an integrated password management component Store it, and use the asymmetric RSA engine or symmetric Data Encryption Standard (DES) engine for encryption processing, then send it to external components to decrypt and restore it to decrypted data, and then send it back to check the password data. Only after they match, can the BIOS data be modified. A password management BIOS chip provided by the present invention is used to check a modification command input by an external component, and then to determine whether to receive one of the external components to modify the BIOS data. The password management BIOS chip of the present invention includes a first flash memory, a second flash memory, and an integrated password management component. ^ The above first flash memory is used to store an internal BIOS data, and the second flash memory is used to store a password data. As for the integrated password management component, it connects external components, the first flash memory and the second flash memory. After receiving the modification command, it generates password data, and encrypts the password data to generate an encrypted data, and then sends it. Go to the external component to decrypt the original source as a decrypted data. Finally, after the decrypted data matches the original password data, the internal BIOS data is replaced with the modified BIOs data. The above-mentioned integrated password management components include a host bus, a microcontroller, a random number generator, and an RSA engine or a data encryption standard engine. Among them, the host bus is connected to external components, and the modify command and modify the BI0S data are received, and the microcontroller is connected to the host bus ----- ^ ---- ^ ----------- Order-- ------- line (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 4 Printed by the Employee Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 530272 A7 6 04 5 twf. Doc / 00 8 B7 V. Description of the invention (,) row, used to receive a modification command from the host bus, send a request verification command, and a random number generator is connected to the microcontroller, after receiving the request verification command To generate a first random number. As for the RSA engine or data encryption standard engine, the random number generator and the host bus are connected to receive the first random number to generate an RSA encrypted data or data encryption standard data, and then The host bus is sent to the external components, and the angular military secret is restored to a second random number. Finally, after the second random number matches the original first random number check, the internal BIOS data is replaced with modified B10s data. In addition, the present invention also provides a method for managing the BIOS with a password. When a modification command is input by an external component, it is judged whether one of the external components is received to modify the BIOS data. The above method for managing the BIOS with a password includes the following steps: first, storing and modifying the BIOS data in a temporary register, then generating and storing a random code, and then encrypting the random code to generate encrypted data, and then sending the encrypted data to the outside Component, and decrypt the encrypted data to restore the decrypted data. Finally, the decrypted data is checked with the original stored random code. After the two match, the modified BIOS data is received. If the two do not match, the modified BIOS data is not received. As mentioned above, a random code generator can be used to generate the random code, and the encrypted data can be encrypted by using the asymmetric encryption RSA engine or the symmetric data encryption standard engine. In order to make the above and other objects, features, and advantages of the present invention more comprehensible, the preferred embodiments are described below in conjunction with the accompanying drawings, and described in detail as follows: This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 public love) ------: ---- Γ --- 4 ^^ -------- order --------- line (please read first Note on the back? Matters should be filled out on this page} 530272 A7 6045twf. Doc / 008 B7 V. Description of the invention (0) Brief description of the diagram: Figure 1 shows a password according to a preferred embodiment of the present invention Management of the BIOS chip. Symbol description of the figure: 10: Password management BIOS chip 12: First flash memory 14: Second flash memory 15: Integrated password management component 16: RSA engine 18 ... DES Engine 20: Microprocessor 22: Random code generator 24: Host bus

