Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Enabling Password Entry During POST from prior power-on session

IP.com Disclosure Number: IPCOM000021311D
Original Publication Date: 2004-Jan-13
Included in the Prior Art Database: 2004-Jan-13
Document File: 2 page(s) / 43K

Publishing Venue

IBM

Abstract

Disclosed is a system and method which enables booting of an OS that is password protected across multiple power-off to power-on transitions. There is no secure manner in which to transfer an Operating System (OS) user password from one power-up session on a computer to the next power-up session in order to allow a PC to wake up after being put to sleep and boot the OS without the physical presence of a user with knowledge of the required passwords. This invention provides a method and system that enables the capability to store a password or passwords securely and at the next power up, BIOS will be able to retrieve the stored passwords and enter the password as though they have been typed at the attached keyboard.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 2

Enabling Password Entry During POST from prior power-on session

Disclosed is a system and method which enables booting of an OS that is password protected across multiple power-off to power-on transitions. There is no secure manner in which to transfer an Operating System (OS) user password from one power-up session on a computer to the next power-up session in order to allow a PC to wake up after being put to sleep and boot the OS without the physical presence of a user with knowledge of the required passwords. This invention provides a method and system that enables the capability to store a password or passwords securely and at the next power up, BIOS will be able to retrieve the stored passwords and enter the password as though they have been typed at the attached keyboard. Described below is the transfer of the OS user log-on password from one power on session to another.

The typical computer system comes with the capability to install a power-on password (POP); a setup password also known as the administrative or privileged access password (PAP) and an Operating System user password. The user is not required to install any password if they so choose. However, in this era of concern over the security of sensitive data, most corporations, companies and small business install at least one, if not all, of the system passwords. These business entities require their users to maintain the passwords and several institutions have even established time periods or a password expiration policy whereby the passwords must be frequently changed. The passwords must also not be obvious. This can be accomplished by requiring passwords be composed of a certain number of characters and numbers. This invention addresses the inability to remotely provide the operating system user password (OSUP) or passing the OSUP from one power-on session to the next if someone with physical presence with knowledge of the password is in the immediate vicinity of the client or workstation is not present.

A mailbox mechanism has been used in IBM clients for passing a command from one power-on session to the next power-on session for use by the BIOS startup routine, also known as Power On Self Test (POST). This invention relies upon the use of this secure mailbox mechanism and introduces a new command. Also, modification of the System Management Interrupt (SMI) service routine is required to support this invention.

The new command directs POST to access the packet containing the new command in one of the mailbox entries, typically there are three (3) but there is no limit architecturally. POST will follow the current mailbox method described above to verify the authenticity of the new command. If verified to be from an authorized source, POST will set an indicator for the SMI handler, once initialized, to pick up the...