Original Publication Date: 2004-Oct-26
Included in the Prior Art Database: 2004-Oct-26
Currently, Thinkpads are planning to incorporate a fingerprint reader for preboot authentication (for BIOS' power on password and hardfile password). This is a great usability feature which enables people to use their fingerprint signature to gain access to the system rather than having to type in an alpha-numeric password via a keyboard. The unique fingerprint is associated with the preboot alpha-numeric password(s) and serves in its place, as long as they match (this particular fingerprint equals this particular alpha-numeric string). One new problem that this introduces is that when a fingerprint device becomes unavailable (needs replacing), the user will most likely not be able to recall their alpha-numeric password(s). Because there will have been a long time since the user actually used the POP or hardfile password string, most human beings will not remember what they were. This will have a serious and undesirable effect in most enterprises, equating with lost data and an unrecoverable hard drive that must simply be disposed of and replaced. This disclosure addresses a process which could help in getting around this problem. Known solutions: There is only one potential solution available typically today. Within a managed enterprise, the IT staff can define a PAP password for each PC in the enterprise, so that they can get by the users' power-on and hard file passwords to boot to the operating system or to change the users' BIOS passwords. This solution is not implemented in most large enterprises, including in IBM where a POP/HDD password is required by our IT policies for security reasons, because it is too onerous for the IT staff to deploy (must be hands-on in each system), and is itself a potential security risk. This solution also does not help the average user in self-managed large, medium, and small accounts or in individual enterprises.