26: ROM 28:內部匯流排 3〇:外部元件 實施例 由於BIOS程式儲存在一快閃記憶體R0M(FlaSh ROM) 晶片上,能夠隨時修改內容,所以也容易受到病毒攻擊後 而遭到修改下,使得系統受到損壞而無法回復。因此我們 以產生一密碼資料,再以非對稱性之RSA引擎或對稱性之 數據加密標準(Data Encryption Standard ;DES)引擎來作力口 密處理,然後送到外部元件解密還原成解密資料,在再送 回與密碼資料檢驗相符後,才進行BIOS資料修改。所以可 以有效的提高BIOS晶片的安全度, 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) 訂---------線· 經濟部智慧財產局員工消費合作社印製 經濟部智慧財產局員工消費合作社印製 530272 A7 6045twf.doc/008 B7 五、發明說明(s) 請參照第1圖,其繪示的是依照本發明一較佳實施例的 一種密碼管理之BIOS晶片。 在圖中,本發明之密碼管理之BIOS晶片10內包括一第 一快閃記憶體12、第二快閃記憶體14、整合密碼管理之元 件15所構成。其中上述整合密碼管理之元件I5更包括一 RSA引擎16、DES引擎18、微處理器20、隨機碼產生器22、 主機匯流排24、ROM 26以及內部匯流排28所構成。上述第 一快閃記憶體12用以儲存一內部BIOS資料,而第二快閃記 憶體則用以儲存一密碼資料。 首先,當位於密碼管理之BIOS晶片1〇外的外部元件30 輸入一修改命令WE#,則密碼管理之BIOS晶片10內部開始 進行檢驗通過後,才能接收外部元件30之修改BIOS資料(包 括位址與資料)。 在密碼管理之BIOS晶片10之主機匯流排24,接到修改 命令WE#時,微處理器20開始運作,將外部元件30之修改 BIOS資料儲存在一內部暫存器(圖中未顯示)內,同時微處 理器20利用隨機碼產生器22產生一隨機碼N。此隨機碼N經 由內部匯流排28送到第二快閃記憶體進行儲存,同時利用 RSA引擎16加密處理產生一加密資料RSA(N),或者DES引 擎18加密處理產生一加密資料DES(N),甚至兩者同時一齊 使用,更可增加安全性。 接著,將加密資料RSA(N)或加密資料DES(N)經由內部 匯流排28、主機匯流排24再送到外部元件30,然後等待外 部元件30之回應,外部元件30會對加密資料RSA(N)或 DES(N)進行解密還原爲一解密資料Ν’,然後再透過主機匯 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) :----:-----------訂---------線· (請先閱讀背面之注意事項再填寫本頁) 530272 A7 6045twf.doc/0Q8_B7 五、發明說明(c) 流排24與內部匯流排28傳送回去,而使解密資料N,與儲存 在第一快閃記憶體14之隨機碼N進行檢驗,若兩者相符後, 開始接收由外部元件3〇之修改BIOS資料,直到修改命令 WE#不存在,若兩者不符,則不接收修改BIOS資料。 在上述RSA引擎16加密處理產生一加密資料RSA(N), 或者DES引擎18加密處理產生一加密資料DES(N)作用下, 使得病毒無法得到正確的RSA關鍵碼或DES關鍵,所以不會 去修改BIOS資料。且在密碼管理之BIOS晶片10以RSA引擎 16加密處理產生一加密資料RSA(N),或者DES引擎18加密 處理產生一加密資料DES(N),然後再送到外部元件進行解 密後再送回來檢驗,在兩者相互檢驗下,更可確保進行修 改時的安全性。 雖然本發明已以較佳實施例揭露如上,然其並非用以 限定本發明,任何熟習此技藝者,在不脫離本發明之精神 和範圍內,當可作各種之更動與潤飾,因此本發明之保護 範圍當視後附之申請專利範圍所界定者爲準。 :----7-----------訂-------!線 4^ (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 8 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)26: ROM 28: Internal bus 30: External component embodiments Since the BIOS program is stored on a flash ROM (FlaSh ROM) chip, the content can be modified at any time, so it is also vulnerable to virus modifications , Making the system corrupted and unable to recover. Therefore, we use asymmetric RSA engine or symmetric Data Encryption Standard (DES) engine to generate a cryptographic data, and then perform confidential processing, and then send it to an external component to decrypt and restore the decrypted data. After returning the password data, the BIOS data is modified. Therefore, the security of the BIOS chip can be effectively improved. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page). Order ------ --- Line · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economics Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economics 530272 A7 6045twf.doc / 008 B7 V. Description of the invention (s) Please refer to Figure 1, which shows It is a password management BIOS chip according to a preferred embodiment of the present invention. In the figure, the password management BIOS chip 10 of the present invention includes a first flash memory 12, a second flash memory 14, and an element 15 for integrated password management. The above-mentioned integrated password management component I5 further includes an RSA engine 16, a DES engine 18, a microprocessor 20, a random code generator 22, a host bus 24, a ROM 26, and an internal bus 28. The first flash memory 12 is used to store internal BIOS data, and the second flash memory is used to store password data. First, when a modification command WE # is input to an external component 30 located outside the password-managed BIOS chip 10, the password management BIOS chip 10 starts to pass the verification and can receive the modified BIOS data (including the address of the external component 30). And information). When the host bus 24 of the password-managed BIOS chip 10 receives the modification command WE #, the microprocessor 20 starts to operate, and stores the modified BIOS data of the external component 30 in an internal register (not shown) At the same time, the microprocessor 20 uses the random code generator 22 to generate a random code N. The random code N is sent to the second flash memory for storage via the internal bus 28, and an encrypted data RSA (N) is generated by the RSA engine 16 encryption process, or an encrypted data DES (N) is generated by the DES engine 18 encryption process , Or even use both together for added security. Then, the encrypted data RSA (N) or encrypted data DES (N) is sent to the external component 30 via the internal bus 28 and the host bus 24, and then waits for a response from the external component 30. The external component 30 sends the encrypted data RSA (N) ) Or DES (N) for decryption and restoration to a decrypted data N ', and then remit the paper size through the host computer to the Chinese National Standard (CNS) A4 specification (210 X 297 mm): ----: ---- ------- Order --------- Line · (Please read the precautions on the back before filling in this page) 530272 A7 6045twf.doc / 0Q8_B7 V. Description of the invention (c) Flow bar 24 and The internal bus 28 is transmitted back, and the decrypted data N is checked with the random code N stored in the first flash memory 14. If the two match, the modified BIOS data from the external component 30 will be received until the modification. The command WE # does not exist. If the two do not match, the BIOS data will not be received. Under the effect of the RSA engine 16 encryption processing to generate an encrypted data RSA (N), or the DES engine 18 encryption processing to generate an encrypted data DES (N), the virus cannot get the correct RSA key or DES key, so it will not go Modify the BIOS information. And in the password management BIOS chip 10, an encrypted data RSA (N) is generated by the RSA engine 16 encryption processing, or the DES engine 18 is encrypted processing to generate an encrypted data DES (N), and then sent to external components for decryption and sent back for inspection. The mutual inspection can ensure the safety of the modification. Although the present invention has been disclosed as above with a preferred embodiment, it is not intended to limit the present invention. Any person skilled in the art can make various modifications and retouches without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of protection shall be determined by the scope of the attached patent application. : ---- 7 ----------- Order -------! Line 4 ^ (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 8 This paper size applies to China National Standard (CNS) A4 (210 X 297 mm)

Claims (1)

530272 C8 6Q45twf,doc/Q〇R___1)8_____ 六、申請專利範圍 1.一種密碼管理之BIOS晶片,用以對一外部元件所輸 入的一修改命令進行檢驗後,再判斷是否接收該外部元件 之一修改BIOS資料,包括: 一第一快閃記憶體,用以儲存一內部BIOS資料; 一第二快閃記憶體,用以儲存一密碼資料;以及 一整合密碼管理之元件,連接該外部元件、該第一快閃 記憶體與該第二快閃記憶體,用以接收該修改命令後,產 生該密碼資料,並對該密碼資料進行加密處理產生一加密 資料,然後再送到該外部元件進行解密還原爲一解密資 料,最後將該解密資料與原先該密碼資料檢驗相符後,再 對該內部BIOS資料以修改BIOS資料取代。 2·如申請專利範圍第1項所述之密碼管理之BIOS晶 片’其中該整合密碼管理之元件包括: 一主機匯流排,連接該外部元件,用以接收該修改命令 與該修改BIOS資料; 一微控制器,連接該主機匯流排,用以接收從該主機匯 流排之該修改命令後,送出一請求驗證命令; 一隨機數目產生器,連接該微控制器,用以接收請求驗 證命令後,產生一第一隨機數目;以及 一RSA引擎,連接該隨機數目產生器與主機匯流排,用 以接收該第一隨機數目後,產生一RSA加密資料,經該主 機匯流排送到外部元件,進行解密還原爲一第二隨機數 目,最後將該第二隨機數目與原先該第一隨機數目檢驗相 符後,再對s亥內部BIOS資料以修改biqs資料取代。 3 ·如申請專利範圍第1項所述之密碼管理之m〇s晶 9 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) --------訂---------線—泰 經濟部智慧財產局員工消費合作社印製 530272 l〇45twf.doc/〇〇8 A8 B8 C8 D8 經濟部智慧財產局員工消費合作社印製 六、申請專利範圍 片,其中該整合密碼管理之元件包括: 一主機匯流排,連接該外部元件,用以接收該修改命令 與該修改BIOS資料; 一微控制器,連接該主機匯流排,用以接收從該主機匯 流排之該修改命令後,送出一請求驗證命令, 一隨機數目產生器,連接該微控制器,用以接收請求驗 證命令後,產生一第一隨機數目;以及 一數據加密標準引擎,連接該隨機數目產生器與主機匯 流排,用以接收該第一隨機數目後,產生一數據加密標準 資料,經該主機匯流排送到外部元件,進行解密還原爲一 第二隨機數目,最後將該第二隨機數目與原先該第一隨機 數目檢驗相符後,再對該內部BIOS資料以修改BIOS資料取 代。 4.一種具有密碼管理BIOS之方法,當一外部元件輸入 的一修改命令時,判斷是否接收該外部元件之一修改BIOS 資料,包括下列步驟: 儲存修改BIOS資料於一暫存器; 產生一隨機碼並儲存; 對該隨機碼進行加密處理產生一加密資料; 送出加密資料到外部元件,並使加密資料進行解密還原 爲一解密資料;以及 將解密資料與原先儲存隨機碼檢驗,兩者相符後,接收 修改BIOS資料,若兩者不符,則不接收修改Bi〇s資料。 5 ·如申請專利範圍第4項所述之具有密碼管理BIOS之 方法,其中該隨機碼產生係使用一隨機碼產生器。 10 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) • · ϋ· ϋ ϋ ϋ ·ϋ I 一 0, I I ϋ ·ϋ i^i ϋ l I n I I n ϋ I 530272 6045twf.doc/008 A8 B8 C8 D8 六、申請專利範圍 6. 如申請專利範圍第4項所述之具有密碼管理B10 S之 方法,其中對該隨機碼進行加密處理產生一加密資料,係 使用一 RSA引擎。 7. 如申請專利範圍第4項所述之具有密碼管理BIOS之 方法,其中對該隨機碼進行加密處理產生一加密資料,係. 使用一數據加密標準引擎。 -------·—.—--------訂---------線 (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)530272 C8 6Q45twf, doc / Q〇R ___ 1) 8 _____ VI. Patent Application Scope 1. A password management BIOS chip, used to verify a modification command input by an external component, and then determine whether to accept one of the external components Modifying the BIOS data includes: a first flash memory to store an internal BIOS data; a second flash memory to store a password data; and an integrated password management component connected to the external component, The first flash memory and the second flash memory are used to generate the password data after receiving the modification command, and encrypt the password data to generate encrypted data, and then send the encrypted data to the external component for decryption. Restore the decrypted data, and finally, after the decrypted data matches the original password data, the internal BIOS data is replaced with modified BIOS data. 2. The password management BIOS chip according to item 1 of the scope of the patent application, wherein the integrated password management component includes: a host bus connected to the external component to receive the modification command and the modified BIOS data; a A microcontroller connected to the host bus to receive a modification command from the host bus and send a request verification command; a random number generator connected to the microcontroller to receive the request verification command, Generating a first random number; and an RSA engine, connecting the random number generator and the host bus, for receiving the first random number, generating RSA encrypted data, and sending the RSA encrypted data to the external component through the host bus for The decryption is restored to a second random number. Finally, after the second random number is matched with the original first random number check, the internal BIOS data of the Hai is replaced with modified biqs data. 3 · The password management m0s crystal as described in item 1 of the scope of patent application 9 This paper size is applicable to the Chinese National Standard (CNS) A4 specification (21 × 297 mm) (Please read the precautions on the back before filling (This page) -------- Order --------- Line—Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 530272 l〇45twf.doc / 〇〇8 A8 B8 C8 D8 Ministry of Economy Printed by the Intellectual Property Bureau's Consumer Cooperatives 6. Patent application scope film, in which the integrated password management components include: a host bus connected to the external component to receive the modification command and the modified BIOS data; a microcontroller , Connected to the host bus, used to receive the modification command from the host bus, and sent a request verification command, a random number generator connected to the microcontroller, used to receive the request verification command, a first A random number; and a data encryption standard engine, connecting the random number generator and the host bus, for receiving the first random number, generating a data encryption standard data, and the host bus The second random number is sent to an external component, decrypted and restored to a second random number, and finally the second random number matches the original first random number check, and then the internal BIOS data is replaced with modified BIOS data. 4. A method for managing a BIOS with a password. When a modification command is input by an external component, determining whether to receive one of the external components to modify BIOS data includes the following steps: storing the modified BIOS data in a register; generating a random Encrypt and store the random code; generate encrypted data by encrypting the random code; send the encrypted data to external components, and decrypt the encrypted data to restore it to a decrypted data; and verify the decrypted data with the original stored random code, after the two match To receive modified BIOS data. If the two do not match, do not receive modified Bi0s data. 5. The method with password management BIOS as described in item 4 of the scope of patent application, wherein the random code generation uses a random code generator. 10 This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling out this page) • · ϋ · ϋ ϋ ϋ I 0 0, II ϋ · ϋ i ^ i ϋ l I n II n ϋ I 530272 6045twf.doc / 008 A8 B8 C8 D8 6. Application for patent scope 6. The method with password management B10 S as described in item 4 of the scope of patent application, where the random The code is encrypted to generate an encrypted data, which uses an RSA engine. 7. The method with password management BIOS described in item 4 of the scope of patent application, wherein the random code is encrypted to generate encrypted data, which uses a data encryption standard engine. ------- · —.——---- Order --------- line (please read the precautions on the back before filling this page) Employees of Intellectual Property Bureau of the Ministry of Economic Affairs The paper size printed by the cooperative applies the Chinese National Standard (CNS) A4 (210 X 297 mm)
TW89110675A 2000-06-01 2000-06-01 BIOS for password management and the method thereof TW530272B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW89110675A TW530272B (en) 2000-06-01 2000-06-01 BIOS for password management and the method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW89110675A TW530272B (en) 2000-06-01 2000-06-01 BIOS for password management and the method thereof

Publications (1)

Publication Number Publication Date
TW530272B true TW530272B (en) 2003-05-01

Family

ID=28787517

Family Applications (1)

Application Number Title Priority Date Filing Date
TW89110675A TW530272B (en) 2000-06-01 2000-06-01 BIOS for password management and the method thereof

Country Status (1)

Country Link
TW (1) TW530272B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102982265A (en) * 2011-09-07 2013-03-20 宏碁股份有限公司 Authentication method for setting access basic input/output system
TWI411934B (en) * 2009-05-05 2013-10-11 Via Tech Inc Data processing systems and password management methods and data reading and written methods thereof

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI411934B (en) * 2009-05-05 2013-10-11 Via Tech Inc Data processing systems and password management methods and data reading and written methods thereof
CN102982265A (en) * 2011-09-07 2013-03-20 宏碁股份有限公司 Authentication method for setting access basic input/output system
CN102982265B (en) * 2011-09-07 2015-05-20 宏碁股份有限公司 Authentication method for accessing BIOS settings

Similar Documents

Publication Publication Date Title
TW413988B (en) Cryptographic system
Parno et al. Memoir: Practical state continuity for protected modules
TWI245182B (en) Method, chipset, system and recording medium for responding to a sleep attack
Kuhn Cipher instruction search attack on the bus-encryption security microcontroller DS5002FP
JP5607546B2 (en) Method and apparatus for controlling system access during a protected mode of operation
JP4099039B2 (en) Program update method
CN1331017C (en) Safety chip
CN100403281C (en) A kind of hard disk data encryption method and device based on dynamic key
ES2737426T3 (en) Device and method of handling confidential data
JPS63128434A (en) Protection of software
JP2008052704A (en) Computer and shared password management method
CN114785503B (en) Cipher card, root key protection method thereof and computer readable storage medium
CN103246832B (en) Microprocessor chip with anti-copy function and recording system thereof
Gross et al. Enhancing the security of FPGA-SoCs via the usage of ARM TrustZone and a hybrid-TPM
Götzfried et al. Mutual authentication and trust bootstrapping towards secure disk encryption
CN111695164B (en) Electronic apparatus and control method thereof
JP4724107B2 (en) User authentication method using removable device and computer
TW530272B (en) BIOS for password management and the method thereof
Choudary et al. Infiltrate the vault: Security analysis and decryption of lion full disk encryption
Zhao et al. Gracewipe: Secure and Verifiable Deletion under Coercion.
CN113343215A (en) Embedded software authorization and authentication method and electronic equipment
JP2013037417A (en) Memory system, information processor, memory device, and memory system operation method
TW200931312A (en) Systems and methods for BIOS processing
JP7254753B2 (en) System and server equipment
Ashkenazi Security Features in the i. MX31 and i. MX31L Multimedia Applications Processors

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent
MM4A Annulment or lapse of patent due to non-payment of fees